Best practices Windows 2003 DNS in child domain

Discussion in 'DNS Server' started by webby, Aug 18, 2005.

  1. webby

    webby Guest

    I know that there are a few ways that people usually set up DNS servers. I
    would like to know the best way for optimal resolution for configuring 2
    Windows 2003 DNS servers in a child domain. The two DNS servers are on DC's.

    Do I need to add anything in the forwarders tab?
    Under Interfaces, should I configure to listen on All IP Addresses or just
    one?
    Under Advanced, should the following be enabled: Bind Secondaries, Enable
    Round Robin, Enable Netmask ordering and Secure against cache pollution?

    And under the TCP/IP properties, I know to point the DNS server to itself. I
    have heard of people adding the secondary as the other DNS server in the
    domain, and others will just use the Primary for DNS.

    I guess what I am looking for in this question is answers to the above and
    best practices for two DNS servers in a child domain.
     
    webby, Aug 18, 2005
    #1
    1. Advertisements

  2. webby

    Todd J Heron Guest

    Answers inline.

    Yes, you do. Do you need Internet resolution? Then yes. If not, then no.
    People generally say the right way is to delegate to the child domains from
    the parent root domain. Either straight delegation or make stub zones of
    the child domain in the parent root domain. With Windows 2003, you can set
    DNS replication for all domains to forest-wide and no delegation is needed
    anywhere.
    Just one - the NIC to which is at the top of the binding order under Network
    Properties > Advanced > Advanced Settings menu.
    Unless you have BIND DNS servers as secondaries, then no, uncheck this
    option. This and each of the others are the Microsoft defaults. I'd leave
    them all enabled except for Bind Secondaries which you should de-select.
    Yes. Sort of. All DNS servers should point to themselves as their
    Preferred DNS server when AD is in good order. Unless, you are having
    problems with AD replication. In that case point all DNS servers at one,
    known good, AD/DNS server. Later, you go back to pointing them all at
    themselves again when you know replication is working good.
    HOW TO: Create a Child Domain in Active Directory and Delegate the DNS
    Namespace to the Child Domain
    http://support.microsoft.com/default.aspx?scid=kb;en-us;255248

    For a good diagram describing a child domain strategy:
    http://www.phongsaly.com/diagrams/ChildDNS.htm

    Understanding stub zones:
    http://www.microsoft.com/resources/...dard/proddocs/en-us/sag_DNS_und_StubZones.asp
     
    Todd J Heron, Aug 18, 2005
    #2
    1. Advertisements

  3. webby

    webby Guest

    Concerning the forwarders, we get Internet access through a proxy, so do I
    really need the forwarders?
     
    webby, Aug 18, 2005
    #3
  4. webby

    Todd J Heron Guest

    No, not really.

    --
    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    ----------------------------------------------------------------------------
    This posting is provided "as is" with no warranties and confers no rights


    Concerning the forwarders, we get Internet access through a proxy, so do I
    really need the forwarders?
     
    Todd J Heron, Aug 18, 2005
    #4
  5. webby

    webby Guest

    So just to confirm, I should not need to point DNS in the child domain to
    any DNS servers in the root domain? Replication should work fine with just
    pointing the DNS servers in the child to themselves and secondary to the
    other DNS server in the child?
    Thanks for all your help!
     
    webby, Aug 18, 2005
    #5
  6. webby

    Todd J Heron Guest

    Correct.

    Might I advise you however to forget about delegations altogether. Set the
    replication scope on both the root and child domains to AD-integrated with
    that being set to "All DNS Servers in the Active Directory Forest". It's
    easier to setup and then you can forget about it. It will just work.

    --
    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    ----------------------------------------------------------------------------
    This posting is provided "as is" with no warranties and confers no rights

    So just to confirm, I should not need to point DNS in the child domain to
    any DNS servers in the root domain? Replication should work fine with just
    pointing the DNS servers in the child to themselves and secondary to the
    other DNS server in the child?
    Thanks for all your help!
     
    Todd J Heron, Aug 18, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.