Ignore joe ... he's just an LDAP/DS purist ... as a general rule of thumb, keep the AD representative DNS zones within the directory configured to accept secure updates only. Use app. NCs or don't depending upon the forest's config., too many variables and much discussion for me right now on that one I'm afraid ... but suffice it to say that for me; I prefer app. NCs where possible.
-- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Wednesday, May 17, 2006 10:01 AM > To: [email protected] > Subject: RE: [ActiveDir] DNS on a DC or NOT > > SO you are concerned about overall load then. This is > something that is addressed in larger orgs often by > segregating the PDC off in its own logical site which is hung > off the main site it would normally be part of. That means it > will usually not be used for autocoverage of other WAN sites > and it will not become a large site bridgehead[1] and > naturally avoided by any Exchange in that site if Exchange > for some reason decides to beat on it due to some bad > decision by an Exchange admin during configuration. This is > especially helpful if you have a large legacy client load or > lots of stupid applications that are using the old NET API > (or WinNT provider) primarily which already overly target PDCs. > > joe > > > [1] I recall asking way back at the 2003 RAP/RDP conference > for a switch to say use all DCs but these special ones for > bridgeheads, I would rather manage exceptions than manage the > ones that are the ones to be used. Best is to be able to > specify either way. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Carlos Magalhaes > Sent: Wednesday, May 17, 2006 9:44 AM > To: [email protected] > Subject: Re: [ActiveDir] DNS on a DC or NOT > > Let me put that into perspective (and from reading the post > again I thought it came across), the blog entry refers to > networks with a large client load. > I don't mean do NOT have DNS on your server it recommends > (Option 2) releasing some of the load with the two registry > settings, i.e. > *LdapSrvPriority *and *LdapSrvWeight*.which is explained in > the entry :) > > These settings I have only ever used on large networks when I > have noticed a large amount of DNS traffic being routed to > the PDC DNS Service. :) > > Does that explain the post if not just let me know what more > information you need and I will explain it :) > > Carlos Magalhaes > > ASB wrote: > > Which blog entry... > > > > -ASB > > > > > > On 5/17/06, *Krenceski, William* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > I was reading Carlos's blog about not running DNS on the PDC > > emulator. It all makes perfect sense to not have DNS running on > > it. In my relatively small setup we have @60 servers, > 560pc's, on > > 8 networks (some remote some vlans). I have 2 DC's at > my main site > > with one at each remote site. All DC's are GC and DNS. I always > > thought that in order for DNS to work as AD integrated > you're DNS > > servers had to be DC's. If that is NOT true my face is red for > > believing so for so long. > > > > > > > > ** > > ** > > *William Krenceski* > > *Network Administrator* > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
