+ Reply to Thread
Results 1 to 12 of 12
  1. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #1

    Question DNS zone confusion

    Im confused...

    We have two offices (Nevada and California) connected by a wan link but are part of the same domain. Each office has a dc and each dc is also dns. In dns we have two forward lookup AD-integrated zones, company.com and California. Why are all the host records in the company.com zone and none of the records of hosts physically located in California, in the California zone? The only records that I see in the California zone are NS records for both dc's and the SOA record for the dc physically located in California. This dns infrastructure was created years before I got here and Im still learning dns but shouldn't the hosts physically located in California have their records in the California zone?

    Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.

    [/still learning]
    Last edited by phoeneous; 06-10-2010 at 11:41 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member sidsanders's Avatar
    Join Date
    Nov 2008
    Posts
    214

    Certifications
    cne, mcse, scna, scsa, a+, net+, sec+
    #2
    are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...
    Reply With Quote Quote  

  4. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #3
    Quote Originally Posted by sidsanders View Post
    are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...
    Single forest, single domain. Each dns points to itself and not the other. I guess my questiions are, does the Cali zone even need to be there? What would the best practice be to send updates to each other while minimizing traffic?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    Quote Originally Posted by phoeneous View Post
    does the Cali zone even need to be there?
    That's what I was going to ask you; I don't see what purpose it's serving based on what you've said so far. DNS is broken up by domain/zone, not by site. Therefore, physical location doesn't enter into the equation.

    Quote Originally Posted by phoeneous View Post
    What would the best practice be to send updates to each other while minimizing traffic?
    AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth.
    Reply With Quote Quote  

  6. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #5
    Quote Originally Posted by dynamik View Post
    AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth.
    Bonded 3MB.

    I'd say about 150 records on both sides.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #6
    Yea, that's nothing. Export that zone to a file and see how large it is: How to export AD-integrated zones to file > ActiveDir.org

    Also, if you've configured each location as a separate site (which should be done; check Admin Tools > AD sites and services), AD replication will use compression.
    Reply With Quote Quote  

  8. Solutions Architect gateway's Avatar
    Join Date
    May 2010
    Location
    Manchester, UK
    Posts
    232

    Certifications
    MCITP:EDA7, EDST7, MCSA 2003, MCSA Windows 7 NetApp NCDA-7 Mode VCP5-DCV, VCP6-DCV ITILv3-Foundation, ITILv3-Intermediate-OSA, AWS CSA
    #7
    Also, if you are doing incremental zone transfers for 150 records, it will hardly use any bandwidth. Get rid of the Cali zone
    Reply With Quote Quote  

  9. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #8
    Is the california zone there just for some local intranet websites?
    Reply With Quote Quote  

  10. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #9
    Quote Originally Posted by Devilsbane View Post
    Is the california zone there just for some local intranet websites?
    No intranet sites. Honestly I dont know why they created it. And of course the vendor who setup dns in this office can no longer be contacted...

    It is officially 86'd.
    Reply With Quote Quote  

  11. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #10
    Quote Originally Posted by phoeneous View Post
    Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.
    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #11
    Quote Originally Posted by phoeneous View Post
    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
    It depends on how you want to do it. Forwarding to your ISP offloads the recursive queries to their servers, and they may already be cached there as well. If you don't have those configured, your DNS server will just use root hints.

    The way you have it currently configured is that your California branch will forward queries to your other DNS server, which in turn will forward queries to their ISP.

    I usually just forward the queries to the ISP unless there's a specific reason I don't want to, but from what you've said, you should be fine with any of these configurations.
    Reply With Quote Quote  

  13. Senior Member sidsanders's Avatar
    Join Date
    Nov 2008
    Posts
    214

    Certifications
    cne, mcse, scna, scsa, a+, net+, sec+
    #12
    Quote Originally Posted by phoeneous View Post
    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
    is any of the local gear pointing to it? if not, it isnt a big deal. if yes, you can add the "local" isp fwders and make them get hit first over the remote dc. have you set the cali dc to be a secondary/ad integrated for the more valid zone?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks