And where are the resources that will be access when the DNS names have been resolved?
-ASB On Fri, 19 Nov 2004 12:58:54 -0500, Ken Cornetet <[EMAIL PROTECTED]> wrote: > I don't want to forward because the remotes are on already overburdened WAN > links. > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL > PROTECTED] > Sent: Friday, November 19, 2004 12:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > How many new DCs are you adding per day/week/month? :) If I were doing this, > Stub or Secondaries would take a back-seat. I would be investing in > Conditional Forwarding. I would have all my other DNS servers forward > unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2 > designated DNS servers, I will configure Conditional Forwarders for all the > foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS > servers to forward the queries to. QED. No messing with secondaries or notify > or such any more from then on. > > When I introduce a new DC/DNS server into my environment, all I will need to > do is configure it to forward to MY designated DNS servers. When I want to > add more designated servers, I don't have to recreate the > conditionally-forwarded zones. They are stored in the registry of the > existing designated servers, so I will just go export and import the hive as > necessary. > > Of course, all my rants above is predicated on your designated DNS servers > being W2K3 servers. > > I don't think the problem of AD-intg secondaries is simply technical > feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT, > you typically create secondaries for foreign zones [1]. Since the zones you > are secondarying are "foreign", I think storing those foreign information in > your AD is not a good idea. > > [1] > I disagree with Minasi's recommendation of creating secondaries of every > zones on every DNS server in a parent-child environment, but that's out of > the scope of this discussion. > > Sincerely, > > D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Ken Cornetet > Sent: Fri 11/19/2004 8:55 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > Because I have a couple of dozen remote DCs that serve DNS for their > locations. Our unix boxes are in a DNS zone that is handled by bind/unix > server. All of my DCs carry this zone as a secondary. > > This works fine, but it is a bit of a pain to maintain. I have to remember to > configure the zone on any new DCs, and I have to have the unix guys add a > "notify" line on the bind server for the new DCs (OK, I don't HAVE to do the > notify part...). Plus, replication of the zone is handled by DNS instead of > the much more efficient AD replication. > > Ever since laying eyes on w2k3 DNS server, I've always wondered why the > developers didn't allow for integrated secondaries. Don't get me wrong, > integrated stubs are great, but between the two, I'd have thought integrated > secondaries would have been the more desirable. I just assumed I was missing > some technical reason that made it unfeasible. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Friday, November 19, 2004 11:13 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > Because when it's integrated, there is no concept of "secondaries" as we > understood it to be in pre-2Kx world. It's there in AD, and any DC can see > and write to it. Now, if you are secondarying the zones on another server > located in another forest/network, why would you want to store that info in > your own AD. You will not be modifying that zone locally on the secondary > anyway. Or, are you intending to? > > Sincerely, > > D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Ken Cornetet > Sent: Fri 11/19/2004 6:56 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > OK, integrated stub zones are cool, but I'm curious - why did MS stop there? > Why no integrated secondaries? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
