They could be anywhere, but would most likely be a local unix server for the scenario we are discussing.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ASB Sent: Friday, November 19, 2004 1:39 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Why no AD integrated DNS secondary zones? And where are the resources that will be access when the DNS names have been resolved? -ASB On Fri, 19 Nov 2004 12:58:54 -0500, Ken Cornetet <[EMAIL PROTECTED]> wrote: > I don't want to forward because the remotes are on already > overburdened WAN links. > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Friday, November 19, 2004 12:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > How many new DCs are you adding per day/week/month? :) If I were > doing this, Stub or Secondaries would take a back-seat. I would be > investing in Conditional Forwarding. I would have all my other DNS > servers forward unresolved queries to one or (ideally) 2 of MY DNS > servers. On those 2 designated DNS servers, I will configure > Conditional Forwarders for all the foreign zones hosted on the Unix > boxen and specify the Unix boxes as the DNS servers to forward the > queries to. QED. No messing with secondaries or notify or such any > more from then on. > > When I introduce a new DC/DNS server into my environment, all I will > need to do is configure it to forward to MY designated DNS servers. > When I want to add more designated servers, I don't have to recreate > the conditionally-forwarded zones. They are stored in the registry of > the existing designated servers, so I will just go export and import > the hive as necessary. > > Of course, all my rants above is predicated on your designated DNS > servers being W2K3 servers. > > I don't think the problem of AD-intg secondaries is simply technical > feasibility. I think (shut up, Al :)) it is more of practicality. > Post-NT, you typically create secondaries for foreign zones [1]. Since > the zones you are secondarying are "foreign", I think storing those > foreign information in your AD is not a good idea. > > [1] > I disagree with Minasi's recommendation of creating secondaries of > every zones on every DNS server in a parent-child environment, but > that's out of the scope of this discussion. > > Sincerely, > > D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Ken Cornetet > Sent: Fri 11/19/2004 8:55 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > Because I have a couple of dozen remote DCs that serve DNS for their > locations. Our unix boxes are in a DNS zone that is handled by > bind/unix server. All of my DCs carry this zone as a secondary. > > This works fine, but it is a bit of a pain to maintain. I have to > remember to configure the zone on any new DCs, and I have to have the > unix guys add a "notify" line on the bind server for the new DCs (OK, > I don't HAVE to do the notify part...). Plus, replication of the zone > is handled by DNS instead of the much more efficient AD replication. > > Ever since laying eyes on w2k3 DNS server, I've always wondered why > the developers didn't allow for integrated secondaries. Don't get me > wrong, integrated stubs are great, but between the two, I'd have > thought integrated secondaries would have been the more desirable. I > just assumed I was missing some technical reason that made it > unfeasible. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, November 19, 2004 11:13 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > Because when it's integrated, there is no concept of "secondaries" as > we understood it to be in pre-2Kx world. It's there in AD, and any DC > can see and write to it. Now, if you are secondarying the zones on > another server located in another forest/network, why would you want > to store that info in your own AD. You will not be modifying that zone > locally on the secondary anyway. Or, are you intending to? > > Sincerely, > > D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Ken Cornetet > Sent: Fri 11/19/2004 6:56 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones? > > OK, integrated stub zones are cool, but I'm curious - why did MS stop > there? Why no integrated secondaries? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
