|
View Full Version : Multi-site DNS
Hello,
My company has five offices, which are all connected via VPN. We have one
domain - no parent or child domains - and a DC at each office. Should DNS on
each server be configured as Active Directory Integrated for both forward
and reverse lookup zones?
Also, each office has its own subnet. The forward lookup zone for all of the
DCs is our domain name, but the reverse lookup zone on each server lists the
subnet of the zone that the first DC is in (192.168.1.x). Is this a problem?
If so, how do I fix it?
Thanks!
Jeff
|
Rob Elder, MVP-Networking I always recommend AD integrated zones. That way the zone database is part
of AD replication. No need to worry about zone transfers or the extra
traffic they create.
Nothing wrong with your setup. One forward lookup zone for the domain. A
reverse zone for each of the IP subnets.
"Jeff Brooks-Manas" wrote in message
news:edLcEGo7DHA.2644@TK2MSFTNGP11.phx.gbl...
> Hello,
>
> My company has five offices, which are all connected via VPN. We have one
> domain - no parent or child domains - and a DC at each office. Should DNS
on
> each server be configured as Active Directory Integrated for both forward
> and reverse lookup zones?
>
> Also, each office has its own subnet. The forward lookup zone for all of
the
> DCs is our domain name, but the reverse lookup zone on each server lists
the
> subnet of the zone that the first DC is in (192.168.1.x). Is this a
problem?
> If so, how do I fix it?
>
> Thanks!
>
> Jeff
>
>
|
Thanks for your reply.
What's strange to me is that the reverse lookup zone on each DC lists the
data for the subnet of the first DC. It's not a reverse zone for each
subnet, it's one duplicated five times. I'm using Active Directory
Integrated for the reverse zones, too.
Thanks again!
Jeff
"Rob Elder, MVP-Networking" wrote in message
news:eObwLHr7DHA.804@tk2msftngp13.phx.gbl...
> I always recommend AD integrated zones. That way the zone database is
part
> of AD replication. No need to worry about zone transfers or the extra
> traffic they create.
>
> Nothing wrong with your setup. One forward lookup zone for the domain. A
> reverse zone for each of the IP subnets.
>
> "Jeff Brooks-Manas" wrote in message
> news:edLcEGo7DHA.2644@TK2MSFTNGP11.phx.gbl...
> > Hello,
> >
> > My company has five offices, which are all connected via VPN. We have
one
> > domain - no parent or child domains - and a DC at each office. Should
DNS
> on
> > each server be configured as Active Directory Integrated for both
forward
> > and reverse lookup zones?
> >
> > Also, each office has its own subnet. The forward lookup zone for all of
> the
> > DCs is our domain name, but the reverse lookup zone on each server lists
> the
> > subnet of the zone that the first DC is in (192.168.1.x). Is this a
> problem?
> > If so, how do I fix it?
> >
> > Thanks!
> >
> > Jeff
> >
> >
>
>
|
You have to create the reverse lookup zone for each subnet although you
probably don't need them
--------------------
>From: "Jeff Brooks-Manas"
>References:
>Subject: Re: Multi-site DNS
>Date: Sun, 8 Feb 2004 20:20:15 -0800
>Lines: 50
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#7imFQs7DHA.1052@TK2MSFTNGP12.phx.gbl>
>Newsgroups:
microsoft.public.win2000.setup,microsoft.public.win2000.networking
>NNTP-Posting-Host: 66-7-255-234.cust.telepacific.net 66.7.255.234
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.networking:54067
microsoft.public.win2000.setup:24418
>X-Tomcat-NG: microsoft.public.win2000.networking
>
>Thanks for your reply.
>
>What's strange to me is that the reverse lookup zone on each DC lists the
>data for the subnet of the first DC. It's not a reverse zone for each
>subnet, it's one duplicated five times. I'm using Active Directory
>Integrated for the reverse zones, too.
>
>Thanks again!
>
>Jeff
>"Rob Elder, MVP-Networking" wrote in message
>news:eObwLHr7DHA.804@tk2msftngp13.phx.gbl...
>> I always recommend AD integrated zones. That way the zone database is
>part
>> of AD replication. No need to worry about zone transfers or the extra
>> traffic they create.
>>
>> Nothing wrong with your setup. One forward lookup zone for the domain.
A
>> reverse zone for each of the IP subnets.
>>
>> "Jeff Brooks-Manas" wrote in message
>> news:edLcEGo7DHA.2644@TK2MSFTNGP11.phx.gbl...
>> > Hello,
>> >
>> > My company has five offices, which are all connected via VPN. We have
>one
>> > domain - no parent or child domains - and a DC at each office. Should
>DNS
>> on
>> > each server be configured as Active Directory Integrated for both
>forward
>> > and reverse lookup zones?
>> >
>> > Also, each office has its own subnet. The forward lookup zone for all
of
>> the
>> > DCs is our domain name, but the reverse lookup zone on each server
lists
>> the
>> > subnet of the zone that the first DC is in (192.168.1.x). Is this a
>> problem?
>> > If so, how do I fix it?
>> >
>> > Thanks!
>> >
>> > Jeff
>> >
>> >
>>
>>
>
>
>
__
Danny Slye
Microsoft Support Professional
MCSE
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
|
So should I turn off Zone transfers since I'm using AD integrated DNS?
Thanks!
Jeff
"Rob Elder, MVP-Networking" wrote in message
news:eObwLHr7DHA.804@tk2msftngp13.phx.gbl...
> I always recommend AD integrated zones. That way the zone database is
part
> of AD replication. No need to worry about zone transfers or the extra
> traffic they create.
>
> Nothing wrong with your setup. One forward lookup zone for the domain. A
> reverse zone for each of the IP subnets.
>
> "Jeff Brooks-Manas" wrote in message
> news:edLcEGo7DHA.2644@TK2MSFTNGP11.phx.gbl...
> > Hello,
> >
> > My company has five offices, which are all connected via VPN. We have
one
> > domain - no parent or child domains - and a DC at each office. Should
DNS
> on
> > each server be configured as Active Directory Integrated for both
forward
> > and reverse lookup zones?
> >
> > Also, each office has its own subnet. The forward lookup zone for all of
> the
> > DCs is our domain name, but the reverse lookup zone on each server lists
> the
> > subnet of the zone that the first DC is in (192.168.1.x). Is this a
> problem?
> > If so, how do I fix it?
> >
> > Thanks!
> >
> > Jeff
> >
> >
>
>
|
Yes, you can turn off zone transfers.
--------------------
>
>So should I turn off Zone transfers since I'm using AD integrated DNS?
>
>Thanks!
>
>Jeff
>
>"Rob Elder, MVP-Networking" wrote in message
>news:eObwLHr7DHA.804@tk2msftngp13.phx.gbl...
>> I always recommend AD integrated zones. That way the zone database is
>part
>> of AD replication. No need to worry about zone transfers or the extra
>> traffic they create.
>>
>> Nothing wrong with your setup. One forward lookup zone for the domain.
A
>> reverse zone for each of the IP subnets.
>>
>> "Jeff Brooks-Manas" wrote in message
>> news:edLcEGo7DHA.2644@TK2MSFTNGP11.phx.gbl...
>> > Hello,
>> >
>> > My company has five offices, which are all connected via VPN. We have
>one
>> > domain - no parent or child domains - and a DC at each office. Should
>DNS
>> on
>> > each server be configured as Active Directory Integrated for both
>forward
>> > and reverse lookup zones?
>> >
>> > Also, each office has its own subnet. The forward lookup zone for all
of
>> the
>> > DCs is our domain name, but the reverse lookup zone on each server
lists
>> the
>> > subnet of the zone that the first DC is in (192.168.1.x). Is this a
>> problem?
>> > If so, how do I fix it?
>> >
>> > Thanks!
>> >
>> > Jeff
>> >
>> >
>>
>>
>
>
>
__
Danny Slye
Microsoft Support Professional
MCSE
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
|
|
|
|