+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member
    Join Date
    Apr 2010
    Location
    Raleigh, North Carolina
    Posts
    185

    Certifications
    A+, Network+, Security+, MCSE: Security, VCP (v4 and v5), GPEN, MCSA, CCNA
    #1

    Default DC and DNS Server

    Hi all,

    I have a pretty simple question. I've been watching the CBT Nuggets for the 293, and in the DNS 1 video, he said that sometimes companies put DNS Servers on DCs. He said they did it when they were using secure, active directory replication to minimize the replication traffic. Has anyone seen this in the real world? Would the DNS Replication traffic bog down the Domain Controller? Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member Technito's Avatar
    Join Date
    Nov 2009
    Location
    Cincinnati, OH
    Posts
    152

    Certifications
    A+, Network+, Security+, MCP, MCSA 2003: Security, MCSE 2003: Security, CVE 5.0
    #2
    It depends on the network. You will see this mostly in a Windows network that spans multiple sites with each site divided by WAN connections. And yes, running multiple services on any server will bog down the server. But when it comes to Active Directory Integrated DNS zones, the DNS service is installed on the Domain Controller. Most companies use clusters or some other type of fault tolerant technique to support this type of setup. I haven't seen the video, but he was probably basically explaining that companies use AD Integrated DNS zones because zone transfers are transferred through normal AD replication, which minimizes excessive bandwidth traversing WAN links. Also dynamic updates will be secure using these types of zones.
    Reply With Quote Quote  

  4. I "HEART" M$ Mojo_666's Avatar
    Join Date
    Jun 2010
    Location
    Cardiff, Wales UK
    Posts
    438

    Certifications
    MCSE+M, MCSE+S, MCITP:SA, MCITP:EA, MCSA:2008, MCSA:2012
    #3
    Real world

    Pretty much all Windows Domains will use AD intergrated zones, another reality is that most companies large enough to even edge toward the ammount of replication traffick that would cause an issue have enough bandwith to cope with any ammount of replication anyway...users copying power point presentations causes more of an issue for most companies.

    But well configured site links and reasonable replication schedules are used anyway in most cases.
    Reply With Quote Quote  

  5. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #4
    Look into the difference between a Standard Primary zone and an Active Directory integrated zone.

    Benefits of using AD integrated zones.
    * Secure Transfers
    * Replication is done through AD replication (which uses compression) rather than zone transfers
    * A standard zone can only have 1 primary zones (all of the others must be secondary aka they are read only copies). With AD integrated you can have an infinite number of primary zones.
    * I'm sure there are some more benefits, but none are coming to mind at the moment. Feel free to update the list.

    Edit: To answer whether the replication bogs down the DC... DC's already do replication. This just adds some more to it and shouldn't be an issue. Even if it was, adding an extra DC or two to add more resources would be worth the costs in order to take advantage of the secure dynamic updates and the multiple primary zones.
    Last edited by Devilsbane; 08-19-2010 at 02:26 PM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2010
    Location
    Raleigh, North Carolina
    Posts
    185

    Certifications
    A+, Network+, Security+, MCSE: Security, VCP (v4 and v5), GPEN, MCSA, CCNA
    #5
    Thanks all. I knew they used the same type of replication and the benefits of using it. I was just curious about running both on the same server from a performance standpoint and a security standpoint.
    Reply With Quote Quote  

  7. I "HEART" M$ Mojo_666's Avatar
    Join Date
    Jun 2010
    Location
    Cardiff, Wales UK
    Posts
    438

    Certifications
    MCSE+M, MCSE+S, MCITP:SA, MCITP:EA, MCSA:2008, MCSA:2012
    #6
    Quote Originally Posted by willhi1979 View Post
    Thanks all. I knew they used the same type of replication and the benefits of using it. I was just curious about running both on the same server from a performance standpoint and a security standpoint.
    It is very common to have ADI Zones and a copy of another Zone as a secondary btw, I prefer this method over conditional forwarders when configuring trusts etc and I have been known to make that zone AD intergrated if I am happy I have all the records I need and that they will not change, but that is not very common at all.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks