No announcement yet.

dns setup

  • Filter
  • Time
  • Show
Clear All
new posts

  • dns setup

    current - 150 locations - seperated by wan links of anything from 64k to 10mb - each site has one nt4 pdc - has some user data and one sql dbase - this is there need - each site although technically the same company are totally independant ie no file sharing etc. oh yes and currently it's 150 seperate domains - no trusts etc - each site has between 2 - 100 users
    he's what i want to do

    install a server at my main location
    2003 , AD , contain the forest fsmo's , AD integrated dns server forwarding to internet access server for any further upward resolution, this will be first server in forest - no data or anything on it

    at each site do a fresh 2003 server install (ie backup data and restore it)
    and join it to one domain - create a site for each physical location and create an ou for each location split into pc's and users - mainly for gpo ease etc

    make each server a GC - as i dont want checking for groups over wan this elevates the need of the inf master as well - there will be no universal groups etc - all their needs are the local sql dbase

    each server will be a dhcp server for local site

    dns - my big stumpler - do you put a dns server on each server - say three being ad ints and rest caching only or do you put say three in ad ints in at best links and then modify the ttl to say 8 hours or something

    obviously file security will have to be controlled and the gc at local site will allow and control local server authentication - and if local server is knackered will login is irrelevant as the sql will be off as well and this is their may priority

    all servers are rilo 2' ed off a seperate switch and power ring so can get physical remote connectivity at low level unless wan link down

    my main query is the dns setup

  • #2
    something isn't clear here....

    i don't see why can't you just work with proper AD Integrated zone.
    you will need to replicate your AD anyway...

    the question isn't your DNS, but your domain sub-delegation.
    are you sure you want one domain ? if so, use AD integrated zone, and every DC will be a DNS server as well (no need for messing with caching and rest of that nasty stuff).

    if you plan to deploy a forest with lots of child domains, you should delegeate a zone for each site, but still every DNS is AD integrated DNS server.

    that's my opinion....
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert