Announcement

Collapse
No announcement yet.

Recommended DNS zone replication scope for single domain environment

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Recommended DNS zone replication scope for single domain environment

    Hi, in my company we have domain/forest functional level Windows Server 2008 R2 - there is only one domain. AD DS is installed on 5 servers - AD integrated DNS zone is used.

    I noticed today that on both forward lookup DNS zones, _msdcs.internaldomain.com & internaldomain.com, zone replication scope was set to All DNS servers in this domain and also for one reverse lookup zone. I changed this setting for all these zones to All domain controllers in this domain but later (10-15 mins at most) I reverted these settings back to All DNS servers in this domain.

    Which zone replication scope for mentioned zones is recommended keeping in mind this is single domain environment? Also could I do any harm to DNS and AD in all when I changed zone replication scope and later reverting it back for these zones? How to check that dns related informations (zones) are located where they should be in Active Directory and that there is no any garbage in other locations (partitions) in AD database.

  • #2
    Re: Recommended DNS zone replication scope for single domain environment

    Assuming you have only AD integrated DNS servers on DCs (normal practice) the two options are identical - "All DNS Servers" is where you are using non-Windows (or non-ADI) DNS. Changing from one to the other has never caused me any problems
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Recommended DNS zone replication scope for single domain environment

      So everything is ok? DNS zones are where they should be and there is no garbage in domain partition of AD since DNS zones are stored there if option All domain controllers in this domain was set up for short period of time (as I said 10-15 mins at most). AD will clean it up if something is there and stored back to DomainDNSZone partition. Nothing to worry about?
      Last edited by boxikg; 15th May 2014, 09:13.

      Comment


      • #4
        Re: Recommended DNS zone replication scope for single domain environment

        Are all your DNS server on DCs and are all Active Directory Integrated?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Recommended DNS zone replication scope for single domain environment

          Yes. All DNS servers are on domain controllers running Windows Server 2008 R2 with SP1 and all are AD integrated.

          Comment


          • #6
            Re: Recommended DNS zone replication scope for single domain environment

            Keep it as "All domain controllers" then (IMHO)
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Recommended DNS zone replication scope for single domain environment

              According to DNS logs in event viewer on domain controller DNS zone is moved to another location in AD when changing zone replication scope so nothing should stay in previous location - so garbage should not be there. Am I right?
              Last edited by boxikg; 15th May 2014, 11:59.

              Comment

              Working...
              X