James, that is excellent info. Luckily we don't have that many DC's : ) Anway, from what Deji and yourself mentioned to me, we'll stick with subzones and manually add the most logical NS records based on site and speed.
Thanks again. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 10, 2005 1:35 PM To: [email protected] Cc: [email protected]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] DNS - Stub Zones -vs- Referral Zones Hi Justin We discussed that here and determined that Auto Registration of NS records may cause a problem if the links are not the same speed. My understanding of DNS NS records is that they work round robin - so in our case our links to our DNS servers is anywhere from 64k to T3. When I do my cross domain lookup I may get the NS record for the DNS server on the T3 - which means a quick lookup. I may also get the NS record for the 64K link and my lookup will take a week and a half. In our case we limited our NS records to only include those DNS servers on fast links. We then made our entire root DNS zone Forest integrated. This shared the zone and delegation records to every single DC eliminating all the traffic that is going to the root sites to do Delegation record look ups. The initial replication of that forest zone was tough (we did it over a weekend and killed replication for a weekend) and it added some complications for bringing up new DCs (make a secondary zone for the root zone on the new DC, wait 24 hours for AD replication to send the full forest zone over to the new DC, restart the DNS service to load the zone as an AD zone out of AD rather then a secondary zone) but since then everything is working well. We have 140 DCs that all have DNS on them. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |---------+----------------------------------> | | [EMAIL PROTECTED]| | | com | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 03/10/2005 01:13 PM EST| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >------------------------------------------------------------------------- -----------------------------------------------------| | | | To: [email protected] | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] DNS - Stub Zones -vs- Referral Zones | >------------------------------------------------------------------------- -----------------------------------------------------| Hey everyone, DNS question: On our Forest Root DNS servers, in the root DNS forward lookup zone, there are sub zones (I think they are Referral Zones) for each sub-domain. In these sub-zones there are NS records for the DNS servers in each sub domain. For example: Root.company.com _msdcs _site _tcp _udp Subdomain1 (contains NS record: dc.subdomain1.rootdomain.com) Subdomain2 (contains NS record: dc.subdomain2.rootdomain.com) Would we be better off killing the sub zones and going with stub zones, if possible? Basically, we want to avoid manually changing the NS records. I think stubs are dynamically updated, could be wrong. Thanks, Jbl This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
