Hi Noah.
Having a DC point to itself as primary can create a replication problem.
If I change my DCs ip address, it will register in the primary DNS (itself)
with the updated ip address. It's replication partner - your DNS will then
go query itself for the ip address and get the old IP. Since all
replication is pull, and the default is that the zone is AD integrated and
shared among all DCs, your DC cannot update its DNS until it replicates,
and it cannot replicate until it updates it's DNS.
Having all DCs point at one DC (I have heard the first DC in the hub site
for the domain) means that at least one DC has the updated ip address of
every DC out there. Pointing at itself for secondary gives it name
resolution when the link is down.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
|---------+---------------------------------->
| | "Noah Eiger" |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org |
| | |
| | |
| | 03/29/2005 09:31 AM PST|
| | Please respond to |
| | ActiveDir |
|---------+---------------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: <[email protected]>
|
| cc: (bcc: James Day/Contractor/NPS)
|
| Subject: [ActiveDir] DNS should point to...?
|
>------------------------------------------------------------------------------------------------------------------------------|
Hi â
I have just been brought into a situation where a client has several poorly
connected (VPN and slow connections to the Internet) sites in a single W2k
domain. Each site has a single DC that runs AD-integrated DNS. Previously,
most of the DCs had tombstoned. Microsoft walked the in-house guy through
demoting and re-promoting everything.
The question is this: where should each DCâs DNS point? I have always
thought they should point to themselves and only themselves. The DNS server
forwards to the Internet (as everything is poorly connected). The in-house
tech said Microsoft told him to point each DCâs primary DNS to the
FSMO-role holder and then to itself as secondary.
Any thoughts?
-- nme
