Announcement

Collapse
No announcement yet.

Two DCís and two DNSí Ė best practices

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Two DCís and two DNSí Ė best practices

    If I have one active directory domain and two domain controllers, what is the best practice to set up the two DNS-servers?

    DC1
    Primary zone of mydom.local
    DC2
    Primary zone of mydom.local

    OR

    DC1
    Primary zone of mydom.local
    DC2
    Secondary zone of mydom.local

    On the DC itself how should I configure the TCP/IP (DNS properties)?
    Should the DC use its own DNS-server as Preferred DNS server or
    Alternative DNS server (the other DC as preferred)?

    Best regards
    Martin

  • #2
    Re: Two DCís and two DNSí Ė best practices

    Hi Martin,

    Both DNS server should be active directory intergrated.

    DC1 should have DC1 as it's primary DNS server and DC2 as it's secondary
    DC2 should have DC2 as it's primary DNS server and DC1 as it's secondary

    Ensure both DC's are Global catlagiues as well.

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Two DCís and two DNSí Ė best practices

      Hi M90arm,

      What about the configuration of the DNS'servers itself?
      (primary/sec zones)?

      Best regards
      Martin

      Comment


      • #4
        Re: Two DCís and two DNSí Ė best practices

        Both Primary --> AD integrated.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Two DCís and two DNSí Ė best practices

          Just as an FYI have a read here:

          http://support.microsoft.com/kb/825036

          Comment


          • #6
            Re: Two DCís and two DNSí Ė best practices

            There is no single, correct way to configure where DCs point for DNS. As long as name resolution is fast, correct, and uses as little network bandwidth as possible, the solution is a good one. What you should focus on is developing and implementing a consistent methodology. Following are the most common methodologies chosen:
            * DC points to another DC (often in its site, if available), then to itself, and then potentially to a third server.
            * DC points to itself, then to another (often in its site, if available), and then potentially to a third server. One potential negative to this is that false errors will often be generated during a shutdown or startup because of race conditions while services are stopping or starting.
            * All DCs point to a single centralized server, then to themselves, and then potentially to a third server. This option allows all DCs to typically have a consistent view of the environment from a DNS perspective. It can also make it easier to troubleshoot certain issues.
            One thing I would recommend is that both DCs should be Primary DNS AD Integrated.

            BTW - Global Catalog has no role with DNS placement/configuration Decision as mentioned in one of the replies , one has nothing to do with the other.
            Last edited by Akila; 7th August 2008, 16:39.

            Comment


            • #7
              Re: Two DCís and two DNSí Ė best practices

              Originally posted by m80arm View Post
              Hi Martin,

              Both DNS server should be active directory intergrated.

              DC1 should have DC1 as it's primary DNS server and DC2 as it's secondary
              DC2 should have DC2 as it's primary DNS server and DC1 as it's secondary

              Ensure both DC's are Global catlagiues as well.

              Hope this helps

              Michael
              I m completely agree with the solution, and need to ensure that both should be primary DNS Ad Integrated. This will definitely solve the purpose.

              I am not sure why to make them GC as well, whereas Global Catalog has no role with DNS placement.
              Hari Shanker
              VCP, MCTS, MCSE 2003, MCSA:


              " Think beyond and you will go beyond."
              (Your thoughts create your reality. Widen your expectations and thought process and you'll be amazed at how thinking bigger will bring on bigger things.)

              Comment


              • #8
                Re: Two DCís and two DNSí Ė best practices

                For redundancy purposes you would make both GC's.
                Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                Comment


                • #9
                  Re: Two DCís and two DNSí Ė best practices

                  Originally posted by ]SK[ View Post
                  For redundancy purposes you would make both GC's.
                  But that wasn't the Question in this Post.
                  This post was talking about DNS, not Global Catalog.
                  Why not also tell them to make sure that both DCs are also WINS and DHCP!? they also need to be covered for redundancy!

                  Comment


                  • #10
                    Re: Two DCís and two DNSí Ė best practices

                    Advice isn't welcome then?

                    Would you only make one DC a GC then?
                    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                    Comment


                    • #11
                      Re: Two DCís and two DNSí Ė best practices

                      Originally posted by ]SK[ View Post
                      Advice isn't welcome then?

                      Would you only make one DC a GC then?
                      you got me wrong.
                      Advise is welcomed , but some time you need to confirm your comments to the situation in hand/asked.
                      my problem wasn't on the advise itself, but on how it was presented.
                      if some one is asking about "X",he expects for an answer on the "X" problem , not really on a "Y".
                      an Advise on "Y" is welcomed but when I ask about "X" I don't want to be mentioned about a "Y" as it is a prerequisite for problem "X" to be resolved.
                      and that is what happened here , some1 asked about DNS and a GC was "suggested" (not really suggested, it was more like Mandatory "Make sure both DCs are GC") in away telling the asker "you must have GCs on all DCs otherwise your DNS plan is worthless".
                      if you want to advise on the GC then please state "ohhh BTW it would be a good idea to have both your DCs a GC as well, not leaving only one DC as a GC".
                      "not presenting a GC as part of my DNS problem. -
                      and is you can see there was another one here that was wondering the same.
                      "How come a GC is needed for the DNS to Function?", it is not b/c of the Advise , it is how it was presented.
                      - that was my point here. -
                      Last edited by Akila; 9th August 2008, 15:24.

                      Comment


                      • #12
                        Re: Two DCís and two DNSí Ė best practices

                        Originally posted by Akila View Post
                        you got me wrong.
                        Advise is welcomed , but some time you need to confirm your comments to the situation in hand/asked.
                        my problem wasn't on the advise itself, but on how it was presented.
                        if some one is asking about "X",he expects for an answer on the "X" problem , not really on a "Y".
                        an Advise on "Y" is welcomed but when I ask about "X" I don't want to be mentioned about a "Y" as it is a prerequisite for problem "X" to be resolved.
                        and that is what happened here , some1 asked about DNS and a GC was "suggested" (not really suggested, it was more like Mandatory "Make sure both DCs are GC") in away telling the asker "you must have GCs on all DCs otherwise your DNS plan is worthless".
                        if you want to advise on the GC then please state "ohhh BTW it would be a good idea to have both your DCs a GC as well, not leaving only one DC as a GC".
                        "not presenting a GC as part of my DNS problem. -
                        and is you can see there was another one here that was wondering the same.
                        "How come a GC is needed for the DNS to Function?", it is not b/c of the Advise , it is how it was presented.
                        - that was my point here. -
                        I am sorry to say but this discussion seems leading somewhere else, Advice are always welcome and appriciated related to the situation but this should not create confusion b/w ongoing discussion (presented situation).

                        I did not see anything from Martin, seems his purpose has been solved.
                        Last edited by shankerhari; 11th August 2008, 06:04. Reason: Spelling error
                        Hari Shanker
                        VCP, MCTS, MCSE 2003, MCSA:


                        " Think beyond and you will go beyond."
                        (Your thoughts create your reality. Widen your expectations and thought process and you'll be amazed at how thinking bigger will bring on bigger things.)

                        Comment


                        • #13
                          Re: Two DCís and two DNSí Ė best practices

                          OK folks, lets calm this down a little

                          Personally I dont see any problem with extending the scope of the discussion from redundancy of DNS and AD to subsiduary issues, but lets make it clear when we're getting off the original topic
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment

                          Working...
                          X