The only thing that I would mention is that you'll always want at least two DCs active so there are two live, fully replicated copies of AD at any given time. The secondary DC can be virtualized on some other box, but you don't want to be w/o a live DC. I wouldn't ever do a domain unless I could have two DCs--even for my "pro-home" configuration.
I agree with using the .local TLD--it eliminates a lot of confusion. I, personally, like to use WINS even with DNS, with DNS to WINS forwarding enabled. This allows me to continue to require self-registrations into the AD-integrated DNS zone to be secure, but also allows non-domain machines to register in WINS so any machine can resolve their address. My DHCP lease includes the WINS address(es). My "pro-home" config is as such: DC1: static IP, pri DNS to itself and sec DNS to DC2, forwards to AT&T's multicast DNS pool DC2: static IP, pri DNS to itself and sec DNS to DC1, forwards to AT&T's multicast DNS pool Client: DHCP (I don't use static leases--too much overhead to maintain for my quantity of machines and the frequency in which they change), pri DNS to DC1, sec DNS to DC2, tri DNS to AT&T, WINS1 to DC1, WINS2 to DC2 I have another site connected via IPSec VPN w/o any DC. Because those machines are joined to the same domain and I don't want all DNS lookups from that site to travel over the VPN (but I want self-registration and the ability to resolve all domain members), I have a member server set up there that is a secondary DNS zone for my AD-integrated zone. Clients on that network are DHCP-configured as such: pri DNS to the member server at that location, sec DNS to DC1, tri DNS to RoadRunner, WINS1 to DC1, WINS2 to DC2. I also have some static, external IPs set up on some machines with persistent static routes, but that's probably too much to get in to. Greg > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:hardware- > [EMAIL PROTECTED] On Behalf Of DHSinclair > Sent: Tuesday, October 23, 2007 4:10 PM > To: The Hardware List > Subject: Re: [H] WINS Server? > > LOL! Actually, more like 4 weeks of reading and several > more query emails! Thank you for your patience. > This domain thing is really scary for me ATM. I do accept > that once I do it, I will whack myself stupid for all the fear.... > Let me re-read and cogitate. > > So, I could choose a domain name like: > crib.alpine.local > ??? > > Is there do's/don'ts for choosing a domain name? > Best, > Duncan > > At 15:29 10/23/2007 -0400, you wrote: > > >Ok, you have a 2K server which means you could have > >DHCP & DNS server process > >running on it if you want it, which would be my > >suggestion. It's a bit of > >reading and some work but pays off in the end! > > > >On every client machine I use DHCP & always get the > >same IP's thanks to lease > >reservations from the DHCP server. Can always find > >other systems thanks to a > >local DNS server & a local domain. > > > >A trick learned years ago was using ".local" for a > >domain. So like I can access > >my laptop share via "\\laptop.mydomain.local\share" > >for example. ".local" > >top-level domain does not exist on internet, thus > >won't resolve through any DNS > >server other than yours which is the only DNS server > >you talk to directly from > >inside the LAN. > > > >VERY generally speaking, my 2k server is a Domain > >Controller setup like this: > > > >NIC settings: IP & Preferred DNS same static IP AKA > >'points to itself'. > > > >DNS server: "Enable Forwarders" checked & IP's of > >Verizon's DNS servers filled in. > > > >DHCP server: Reservations by MAC address ensure > >dedicated IP's using DHCP. This > >also creates/updates the DNS server entries > >(forward/reverse) for each IP. > >Another benefit is you can push other settings via > >DHCP like default gateway, > >time server, mail server, etc... > > > >There are no other DHCP servers enabled (modem, > >router, etc...) on the LAN. > > > >I'm sure I've just set you up for about 2 weeks of > >reading Duncan! ;) > > > >DHSinclair wrote: > > > Ah,......not sure how to answer the 1st question. > > > It is an Intel dual P3-1G machine running Windows > > > 2000 Server. I do not think I use it as an FTP > >server, > > > a File server, a ??? server. I admit, I am a > >'server' noob! > > > > > > OK, so WINS is somehow linked to the use of a DNS > > > server? That would be a local DNS server on my > >local > > > server? > > > > > > Hmmm, I have all my clients pointed to the > > > suggested DNS servers for my area in the Bellsouth > > > network. I was using the Open DNS servers suggested > > > here some months back. It seems that ATT/Bellsouth > > > did not care for my using the Open DNS servers. I > >got > > > lots of questionable connects in my router's status > >log > > > last week. > > > > > > I suppose I really opened this can of worms because > >as I > > > was re-addressing all my NIC cards, they all bitched > >at me > > > if I left the WINS server addy blank! So, I just > >put in the net > > > addy of my local server. "Local' as in right here, > >18 inches > > > from where I sit and type this reply...... :) > > > > > > OK, there is that word 'domain' again. Recall that > >we spoke of > > > this before, but most of it went over my head. I > >parked the topic > > > until I could get the LAN re-addressed and BB > >working. > > > Now may be the time to grapple with it again. > > > I am clearly in over my head! LOL! > > > Best, > > > Duncan > > > > > > At 21:51 10/22/2007 -0400, j maccraw wrote: > > > > > >> What kind of server are you running? > > >> > > >> No need for WINS if you have your own DNS server > > >> running, even less so if > > >> running a windows domain and everyone is a member. > > >> > > >> DHSinclair wrote: > > >> > What is the service name I need to find on my > > >> server to deals with a > > >> > WINS Server? > > >> > > > >> > Can't find a similar service in the current > >stack. > > >> I have all my clients > > >> > pointed to my server as their "WINS Server." > > >> > > > >> > Is this OK? No, I have not created a domain yet. > >Do > > >> I need to? > > >> > Best, > > >> > Duncan > > >> > > > >> > > > >> > This email scanned for Viruses and Spam by > > >> ZCloud.net > > >> > > > >> > > > >> > > >> __________________________________________________ > > >> Do You Yahoo!? > > >> Tired of spam? Yahoo! Mail has the best spam > >protection around > > >> http://mail.yahoo.com > > > > > > > > > This email scanned for Viruses and Spam by > >ZCloud.net > > > > > > > > > >__________________________________________________ > >Do You Yahoo!? > >Tired of spam? Yahoo! Mail has the best spam protection around > >http://mail.yahoo.com > > > This email scanned for Viruses and Spam by ZCloud.net
