addig a second dc/ds server

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

hi all knowig ones!!

well here i am agai gents and ladies


I have just added a second dc to my home lan both runing the domain
mydomain.local

now i have also added the dns role to the second dc , created a
secodary zone which points at the original server to get its zone info

all ad and dns data appears to have replicated successfully i just need
to know as I have my primary dns pointing at its self should the
secondary also point to the primary or itself?? and shoult the primary
remain pointing to itself?

any help is greatly appreciated as always

regards

si


--
pscyimePosted from http://www.pcreview.co.uk/ newsgroup access

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

> all ad and dns data appears to have replicated successfully i just need
> to know as I have my primary dns pointing at its self should the
> secondary also point to the primary or itself?? and shoult the primary
> remain pointing to itself?
>

The generally correct (and most efficient) answer is that every
DC points to itself first, and to the other (nearby) DCs which
hold the same info second, third etc. -- unless there is a positive
reason not to do this in a specific case.

You will hear some "old wives tale"-like recommendation to
point each DC to the other but this based on a troubleshooting
scenario where doing so temporarily may solve a problem
created by a perfectly correctly misconfiguration issue, and
even in that specific case they really should ALL point to the
Primary (or most favored Primary if AD Integrated DNS).

We do this temporarily when the DCs are not all registered
in the database correctly -- once they are all properly
registered we can use the most efficient settings:

self-first, other nearby DNS server next

The one real case where a DNS should not point to itself
(I have one of these) is when the DNS server is NOT an
internal DNS server for your network (e.g., running on
a Proxy/firewall box) but it is a domain member and so
needs that internal information.

So we can amend our rule to say: An internal DNS (i.e.,
one which holds internal records AND uses those internal
records) should point to itself first.

This should practically always be the case for a DC-DNS
so we can likely leave out this overly-pedantic exception.

(My firewall-proxy DNS server is NOT holding the domain
or other internal records, nor is it a DC.)

Ultimately the only rule that is really inviolable is that ANY
DNS client should point to the DNS servers that can answer
the questions to which it needs answers.

Then it is generally the case that it should point to the nearest
(in terms of network speed and efficiency) first.

A DC or even a DNS server is also such a "DNS client" in
almost all cases.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"pscyime" <pscyime.1r0a2a@> wrote in message
news:Jaednd5UepemVyXfRVn_vg@giganews.com...
>
> hi all knowig ones!!
>
> well here i am agai gents and ladies
>
>
> I have just added a second dc to my home lan both runing the domain
> mydomain.local
>
> now i have also added the dns role to the second dc , created a
> secodary zone which points at the original server to get its zone info
>
> all ad and dns data appears to have replicated successfully i just need
> to know as I have my primary dns pointing at its self should the
> secondary also point to the primary or itself?? and shoult the primary
> remain pointing to itself?
>
> any help is greatly appreciated as always
>
> regards
>
> si
>
>
> --
> pscyimePosted from http://www.pcreview.co.uk/ newsgroup access
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello pscyime,

On DC1, you can point to DC2 and then itself. Likely, on DC2, point to DC1
and then itself.

br,
Denis

"pscyime" <pscyime.1r0a2a@> wrote in message
news:Jaednd5UepemVyXfRVn_vg@giganews.com...
>
> hi all knowig ones!!
>
> well here i am agai gents and ladies
>
>
> I have just added a second dc to my home lan both runing the domain
> mydomain.local
>
> now i have also added the dns role to the second dc , created a
> secodary zone which points at the original server to get its zone info
>
> all ad and dns data appears to have replicated successfully i just need
> to know as I have my primary dns pointing at its self should the
> secondary also point to the primary or itself?? and shoult the primary
> remain pointing to itself?
>
> any help is greatly appreciated as always
>
> regards
>
> si
>
>
> --
> pscyimePosted from http://www.pcreview.co.uk/ newsgroup access
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uPvlDAzdFHA.132@TK2MSFTNGP10.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, and I replied below:
> You will hear some "old wives tale"-like recommendation to
> point each DC to the other but this based on a troubleshooting
> scenario where doing so temporarily may solve a problem
> created by a perfectly correctly misconfiguration issue, and
> even in that specific case they really should ALL point to the
> Primary (or most favored Primary if AD Integrated DNS).

Actually it wasn't an old wive's tale, but a Microsoft article that
recommended that to eliminate:

1. The DNS Island issue (which was resolved with a service pack, but has
remained as a 'best practice'.
2. At boot time, if using AD Integ zones, the zone may not be available
quite yet while the machine is still firing up and will generate 5781
errors, but can be ignored anyway.

Q275278 - DNS Server Becomes an Island When a Domain Controller Points to
Itself for the _Msdcs.ForestDnsName Domain:
http://support.microsoft.com/?id=275278

But I wouldn't point the first entry to a partner across a WAN.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

> Actually it wasn't an old wive's tale, but a Microsoft article that
> recommended that to eliminate:

Thus you have found the "old wife". (With apologies to women everywhere.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:uvIm3ZHeFHA.712@TK2MSFTNGP12.phx.gbl...
> In news:uPvlDAzdFHA.132@TK2MSFTNGP10.phx.gbl,
> Herb Martin <news@LearnQuick.com> stated, and I replied below:
> > You will hear some "old wives tale"-like recommendation to
> > point each DC to the other but this based on a troubleshooting
> > scenario where doing so temporarily may solve a problem
> > created by a perfectly correctly misconfiguration issue, and
> > even in that specific case they really should ALL point to the
> > Primary (or most favored Primary if AD Integrated DNS).
>
> Actually it wasn't an old wive's tale, but a Microsoft article that
> recommended that to eliminate:
>
> 1. The DNS Island issue (which was resolved with a service pack, but has
> remained as a 'best practice'.
> 2. At boot time, if using AD Integ zones, the zone may not be available
> quite yet while the machine is still firing up and will generate 5781
> errors, but can be ignored anyway.
>
> Q275278 - DNS Server Becomes an Island When a Domain Controller Points to
> Itself for the _Msdcs.ForestDnsName Domain:
> http://support.microsoft.com/?id=275278
>
> But I wouldn't point the first entry to a partner across a WAN.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uPfkF0MeFHA.1448@TK2MSFTNGP14.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, and I replied below:
>> Actually it wasn't an old wive's tale, but a Microsoft article that
>> recommended that to eliminate:
>
> Thus you have found the "old wife". (With apologies to women
> everywhere.)

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Herb

Again you are the man, just ot clarify both DC's even tho one is hosts
a secondary zone should have their primary DNS configured pointing to
themselves and the secondary pointing at each other?

Scenario....

DC 1 hosting primary AD int zone has ip of 10.0.0.2
DC 2 hosting secondary zone has ip of 10.0.0.3

DC1 TCP/IP properties should be as follows

preferred DNS 10.0.0.2
secondary DNS 10.0.0.3

DC2 TCP/IP properties should be as follows

preferred DNS 10.0.0.3
scondary DNS 10.0.0.2

I have DHCP assigning the IP info to the clients I assume from what you
say that they should use the primary DNS server as preferred and the DNS
server hosting the secondary zone as their secondary DNS

Right/Wrong? you be the judge!!

May I say I am eternally grateful for the time you spend answering my
(and everyone else's) questions it is a pleasure to post here

Regards

Simon


--
pscyimePosted from http://www.pcreview.co.uk/ newsgroup access

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

thanks Dennis

This seems to contradict what herb is saying - who is right? supporting
arguments please!!!

is there an Microsoft "best pracitice" for this scenario? i am sure
there must be

Anyways thanks for your time , or does this all not really matter what
order the preffered and secondary servers are in as long as they are
both listed?

will one config resolve names faster than the other - cant see why if
the forward lookup zone data is present on each DNS server.potentially
it may happen if the primary zone has data which has not yet been
replicated to the secondary but outside of this scenario i cant see
what the difference would be

The quest for a definitive answer goes on....

Regards

Simon

MCP WinXP
Compita A+


--
pscyimePosted from http://www.pcreview.co.uk/ newsgroup access

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

>
> Herb
>
> Again you are the man, just ot clarify both DC's even tho one is hosts
> a secondary zone should have their primary DNS configured pointing to
> themselves and the secondary pointing at each other?

Technically these client settings are called 'Preferred' and "Alternate'
(NOT Primary and Secondary which have other completely distinct
technical meanings.)


Yes. If everything in your DNS is working correctly it is most efficient
and effective if DNS servers point to themselves first (as Preferred.)

There are some TROUBLESHOOTING scenarios during which you
alter this to ensure they all register with the same DNS and all resolve
from a single DNS until you can get replication working.

Due to this TROUBLESHOOTING scenario (likely though overgeneralization,
laziness, or imprecision) this was specific and temporary fix was
turned into a general recommendation by many people who don't fully
understand DNS.

It isn't terribly serious since much of the time the inefficient method
works
"ok" but there it is just plain silly when a WAN is involved and isn't
necessary in any but the troubleshooting (temporary) case.

> I have DHCP assigning the IP info to the clients I assume from what you
> say that they should use the primary DNS server as preferred and the DNS
> server hosting the secondary zone as their secondary DNS

No, not necessarily.

If performance is an issue they should first use the NEAREST as Preferred
and then half of them should use each if the performance is equal (all on
one LAN.)

If performance is not an issue it doesn't much matter and they should
likely
point to the Primary first since this is the one most likely to be "up" and
the
only one (with a single Primary) which can accept registrations.

But in such cases it doesn't matter much and remember both DCs SHOULD
have the same info practically all of the time.

If not, this is a much bigger issue than which you point them to as
Preferred.

> Right/Wrong? you be the judge!!
>
> May I say I am eternally grateful for the time you spend answering my
> (and everyone else's) questions it is a pleasure to post here

A link to my web site would be highly appreciated.

Accelerated MCSE http://www.LearnQuick.Com

> Regards
> Simon

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uYEeDb2eFHA.3012@tk2msftngp13.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, and I replied below:
<snip>
> There are some TROUBLESHOOTING scenarios during which you
> alter this to ensure they all register with the same DNS and all
> resolve from a single DNS until you can get replication working.
>
> Due to this TROUBLESHOOTING scenario (likely though
> overgeneralization, laziness, or imprecision) this was specific and
> temporary fix was
> turned into a general recommendation by many people who don't fully
> understand DNS.
>

Don't understand DNS? Then why do the Microsoft engineers who developled all
of this recommend this "inefficient" method?

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

> Don't understand DNS? Then why do the Microsoft engineers who developled
all
> of this recommend this "inefficient" method?
>

You will have to ask any such 'engineer' who makes such a claim.

You are smart enough about this stuff yourself to see both how it
is wrong as a blanket statement and when it is necessary for
temporary troubleshooting purposes.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:OYlY7v9eFHA.2244@TK2MSFTNGP15.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, and I replied below:
>> Don't understand DNS? Then why do the Microsoft engineers who
>> developled all of this recommend this "inefficient" method?
>>
>
> You will have to ask any such 'engineer' who makes such a claim.
>
> You are smart enough about this stuff yourself to see both how it
> is wrong as a blanket statement and when it is necessary for
> temporary troubleshooting purposes.

True, but I was just commenting on your comment.

I don't necessarily follow this, but recommend it when a poster has
problems.
Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

> I don't necessarily follow this, but recommend it when a poster has
> problems.

There are specific cases where it is required -- or at least useful --
when troubleshooting a previous (and corrected) DNS misconfiguration
or replication problem.

It should be recommended then -- afterwards the DNS(DCs) should
be setup most efficiently (it won't help avoid the problem particularly
as that is due to other misconfigurations and if you screw those up then
you have problems whether the DNS is set right or wrong.)

Remember, I was a Microsoft Principal Consultant and even though I
have learned volumes since then I STILL MAKE MISTAKES. <grin>

Don't believe someone just because of who their employer is or
initials after their name....

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:u2Id7g$eFHA.1328@TK2MSFTNGP12.phx.gbl...
> In news:OYlY7v9eFHA.2244@TK2MSFTNGP15.phx.gbl,
> Herb Martin <news@LearnQuick.com> stated, and I replied below:
> >> Don't understand DNS? Then why do the Microsoft engineers who
> >> developled all of this recommend this "inefficient" method?
> >>
> >
> > You will have to ask any such 'engineer' who makes such a claim.
> >
> > You are smart enough about this stuff yourself to see both how it
> > is wrong as a blanket statement and when it is necessary for
> > temporary troubleshooting purposes.
>
> True, but I was just commenting on your comment.
>
> I don't necessarily follow this, but recommend it when a poster has
> problems.
> Ace
>