Announcement

Collapse
No announcement yet.

TypiDNS configuration on a Child Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TypiDNS configuration on a Child Domain

    Hello everyone, I have a probably trivial question, but I could not find precise information anywhere.

    I have set up a root domain (let's say "root.net"), with 2 DCs (Their IP being respectively 10.1.1.1 and 10.1.1.2).
    Both are DNS servers.
    I want to use DNS integrated to AD, and setup a child domain which should be a DNS server too.
    I am looking for the simplest way to have it, leaving all to AD replication.


    1. What is the typical (or right) way to set up the DNS address in "IP properties" of the root DCs?
    "Preferred" pointing to itself and "Alternate" pointing to the other DC?
    Should I "Create default Application Directory partitions" in the root domain DNS?

    2. If I set up a child domain ("child.root.net", IP is 10.1.1.3) what is the correct way to install it:
    - Install DNS service before promoting it with DCPROMO?
    - Point "Preferred" address to itself, or to the root DC? Before or after promoting it?
    - Where to point the "Alternate" DNS address to?

    3. After installing AD with DCPROMO, are there other things I have to do on the child (and/or root) domain to properly configure DNS?


    Thank you very much in advance.
    Last edited by axplains; 13th October 2008, 09:48.

  • #2
    Re: Typical DNS configuration on a Child Domain

    Originally posted by axplains View Post
    1. What is the typical (or right) way to set up the DNS address in "IP properties" of the root DCs?
    "Preferred" pointing to itself and "Alternate" pointing to the other DC?
    Should I "Create default Application Directory partitions" in the root domain DNS?
    There is no single, correct way to configure where DCs point for DNS. As long as name resolution is fast, correct, and uses as little network bandwidth as possible, the solution is a good one. What customers should focus on is developing and implementing a consistent methodology. Following are the most common methodologies chosen:

    *DC points to another DC (often in its site, if available), then to itself, and then potentially to a third server.

    *DC points to itself, then to another (often in its site, if available), and then potentially to a third server. One potential negative to this is that false errors will often be generated during a shutdown or startup because of race conditions while services are stopping or starting.

    *All DCs point to a single centralized server, then to themselves, and then potentially to a third server. This option allows all DCs to typically have a consistent view of the environment from a DNS perspective. It can also make it easier to troubleshoot certain issues.

    Originally posted by axplains View Post
    2. If I set up a child domain ("child.root.net", IP is 10.1.1.3) what is the correct way to install it:
    - Install DNS service before promoting it with DCPROMO?
    - Point "Preferred" address to itself, or to the root DC? Before or after promoting it?
    - Where to point the "Alternate" DNS address to?
    Yes install a DNS b4 DC Promo, as for pointing the DNS IPs , refer to section 1


    DNS References
    TechNet Support WebCast: Troubleshooting Active Directory Problems Caused by DNS http://support.microsoft.com/?id=891735
    How to Use DNSLint to Troubleshoot Active Directory Replication Issues http://support.microsoft.com/?id=321046
    How to Reconfigure an _msdcs Subdomain to a Forest-wide DNS Application Directory Partition When You Upgrade from Windows 2000 to Windows Server 2003 (817470) http://support.microsoft.com/?id=817470
    Windows 2000 DNS White Paper http://download.microsoft.com/downlo...0d2/w2kdns.doc
    Microsoft Domain Name System (DNS) Center http://www.microsoft.com/Windows2000...ns/default.asp
    Training: Understanding and Troubleshooting DNS in Windows 2000 http://support.microsoft.com/?id=330511
    Problems with Many Domain Controllers with Active Directory Integrated DNS Zones http://support.microsoft.com/?id=267855
    A MicrosoftDNS container is created before full replication and causes a DNS conflict in Windows Server 2003 http://support.microsoft.com/?id=836534

    Comment


    • #3
      Re: Typical DNS configuration on a Child Domain

      Thank you very much for your reply and the thorough explanation.

      Excuse me if I ask you about another DNS issue:
      is "DNS / Create default Application Directory partitions" needed? If it does not set up itself when installing AD, do I have to set it up manually or should I leave it alone?

      (I would prefer not to create forward lookup zones or delegations to the child domain, but leave it all to AD replication if possible).

      Thanks again

      Comment


      • #4
        Re: TypiDNS configuration on a Child Domain

        if we are talking about a 2003 domain , then yes , it would create a DNS application partition for you , you don't need to create any thing manually.

        Comment


        • #5
          Re: TypiDNS configuration on a Child Domain

          but if yo want it to use the partition , you need to place the zone in the Forest or domain DNS partition.
          this could be done in the proprieties of the zone "all dns servers in the forest or domain" under the replication button.

          Comment


          • #6
            Re: TypiDNS configuration on a Child Domain

            Originally posted by SnakEye View Post
            but if yo want it to use the partition , you need to place the zone in the Forest or domain DNS partition.
            this could be done in the proprieties of the zone "all dns servers in the forest or domain" under the replication button.
            yes, that is correct.

            Comment


            • #7
              Re: TypiDNS configuration on a Child Domain

              Originally posted by SnakEye View Post
              but if yo want it to use the partition , you need to place the zone in the Forest or domain DNS partition.
              this could be done in the proprieties of the zone "all dns servers in the forest or domain" under the replication button.
              Thanks to both of you... but I am sorry, I don't know where is the "replication button"? And what zone are you referring to... "forward lookup zone" in the root domain?

              Moreover, if I try to "Create default Application Directory partitions" under DNS it lets me do it?
              Should this command be disabled if the partition is already there?

              Thanks again for your kind support.

              Comment


              • #8
                Re: TypiDNS configuration on a Child Domain

                under the forward lookup zone , goto your AD zone, properties, under the button that you select if this is a primary zone or secondary zone,etc , there is a button that you can pick where to place the dns ( you have 3 options), "pick the all dns servers in forest or domain" not the option all domain controllers in the domain or it would be placed in the domain data partition.

                Comment


                • #9
                  Re: Typical DNS configuration on a Child Domain

                  Originally posted by SnakEye View Post
                  under the forward lookup zone , goto your AD zone, properties, under the button that you select if this is a primary zone or secondary zone,etc , there is a button that you can pick where to place the dns ( you have 3 options), "pick the all dns servers in forest or domain" not the option all domain controllers in the domain or it would be placed in the domain data partition.
                  Thank you very much, I found it.
                  The default selection is "to all the DNS servers in the AD domain".
                  Is it better to choose "forest" or "domain"?
                  I would like to have DNS replicated to the DNS child domain too, so it sounds to me that "forest" should be a better choice...

                  Another issue I found: when I launch DCPROMO to install the child domain, when I provide the root's enterprise admin credentials I get the error that the root domain cannot be contacted.
                  It is surely an error related to DNS, because both servers are on the same network and i can ping from one to the other.
                  The server I am installing points to itself as DNS server.
                  So is there something that I must set up in DNS first? (in the child domain)
                  Last edited by axplains; 13th October 2008, 16:27.

                  Comment


                  • #10
                    Re: TypiDNS configuration on a Child Domain

                    pick all DNS servers in the forest if you want that zone to replicate across the forest.

                    the machine you trying to promote, change it's DNS settings to point the DNS server of the root domain after you promote it you can switch it back if you would like.
                    don't 4get that the server you are trying to promote doesn't have the root domain zone yet on it (since it is AD integrated and it is not an AD machine yet), that is why it can't find the root domain.

                    Comment


                    • #11
                      Re: Typical DNS configuration on a Child Domain

                      Originally posted by Akila View Post
                      pick all DNS servers in the forest if you want that zone to replicate across the forest.

                      the machine you trying to promote, change it's DNS settings to point the DNS server of the root domain after you promote it you can switch it back if you would like.
                      don't 4get that the server you are trying to promote doesn't have the root domain zone yet on it (since it is AD integrated and it is not an AD machine yet), that is why it can't find the root domain.

                      Thank you very much for the explanation,
                      now I understand (I thought DNS settings on the child would never change after the initial setup).
                      - I think that forest replication should be safer (more resilient to failures in one of the domain controllers), is it?
                      - Or are there performance/bandwidth considerations which make the domain replication better?
                      - Moreover, the same DNS setting has to be done also on the child DC or is it propagated automatically?

                      Thanks again for your help.

                      (And by the way, can you advise me on some book/site/article/whatever on real-life DNS scenarios and choices?... I have read a lot of material about DNS - mainly by Microsoft - but it is always very theoretic and of little help in practical implementation decisions...)


                      P.S.:
                      After installing the child DC as above (child's primary DNS is still the root DC), I get these error in the child domain's DNS event Viewer:
                      "The DNS server detected that it is not enlisted in the replication scope of the directory partition ForestDnsZones.root.net. This prevents the zones that should be replicated to all DNS servers in the child.root.net forest from replicating to this DNS server.

                      To create or repair the forest-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support.
                      The error was 9002.


                      After this critical error:
                      The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly.

                      Should I create the Default Application Directory partition in the root DC as suggested?

                      UPDATE: Replication has worked in the end, the connections and DNS zones have created on the client.
                      Event viewer says:
                      The DNS Application Directory Partition DomainDnsZones.child.root.net was created. The distinguished name of the root of this Directory Partition is DC=DomainDnsZones,DC=child,DC=root,DC=net.

                      So it was just matter of time it seems... even if it refers to
                      DomainDnsZones.child.root.net while the error referred to
                      ForestDnsZones.root.net...
                      Last edited by axplains; 14th October 2008, 09:41.

                      Comment


                      • #12
                        Re: TypiDNS configuration on a Child Domain

                        ForestDNSZones has the lowest priority in replication among all 5 partitions, that is why it toke more time.

                        as for links you wanted on DNS:
                        DNS References
                        TechNet Support WebCast: Troubleshooting Active Directory Problems Caused by DNS http://support.microsoft.com/?id=891735
                        How to Use DNSLint to Troubleshoot Active Directory Replication Issues http://support.microsoft.com/?id=321046
                        How to Reconfigure an _msdcs Subdomain to a Forest-wide DNS Application Directory Partition When You Upgrade from Windows 2000 to Windows Server 2003 (817470) http://support.microsoft.com/?id=817470
                        Windows 2000 DNS White Paper http://download.microsoft.com/downlo...0d2/w2kdns.doc
                        Microsoft Domain Name System (DNS) Center http://www.microsoft.com/Windows2000...ns/default.asp
                        Training: Understanding and Troubleshooting DNS in Windows 2000 http://support.microsoft.com/?id=330511
                        Problems with Many Domain Controllers with Active Directory Integrated DNS Zones http://support.microsoft.com/?id=267855
                        A MicrosoftDNS container is created before full replication and causes a DNS conflict in Windows Server 2003 http://support.microsoft.com/?id=836534
                        Last edited by Akila; 14th October 2008, 17:33.

                        Comment


                        • #13
                          Re: TypiDNS configuration on a Child Domain

                          Thank you very much for your help, still a lot to study...

                          Comment

                          Working...
                          X