The 'AD certified' bit It seems like an odd requirement to me. Seems sort of like requiring certification that your new car will be able to operate on roads. "Yeah, sure it'll operate, but can you certify it'll operate on roads? With actual lines on them?!" But who knows, maybe there's something I really just don't get.
Makes me wonder if a) I don't know something (likely :-) or b) someone unfamiliar with AD is "driving." While it's true that AD puts some special records in the zones, there isn't anything special about them to trouble a DNS service from someone like, say, Network Solutions. The only other source of trouble one might consider would be with queries from the clients - the Windows XP and Win7 workstations. And there isn't anything weird there. Except that when they get their leases from the DHCP server, they will try to register their new IP address with the DNS server. But they won't fall over if they can't. Really, your best bet is a second DC. How about a cost comparison? Calculate the cost of a hosted DNS service for three years and compare that with the cost of a second domain controller. Probably not too much difference. Then show them the added benefit in redundancy you get from having the second DC. Running with a single DC is just... uhm... risky. Best, Mike On Mon, Oct 4, 2010 at 9:41 AM, Dustin Puryear <[email protected]>wrote: > We're looking for a commercial provider of a service that is certified to > work with AD. We can easily bring up BIND or something similar. That's not > an issue. But I don't see any value in bringing up BIND ourselves, or using > a small, local IT firm, when there is already a large player that does this. > > Thanks everyone for your help. > > I appreciate it. > > -----Original Message----- > From: Ryan Dorman [mailto:[email protected]] > Sent: Sunday, October 03, 2010 6:21 PM > To: Dustin Puryear; David Magda > Cc: LOPSA Tech List; [email protected]; [email protected] > Subject: RE: [SAGE] Offsite DNS hosting for Active Directory > > I'd lean on the side of just firing up a FOSS/*NIX DNS server as the > secondary. > > The "AD-ness" of DNS revolves around SRV records in certain delegated > subzones. It allows for computers to say "OK, I'm in domain.xyz and I want > to find out where its IM server (for example) is." And then it does a lookup > for that service record and gets an A record back so it knows where to talk > to. > > What I'm hearing (reading?) you say is that you want general workstation > functionality in the case of DC outage. That most likely means they just > need to be able to get to servers and Internet sites which a standard > BINDish DNS server that had a slave copy of your AD zones would be able to > handle. > > > -rd > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Dustin Puryear > Sent: Friday, October 01, 2010 3:25 PM > To: David Magda > Cc: LOPSA Tech List; [email protected]; [email protected] > Subject: Re: [lopsa-tech] [SAGE] Offsite DNS hosting for Active Directory > > Well, the thing is we haven't tested it. If we can find a company that does > secondary DNS hosting and says "AD certified" then they would probably get > our money. :) > > -----Original Message----- > From: David Magda [mailto:[email protected]] > Sent: Friday, October 01, 2010 2:22 PM > To: Dustin Puryear > Cc: [email protected]; [email protected]; LOPSA Tech List > Subject: Re: [SAGE] Offsite DNS hosting for Active Directory > > On Fri, October 1, 2010 14:15, Dustin Puryear wrote: > > Anyone know of a DNS hosting service that is known to play well with > > hosting secondary DNS for AD DNS? > > > > And what are your thoughts on this in terms of security? Anyone using > > a hosting service to provide secondary DNS capabilities for internal DNS? > > If all you need is straight-DNS, why can't use any other DNS software? > Won't BIND, Unbound, etc. work if all you have to do is get zone updates > from the AD master and service DNS queries? > > Or am I missing something about AD DNS? > > > > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > This email and any attachments may contain confidential and proprietary > information of Blackboard that is for the sole use of the intended > recipient. If you are not the intended recipient, disclosure, copying, > re-distribution or other use of any of this information is strictly > prohibited. Please immediately notify the sender and delete this > transmission if you received this email in error. > > > _______________________________________________ > sage-members mailing list > [email protected] > http://mailman.sage.org/mailman/listinfo/sage-members > -- Mike Diehn Diehn Consulting, LLC Computer, Networks and Systems [email protected]
_______________________________________________ Tech mailing list [email protected] http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
