Announcement

Collapse
No announcement yet.

AD integrated DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD integrated DNS

    Okay here it goes:
    I'm implementing a new AD.
    The domain controllers will be virtualized using ESX. For DNS i want to use AD integrated DNS, but to preserve DNS replication even if ESX fails. So i install a additional DNS server on a physical server (Backup server). So i created a custom dns partition in AD, and set my dns zone to be replicated to "DNS Server Within DNS partition", where i sellected my customdns.dnszone.local.

    Now I have installed a dns server on the backup server, but when i run "dnsserver.domain.local /enlistdirectorypartition customdns.dnszone.local" it fails. What am i doing wrong?
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

  • #2
    Re: AD integrated DNS

    I'm not sure what you're trying to achieve with custom partitions etc. If you create an AD with Integrated DNS, then every Domain Controller can be made a DNS Server anyway and will then replicate DNS to every other DNS Domain Controller... so it doesn't matter a jot whether your domain controllers are running on ESX or metal. All you have to do is make your physical box a DNS server authoritative over that zone and it will replicate from AD automatically.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: AD integrated DNS

      When you use the default intergarted partition it will only replicate to domain controllers . My Backup server isn't a domain controller but a regular dns server, so it is not present in the replication scope. So i have to subscribe that DNS server to a appliaction partition to enable replication to this server.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: AD integrated DNS

        I think this is adding complexity where none is required. Unless there is something you haven't told us, there are actual advantages to having at least one of your DC's physical. If your ESX environment fails permanently as it stands, you have lost your entire forest. If you had ONE physical DC with the PDC Emulator role and make it a DNS server and a GC, your AD is safe against ESX failure. I can see no business or technical disadvantage to doing this, in the absence of further information.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: AD integrated DNS

          I was initially planning on using one physical domain controller, but through the limitation in the amount of servers, someone (higher profile) discouraged me into using a physical dc. He's argumentation is the low workload these domain controllers have to endure in small environment (300 users), which I have to acknowledge. So DC's are therefore virtualized.
          [Powershell]
          Start-DayDream
          Set-Location Malibu Beach
          Get-Drink
          Lay-Back
          Start-Sleep
          ....
          Wake-Up!
          Resume-Service
          Write-Warning
          [/Powershell]

          BLOG: Therealshrimp.blogspot.com

          Comment


          • #6
            Re: AD integrated DNS

            Well then I hope that your DCs are spread across a number of ESX hosts; because if they're on a single host your entire environment bears the whole risk at once.

            As to your original enquiry I have given what I believe to be the only sensible answer and I have never used partitions in this way so I shall gracefully retire from the thread due to lack of knowledge


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: AD integrated DNS

              Originally posted by Stonelaughter View Post
              Well then I hope that your DCs are spread across a number of ESX hosts; because if they're on a single host your entire environment bears the whole risk at once.

              As to your original enquiry I have given what I believe to be the only sensible answer and I have never used partitions in this way so I shall gracefully retire from the thread due to lack of knowledge
              The ESX is a 3 node cluster connected to an E.V.A..

              And i'm glad you have formulated an answer to my question, and your opinion support my initial idea about a physical domain controller.

              Thanks and much appriciated!
              Last edited by Killerbe; 3rd December 2007, 16:59.
              [Powershell]
              Start-DayDream
              Set-Location Malibu Beach
              Get-Drink
              Lay-Back
              Start-Sleep
              ....
              Wake-Up!
              Resume-Service
              Write-Warning
              [/Powershell]

              BLOG: Therealshrimp.blogspot.com

              Comment


              • #8
                Re: AD integrated DNS

                Originally posted by Killerbe View Post
                When you use the default intergarted partition it will only replicate to domain controllers . My Backup server isn't a domain controller but a regular dns server
                You have actually answered your own question
                Because the DNS server is not a DC, it does not have a mechanism for replicating LDAP partitions (it does not have LDAP server on it as it is not a DC).
                DNS itself does not have a mechanism for LDAP partition replication (it is DC's function). It *can* load the zone information from LDAP partition, but the LDAP partition has to be there via AD replication (read "DC role").

                If you want AD-integrated zone replicated to another DNS, it has to be a DC.
                Another option would be configuring the zone as secondary on the physical server.
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  Re: AD integrated DNS

                  Originally posted by guyt View Post
                  You have actually answered your own question
                  Because the DNS server is not a DC, it does not have a mechanism for replicating LDAP partitions (it does not have LDAP server on it as it is not a DC).
                  DNS itself does not have a mechanism for LDAP partition replication (it is DC's function). It *can* load the zone information from LDAP partition, but the LDAP partition has to be there via AD replication (read "DC role").

                  If you want AD-integrated zone replicated to another DNS, it has to be a DC.
                  Another option would be configuring the zone as secondary on the physical server.
                  Thats the only best way I think

                  Comment

                  Working...
                  X