Announcement

Collapse
No announcement yet.

DNS Active Directory Integrated in multi-site environment.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Active Directory Integrated in multi-site environment.

    Hi,

    Besides the point of having DNS in a database and replicated automatically between the sites, is there a point to use AD Integrated DNS ? I would tend to not use this kind of configuration in a multi-site environment to prevent corruption of the DNS database. Autorizing zone transfer between the sites and having a copy on each sites looks to be the same to me, so maybe somebody could give the pros/cons about this ?

    Best regards,

    trep

  • #2
    Re: DNS Active Directory Integrated in multi-site environment.

    The pro is how it is replicated, as it uses the same replication model as AD.
    If you not use AD integrated, than replication will run along side and thus creating more overhead. Also each time an update occur the whole dns zone will be replicated to the other dns server, while in a ad integrated only updated or new objects are replicated.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: DNS Active Directory Integrated in multi-site environment.

      Is there a point to NOT use AD integreated? It's not like AD going corrupt is a common thing.

      Comment


      • #4
        Re: DNS Active Directory Integrated in multi-site environment.

        Originally posted by trep View Post
        Hi,

        Besides the point of having DNS in a database and replicated automatically between the sites, is there a point to use AD Integrated DNS ? I would tend to not use this kind of configuration in a multi-site environment to prevent corruption of the DNS database. Autorizing zone transfer between the sites and having a copy on each sites looks to be the same to me, so maybe somebody could give the pros/cons about this ?

        Best regards,

        trep
        yes there is a point for DNS Integration besides replication.
        1) Multiple Primary DNS. if it would not be AD integrated you have only One Primary and the rest are secondary DNS, how would the clients/servers on remote site register themselves in the DNS (A record)? they sure can't do it on a socandary DNS , and if you point them to use the Primary DNS then why bother making Secondaries in the 1st place.

        2) Primary/Secondary method means replication of DNS records are in the Method of "Zone Transfer" meaning every new record or a change that is made on the Primary it would replicated the entire zone to the Secondary (that is why it's called a "zone transfer"), waist of bandwidth to replicate the entire zone for every change, when it is in the AD only the record would be transferred to the DNS .

        As far as corruption goes i don't see the point , a dns corruption could also take place when it is not in the AD,
        (dns also has a DataBase File you know), if you wish you could export the zone to a file using dnscmd regardless is it's in the AD or not.
        you could always then Import it back whenever you want (in case of corruption).
        Last edited by Akila; 30th May 2008, 16:30.

        Comment


        • #5
          Re: DNS Active Directory Integrated in multi-site environment.

          Originally posted by Akila View Post
          how would the clients/servers on remote site register themselves in the DNS (A record)? they sure can't do it on a socandary DNS , and if you point them to use the Primary DNS then why bother making Secondaries in the 1st place.
          If you use Primary/Secondary model and point the client to a DNS server holding a secondary zone, the DDNS request will be relayed to Primary DNS and will succeed (if allowed)

          Originally posted by Akila View Post
          Primary/Secondary method means replication of DNS records are in the Method of "Zone Transfer" meaning every new record or a change that is made on the Primary it would replicated the entire zone to the Secondary (that is why it's called a "zone transfer"), waist of bandwidth to replicate the entire zone for every change, when it is in the AD only the record would be transferred to the DNS .
          BIND supports incremental zone transfers (IXFR - implementation of RFC1995): http://www.isc.org/sw/bind/arm93/Bv9...zone_transfers. Have never tested this on other DNS servers, but I'd expect that any enterprise level DNS would support this feature.

          MS DNS starting with W2K supports RFC1995, which defines the Incremental Zone Transfers protocol.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: DNS Active Directory Integrated in multi-site environment.

            What kind of corruption are you expecting? I can see many other reasons to not use AD integrated zones, but I would not put data corruption into the list.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: DNS Active Directory Integrated in multi-site environment.

              Originally posted by guyt View Post
              If you use Primary/Secondary model and point the client to a DNS server holding a secondary zone, the DDNS request will be relayed to Primary DNS and will succeed (if allowed)
              did not know that, thanks for the heads up


              Originally posted by guyt View Post
              BIND supports incremental zone transfers (IXFR - implementation of RFC1995): http://www.isc.org/sw/bind/arm93/Bv9...zone_transfers. Have never tested this on other DNS servers, but I'd expect that any enterprise level DNS would support this feature.

              MS DNS starting with W2K supports RFC1995, which defines the Incremental Zone Transfers protocol.
              I queued exactly what "Yaniv wineberg" (ADRAP Engineer) told us , so it must be that the Entier Zone is replicated rather then a Incremental Replication.
              I am sure he knows what he is talking about, correct me if I am wrong.
              BTW - if you look and the DNS Eventlog you would see that it actually transferred the Zone on an Update.
              Last edited by Akila; 31st May 2008, 22:31.

              Comment


              • #8
                Re: DNS Active Directory Integrated in multi-site environment.

                Originally posted by Akila View Post
                I queued exactly what "Yaniv wineberg" (ADRAP Engineer) told us , so it must be that the Entier Zone is replicated rather then a Incremental Replication.
                I am sure he knows what he is talking about, correct me if I am wrong.
                BTW - if you look and the DNS Eventlog you would see that it actually transferred the Zone on an Update.
                If there is something I have learned during the years spent in consulting, it is the fact that even greatest and brightest can be sometimes wrong, misunderstood or misinterpreted.

                Take a look at technet: http://technet.microsoft.com/en-us/l...on124121120120
                And scroll down a bit for a section on "Incremental Zone Transfer" and IXFR.

                The default BIND settings, when configured as master or slave for a zone, would indeed make the whole zone be transfered, but turning on IXFR on the BIND side would solve the issue.

                Transfer zone on Update is about NOTIFY packets - this does not necessary mean how the zone will be transfered - Primary can notify the SLAVE to initiate zone transfer. How the zone is transfered is up to the configuration in place.

                Update: There is even a KB describing issues with IXFR/AXFR when mixing BIND with MS DNS: http://support.microsoft.com/kb/912233
                Last edited by guyt; 1st June 2008, 08:39.
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  Re: DNS Active Directory Integrated in multi-site environment.

                  You always learn new thing

                  Comment

                  Working...
                  X