Integrated vs. Non integrated

Discussion in 'DNS Server' started by CarynCondon, Mar 28, 2008.

  1. CarynCondon

    CarynCondon Guest

    We are about to upgrade a small (50 users) NT4 domain to Win2k3 AD. We
    currently have one NT4 DNS server. We are a small company with two
    locations - Home Office and a Disaster Recovery Site. We are unsure if we
    should use the AD Integrated DNS or use non AD integrated DNS.

    Are there good points and bad points to integrated vs. non integrated?

    We are planning to have two AD servers in the home office and at least one
    DNS server there. At the DR Site we are planning for one AD server and one
    DNS server. If the DNS is integrated will that be too much data to pass
    through a VPN connection between the two sites?

    Any links to helpful white papers, articles etc would be appreciated. I am a
    novice so I am learning as I go.

    CarynCondon, Mar 28, 2008
    1. Advertisements

  2. CarynCondon

    W C Hull Guest


    I think a lot depends on how you want things setup. Since your're jumping
    from NT to W2K3 and moving to Active Directory I would suggest that you
    consider leveraging your Domain Controllers as DNS boxes and AD integrate
    everything. With an integrated zone your DNS entries are stored in AD and
    also updated as frequently as AD replicates. It's important to remember,
    however, that once the DC's are setup and replicating, they only replicate
    changes and do so in a very fast and efficient manner. In your mail you
    indicated that you were going to have 2 DC in the home office and at lease 1
    DNS. With AD integration you can have DNS running on both DC and you don't
    need a separate DNS server which may save the company money. Having them AD
    integrated and having DNS running on your DC's means you have redundency in
    case one of your DC's goes down the other DC is still handling DNS while you
    get the problem fixed. In our environment we are also running DHCP and WINS
    on our DNS boxes and we have DHCP setup to register all of our workstations
    in DNS. Not sure what you're going to use as a DNS server but where using
    two HP DL360 (Pizza box size) servers. Running AD, DNS, DHCP and WINS is
    not a problem.

    If you use non-integrated zones then you cn only update a zone in one
    particular location. If you need another copy of that zone elsewhere it has
    to be setup as a secondary zone. With secondary zones you have to go
    through the mojo of allowing Server A to zone transfer to Server B and you
    have to tell Server B where to get its data from. If Server A changes IP
    addresses then Server B needs to be updated or it becomes stale. With AD
    integrated zones AD already knows who it's going to share data with because
    that's how AD works. My advice is take advantage of AD and let it do the
    work for you.

    At my company we have about 18 DC from Minnesota to Georgia to Washington to
    Connecticut and we have 1 AD integrated zone that contains all worstations
    and all servers in the company and our DNS is running like a fine swiss
    watch. Have never had a problem with AD.
    W C Hull, Mar 28, 2008
    1. Advertisements

  3. CarynCondon

    CarynCondon Guest

    Hi, thank you so much for your response and input.

    For redundancy we want to have two AD servers in our home office. Using
    integrated DNS sounds like it could be the way to go and having that
    failover option as a safety net is a nice bonus that we had not considered.
    We have two new Dell 1950's with mirrored drives allocated for these
    services. They will also be running WINs and DHCP so that is good to know
    your HP's handle them fine.

    As I mentioned previously I was concerned about how much bandwidth the AD
    replication might use between our two locations. We are doing DB, Exchange
    and File replication through that connection as well but is seems like the
    AD replication isn't an issue for you with a bigger environment so hopefully
    that will be true for us too.

    Again, many thanks!
    CarynCondon, Mar 28, 2008
  4. Read inline please.

    The DNS data is a miniscule portion of the total AD data. It is better to
    have a DNS server at each site that can be updated directly, then it would
    be to have a secondary zone that will direct computers to the master server
    for updating, then download an updated copy of the zone from the master.

    Another thing you need to consider, with a primary zone that is accepting
    dynamic DNS updates, every time the zone updates, it increments the serial.
    This causes the secondary zone to request zone transfers regularly, which
    will be logged in the event log, and possibly causing Event 3000 Warning for
    "numerous Run-time events". Since ADI zone transfers are done through Active
    Directory replications, no events are logged, as long as the zone can be
    loaded from AD.

    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Mar 28, 2008
  5. CarynCondon

    W C Hull Guest


    There's another post connected to your thread from Kevin Goodnecht. Kevin
    really knows his business and I have taken his advice many times. I agree
    with Kevin that the DNS data is a very small and you'll never notice the
    traffic replication generates. If you're going to be running DHCP and
    you're running XP on the clients, be aware that with XP, clients CAN self
    register themselves with DNS or you can set things up and tell DHCP to
    handle things on behalf of the XP clients. We started with self
    registration but we had some issue that caused us to switch to that DHCP
    handles it instead. Since switching we haven't had any issues. I think our
    issue had something to do with reverse lookups not getting deleted when the
    forward address was vacated.

    W C Hull, Mar 29, 2008
  6. CarynCondon

    CarynCondon Guest

    Hi guys, many thanks for the information and input. This is a great forum!

    CarynCondon, Mar 31, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.