The more I think about this this and try to see "the boss's" viewpoint, the more I wonder if "the boss" is picking up on the overall vibe of the community about how important DNS is and the fact that so many issues are tracked back to DNS Issues.If that is the case, you will want to let your boss know that it isn't so much DNS failing generally that is the majority of "DNS" Issues with AD. It is poor and incorrect configuration of DNS or a poor overall DNS architecture design for an environment that tends to be the main DNS issue to hurt AD. If you have a proper DNS design, the DNS Servers are properly configured, and you manage your environment well, DNS really shouldn't be any more issue than say a properly configured and running WINS Service[1].Sort of along the lines of how Windows is so unsafe and is easily compromised by viruses, spyware, etc only there are people out there running it safely who have never had an issue with any of that.[1] I sometimes I think this is a rare bird though. However I have found a striking coincidence that many people who had screwed up WINS setups have trouble getting DNS right as well. I think the concept of name resolution is completely foreign to some people. Those are the ones that say the server isn't responding and you say... Are you having an issue resolving the name or is the server actually not responding to your requests... And they look at you like you are from venus and say... huh.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of joe
Sent: Thursday, May 05, 2005 5:19 PM
To: [email protected]
Subject: RE: [ActiveDir] DNS vs. Hosts File
I guess an effective and very visual test would be to ask him if he feels safe with the HOST files and if he says yes, shut down all of the DNS Services.That will quickly end any debate I think.joe
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Dan DeStefano
Sent: Thursday, May 05, 2005 4:45 PM
To: [email protected]
Subject: RE: [ActiveDir] DNS vs. Hosts File
Well, he said that he wanted it on domain controllers so that if DNS goes down that people can still log on. But that is not the case, right? People can logon to a DC in AD as long as that DC can query a GC, right?
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Douglas M. Long
Sent: Thursday, May 05, 2005 4:36 PM
To: [email protected]
Subject: RE: [ActiveDir] DNS vs. Hosts File
Did you ask him if you could have the host file on his machine… that he MUST be using to browse the web with? DNS untrustworthy vs host file… bahaha
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Dan DeStefano
Sent: Thursday, May 05, 2005 4:24 PM
To: [email protected]
Subject: [ActiveDir] DNS vs. Hosts File
Recently, one of my colleagues and I got into a discussion about DNS vs. hosts files in AD. He has configured the hosts file on all of our domain controllers (Windows 2000 AD in native mode) to point to other DCs. One of our DCs was moved to another site and the hosts file on a DC was not changed to point to the moved DC on its new subnet – this obviously resulted in NTFRS errors.
Anyway, after this I got into a discussion with my boss about the need of the hosts file in AD. It is my position that the hosts file is no longer necessary and should not really be used in AD and is only included for backward-compatibility, testing and for certain special instances. It is his position that DNS is untrustworthy and that the hosts file should be configured as a backup in case DNS goes down. My response to this was twofold – 1. the hosts file is queried before DNS so it is not really a backup, it is a primary method of name-resolution, plus, it does not support SRV records; 2. DNS is the foundation of AD and if it goes down, AD will not work correctly anyway. Plus, that is the reason for secondary DNS servers, of which we have several.
Could anyone point to any documentation that discusses the role of the hosts file in AD and also include your own opinions and comments.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[1] I sometimes I think this is a rare bird though. However I have found a striking coincidence that many people who had screwed up WINS setups have trouble getting DNS right as well. I think the concept of name resolution is completely foreign to some people. Those are the ones that say the server isn't responding and you say... Are you having an issue resolving the name or is the server actually not responding to your requests... And they look at you like you are from venus and say... huh.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Very true. Name Resolution is some sort of mystery, apparently, given the number of botched configs I have witnessed...
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
On 5/5/05, joe <[EMAIL PROTECTED]> wrote:
- RE: [ActiveDir] DNS vs. Hosts File Jorge de Almeida Pinto
- Re: [ActiveDir] DNS vs. Hosts File ASB
