|
>>> The
AD-integrated DNS zones should be complete at each site, no? I say yes. But, there is
nothing in the book (AFAIK) that says you can’t mix and match. But the zones should be replicas, right? If
I add a record in one location, it gets replicated to the others. What about
differences in the Name Servers tab. Some Sites list certain servers; other
sites list different servers. >>>Should the
SOA and the Name Servers be the same at each site? “The same”,
meaning that the SOA on DNS1 and DNS2 should reference the same server? No.
DNS1 will be DNS1.whatever and DNS2 will be DNS2.whatever because they are each
authoritative for the zone and, therefore, consider themselves the “Start
of Authority” for that zone. Ack. Thanks. BTW: On a similar note, I am seeing what
seems odd in the _msdcs records. Under
Server1\Forward Lookup Zones\company.com\_msdcs\dc\_sites\
all of the sites are listed. Under _tcp are Sevice Locator records for _kerberos
and _ldap. The servers listed for these records do
not correspond to the servers in those sites. For example, server1.company.com
appears for those records in Site1, Site3, and Site5. Site2 has records for
servers that physically sit in other locations. This behavior is duplicated in _msdcs\gc\_sites. Again, I was just brought in on this. What
is going on here? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Ok. Some conflicting
responses. Just so I can sort this out in my little brain: I am aware of the island
issue and my practice has been to point to another site to promote, then change
it to point to itself. Why would you point to
another site as primary if there is poor connectivity? The AD-integrated DNS
zones should be complete at each site, no? Should the SOA and the Name Servers
be the same at each site? -- nme From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Agreed From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] In this
scenario, I’d recommend Primary to another and secondary to self. Deji From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Hi – I have just been brought into a situation
where a client has several poorly connected (VPN and slow connections to the
Internet) sites in a single W2k domain. Each site has a single DC that runs
AD-integrated DNS. Previously, most of the DCs had tombstoned. Microsoft walked
the in-house guy through demoting and re-promoting everything. The question is this: where should
each DC’s DNS point? I have always thought they should point to
themselves and only themselves. The DNS server forwards to the Internet (as
everything is poorly connected). The in-house tech said Microsoft told him to
point each DC’s primary DNS to the FSMO-role holder and then to itself as
secondary. Any thoughts? -- nme |
- RE: [ActiveDir] DNS should point to...? Noah Eiger
- RE: [ActiveDir] DNS should point to...? Jorge de Almeida Pinto
