RE: [ActiveDir] DNS vs. Hosts File

[joe]

The more I think about this this and try to see "the boss's" viewpoint, the more I wonder if "the boss" is picking up on the overall vibe of the community about how important DNS is and the fact that so many issues are tracked back to DNS Issues.   If that is the case, you will want to let your boss know that it isn't so much DNS failing generally that is the majority of "DNS" Issues with AD. It is poor and incorrect configuration of DNS or a poor overall DNS architecture design for an environment that tends to be the main DNS issue to hurt AD. If you have a proper DNS design, the DNS Servers are properly configured, and you manage your environment well, DNS really shouldn't be any more issue than say a properly configured and running WINS Service[1].    Sort of along the lines of how Windows is so unsafe and is easily compromised by viruses, spyware, etc only there are people out there running it safely who have never had an issue with any of that.     [1]  I sometimes I think this is a rare bird though. However I have found a striking coincidence that many people who had screwed up WINS setups have trouble getting DNS right as well. I think the concept of name resolution is completely foreign to some people. Those are the ones that say the server isn't responding and you say... Are you having an issue resolving the name or is the server actually not responding to your requests... And they look at you like you are from venus and say... huh.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, May 05, 2005 5:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS vs. Hosts File I guess an effective and very visual test would be to ask him if he feels safe with the HOST files and if he says yes, shut down all of the DNS Services.   That will quickly end any debate I think.      joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Thursday, May 05, 2005 4:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS vs. Hosts File Well, he said that he wanted it on domain controllers so that if DNS goes down that people can still log on. But that is not the case, right? People can logon to a DC in AD as long as that DC can query a GC, right?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Thursday, May 05, 2005 4:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS vs. Hosts File   Did you ask him if you could have the host file on his machine… that he MUST be using to browse the web with? DNS untrustworthy vs host file… bahaha   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Thursday, May 05, 2005 4:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS vs. Hosts File   Recently, one of my colleagues and I got into a discussion about DNS vs. hosts files in AD. He has configured the hosts file on all of our domain controllers (Windows 2000 AD in native mode) to point to other DCs. One of our DCs was moved to another site and the hosts file on a DC was not changed to point to the moved DC on its new subnet – this obviously resulted in NTFRS errors.   Anyway, after this I got into a discussion with my boss about the need of the hosts file in AD. It is my position that the hosts file is no longer necessary and should not really be used in AD and is only included for backward-compatibility, testing and for certain special instances. It is his position that DNS is untrustworthy and that the hosts file should be configured as a backup in case DNS goes down. My response to this was twofold – 1. the hosts file is queried before DNS so it is not really a backup, it is a primary method of name-resolution, plus, it does not support SRV records; 2. DNS is the foundation of AD and if it goes down, AD will not work correctly anyway. Plus, that is the reason for secondary DNS servers, of which we have several.   Could anyone point to any documentation that discusses the role of the hosts file in AD and also include your own opinions and comments. _________________________   Daniel DeStefano PC Support Specialist   IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300   www.iagr.net Measuring Ad Effectiveness on Television   The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.