I have been thinking on how to start after reading this, and especially the part of using a HOSTS for AD...backup purposes???
My first reaction: WHAT???!!! (I was enjoying a good sigar and it went out after reading this) A HOSTS file is nothing else than a static DNS HOSTNAME resolution method. AD itself (the DCs) and its clients (all domain members, w2k and up) NEED DNS to resolve hostnames but also to find services, through service records, on the network and to replicate (for DCs only). To replicate DCs lookup for the GUID of the inboundpartner in AD, then they try to resolve the GUID to a DNS hostname through DNS and after thath they try to resolve the DNS hostname to an IP address. Et voila you have replication over RPCs. For authentication purposes clients find DCs through the following srv records: * _ldap._tcp.dc._msdcs.<domain>.<domain> (for domain wide DC services) * _ldap._tcp.<site>._sites.dc._msdcs.<domain>.<domain> (for site wide DC services) Try to put that in a HOSTS file.. For backup purposes of still be able to do "something" always have at least to servers with the services needed. Like in 2 DCs, 2 DNS, 2 WINS, etc. You can place each service on its own server but you can also combine the services for cost saving and still have redundant services. If all the reactions of everyone that has posted to your thread still does not convince your boss, disable all available DNS services. DCs will not replicate anymore and clients/servers (W2K and up) will have a hard time finding DCs. Although not the best recommendation, sometimes it is needed to feel the pain to believe something. A long story but it always comes down to: No DNS?! -> No AD! (AD NEEDS DNS!) Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/5/2005 10:23 PM Subject: [ActiveDir] DNS vs. Hosts File Recently, one of my colleagues and I got into a discussion about DNS vs. hosts files in AD. He has configured the hosts file on all of our domain controllers (Windows 2000 AD in native mode) to point to other DCs. One of our DCs was moved to another site and the hosts file on a DC was not changed to point to the moved DC on its new subnet - this obviously resulted in NTFRS errors. Anyway, after this I got into a discussion with my boss about the need of the hosts file in AD. It is my position that the hosts file is no longer necessary and should not really be used in AD and is only included for backward-compatibility, testing and for certain special instances. It is his position that DNS is untrustworthy and that the hosts file should be configured as a backup in case DNS goes down. My response to this was twofold - 1. the hosts file is queried before DNS so it is not really a backup, it is a primary method of name-resolution, plus, it does not support SRV records; 2. DNS is the foundation of AD and if it goes down, AD will not work correctly anyway. Plus, that is the reason for secondary DNS servers, of which we have several. Could anyone point to any documentation that discusses the role of the hosts file in AD and also include your own opinions and comments. _________________________ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net <http://www.iagr.net/> Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
