DNS setting in Win2003 STD Server

Hi all,

I need to setup AD in office. It is internal to use only and no need to
communicate outside except for update the MS Fixed patches.
As I understanding, AD is required to config the DNS.

So, I have some questions in DNS config setting which are not really
understand, even I read the related MS Server 2003 books.

1) Zone type: Primary zone and Stub zone

2) Store the zone in Active Directory (available only if DNS server is a
domain controller)

3) Dynamic updates: none, nonsecure and secure, secure only

4) Zone Transfers

Could anyone explain their usage?

Many thanks,

tlee

"tlee" <> wrote in message news:%...
>
> Hi all,
>
> I need to setup AD in office. It is internal to use only and no need to
> communicate outside except for update the MS Fixed patches.
> As I understanding, AD is required to config the DNS.
>
> So, I have some questions in DNS config setting which are not really
> understand, even I read the related MS Server 2003 books.
>
> 1) Zone type: Primary zone and Stub zone

For AD, you would want to use AD Integrated zones. These act like Primary zones. A stub zone is a reference to the nameservers of another zone and can be used in lieu of conditional forwarding.

>
> 2) Store the zone in Active Directory (available only if DNS server is a
> domain controller)

Yes, that's correct. If the zone is AD integrated, the zone data is stored in the actual physical AD database, and not as a text file in the system32\dns folder as a Primary or Secondary zone.

>
> 3) Dynamic updates: none, nonsecure and secure, secure only

For AD, I usually select Secure Only.

>
> 4) Zone Transfers

No need for zone transfers, unless you need to create a read only Secondary copy on a non-domain controller.

>
> Could anyone explain their usage?
>
> Many thanks,
>
> tlee
>

I hope that helps.



--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Thank you so much for your explanations.

I am confusing at the explore of dmsmgmt.

Why did some folders and files appear at the Forward Lookup Zone under the
domain name ?

Such as:
Folders
_msdcs
_sites
_tcp
_udp
_DomainDnsZones
_ForestDnsZones

Files duplicated:
(same as parent folder) Host(A) 192.168.0.1
Host name Host(A) 192.168.0.1

Since, I have not seen at Win2000 server with same setting. Does it cause
by DNS Dynamic Updates in Windows2003?

Any DNS understanding resources will you recommend?

Thanks
tlee


> "tlee" <> wrote in message
> news:%...
>>
>> Hi all,
>>
>> I need to setup AD in office. It is internal to use only and no need to
>> communicate outside except for update the MS Fixed patches.
>> As I understanding, AD is required to config the DNS.
>>
>> So, I have some questions in DNS config setting which are not really
>> understand, even I read the related MS Server 2003 books.
>>
>> 1) Zone type: Primary zone and Stub zone
>
> For AD, you would want to use AD Integrated zones. These act like Primary
> zones. A stub zone is a reference to the nameservers of another zone and
> can be used in lieu of conditional forwarding.
>
>>
>> 2) Store the zone in Active Directory (available only if DNS server is a
>> domain controller)
>
> Yes, that's correct. If the zone is AD integrated, the zone data is stored
> in the actual physical AD database, and not as a text file in the
> system32\dns folder as a Primary or Secondary zone.
>
>>
>> 3) Dynamic updates: none, nonsecure and secure, secure only
>
> For AD, I usually select Secure Only.
>
>>
>> 4) Zone Transfers
>
> No need for zone transfers, unless you need to create a read only
> Secondary copy on a non-domain controller.
>
>>
>> Could anyone explain their usage?
>>
>> Many thanks,
>>
>> tlee
>>
>
> I hope that helps.
>
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.

"tlee" <> wrote in message news:uzdc%...
> Thank you so much for your explanations.
>
> I am confusing at the explore of dmsmgmt.
>
> Why did some folders and files appear at the Forward Lookup Zone under the
> domain name ?

These are the SRV records created by AD's Netlogon service. They aer necessary records so everything in the AD domain can "find" the DCs.


>
> Such as:
> Folders
> _msdcs
> _sites
> _tcp
> _udp
> _DomainDnsZones
> _ForestDnsZones
>
> Files duplicated:

This is the LdapIpAddress, a necessary record created by the Netlogon service:
> (same as parent folder) Host(A) 192.168.0.1

This is the hostname or "A" record of the DC:
> Host name Host(A) 192.168.0.1

> Since, I have not seen at Win2000 server with same setting. Does it cause
> by DNS Dynamic Updates in Windows2003?

This is normal. It is done by two things, Netlogon registration, and Dynamic DNS registration of the A forward and PTR record.

>
> Any DNS understanding resources will you recommend?

There are many out there. I would suggest taking a class, such as one of the Microsoft courses, to get a better understanding of AD and DNS, since that is what appears to be the scope of your questions.

>
> Thanks
> tlee
>

One course I can suggest is:
Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
http://www.microsoft.com/learning/en...B&Locale=en-us

I would make a suggestion to contact a learning center in this forum, but I don't want to make it seem like I'm advertising. Ping me offline and I can offer suggestions.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Ace Fekay,

Many thanks for your heartful help !

tlee


> "tlee" <> wrote in message
> news:uzdc%...
>> Thank you so much for your explanations.
>>
>> I am confusing at the explore of dmsmgmt.
>>
>> Why did some folders and files appear at the Forward Lookup Zone under
>> the
>> domain name ?
>
> These are the SRV records created by AD's Netlogon service. They aer
> necessary records so everything in the AD domain can "find" the DCs.
>
>
>>
>> Such as:
>> Folders
>> _msdcs
>> _sites
>> _tcp
>> _udp
>> _DomainDnsZones
>> _ForestDnsZones
>>
>> Files duplicated:
>
> This is the LdapIpAddress, a necessary record created by the Netlogon
> service:
>> (same as parent folder) Host(A) 192.168.0.1
>
> This is the hostname or "A" record of the DC:
>> Host name Host(A) 192.168.0.1
>
>> Since, I have not seen at Win2000 server with same setting. Does it
>> cause
>> by DNS Dynamic Updates in Windows2003?
>
> This is normal. It is done by two things, Netlogon registration, and
> Dynamic DNS registration of the A forward and PTR record.
>
>>
>> Any DNS understanding resources will you recommend?
>
> There are many out there. I would suggest taking a class, such as one of
> the Microsoft courses, to get a better understanding of AD and DNS, since
> that is what appears to be the scope of your questions.
>
>>
>> Thanks
>> tlee
>>
>
> One course I can suggest is:
> Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active
> Directory Domain Services
> http://www.microsoft.com/learning/en...B&Locale=en-us
>
> I would make a suggestion to contact a learning center in this forum, but
> I don't want to make it seem like I'm advertising. Ping me offline and I
> can offer suggestions.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.

"tlee" <> wrote in message news:%...
> Ace Fekay,
>
> Many thanks for your heartful help !
>
> tlee
>
>



You are welcome!

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.