Integrated vs. Non integrated

We are about to upgrade a small (50 users) NT4 domain to Win2k3 AD. We
currently have one NT4 DNS server. We are a small company with two
locations - Home Office and a Disaster Recovery Site. We are unsure if we
should use the AD Integrated DNS or use non AD integrated DNS.

Are there good points and bad points to integrated vs. non integrated?

We are planning to have two AD servers in the home office and at least one
DNS server there. At the DR Site we are planning for one AD server and one
DNS server. If the DNS is integrated will that be too much data to pass
through a VPN connection between the two sites?

Any links to helpful white papers, articles etc would be appreciated. I am a
novice so I am learning as I go.
Thanks!

-Caryn

 

Caryn,

I think a lot depends on how you want things setup. Since your're jumping
from NT to W2K3 and moving to Active Directory I would suggest that you
consider leveraging your Domain Controllers as DNS boxes and AD integrate
everything. With an integrated zone your DNS entries are stored in AD and
also updated as frequently as AD replicates. It's important to remember,
however, that once the DC's are setup and replicating, they only replicate
changes and do so in a very fast and efficient manner. In your mail you
indicated that you were going to have 2 DC in the home office and at lease 1
DNS. With AD integration you can have DNS running on both DC and you don't
need a separate DNS server which may save the company money. Having them AD
integrated and having DNS running on your DC's means you have redundency in
case one of your DC's goes down the other DC is still handling DNS while you
get the problem fixed. In our environment we are also running DHCP and WINS
on our DNS boxes and we have DHCP setup to register all of our workstations
in DNS. Not sure what you're going to use as a DNS server but where using
two HP DL360 (Pizza box size) servers. Running AD, DNS, DHCP and WINS is
not a problem.

If you use non-integrated zones then you cn only update a zone in one
particular location. If you need another copy of that zone elsewhere it has
to be setup as a secondary zone. With secondary zones you have to go
through the mojo of allowing Server A to zone transfer to Server B and you
have to tell Server B where to get its data from. If Server A changes IP
addresses then Server B needs to be updated or it becomes stale. With AD
integrated zones AD already knows who it's going to share data with because
that's how AD works. My advice is take advantage of AD and let it do the
work for you.

At my company we have about 18 DC from Minnesota to Georgia to Washington to
Connecticut and we have 1 AD integrated zone that contains all worstations
and all servers in the company and our DNS is running like a fine swiss
watch. Have never had a problem with AD.

 

Hi, thank you so much for your response and input.

For redundancy we want to have two AD servers in our home office. Using
integrated DNS sounds like it could be the way to go and having that
failover option as a safety net is a nice bonus that we had not considered.
We have two new Dell 1950's with mirrored drives allocated for these
services. They will also be running WINs and DHCP so that is good to know
your HP's handle them fine.

As I mentioned previously I was concerned about how much bandwidth the AD
replication might use between our two locations. We are doing DB, Exchange
and File replication through that connection as well but is seems like the
AD replication isn't an issue for you with a bigger environment so hopefully
that will be true for us too.

Again, many thanks!

 

Read inline please.

In

The DNS data is a miniscule portion of the total AD data. It is better to
have a DNS server at each site that can be updated directly, then it would
be to have a secondary zone that will direct computers to the master server
for updating, then download an updated copy of the zone from the master.

Another thing you need to consider, with a primary zone that is accepting
dynamic DNS updates, every time the zone updates, it increments the serial.
This causes the secondary zone to request zone transfers regularly, which
will be logged in the event log, and possibly causing Event 3000 Warning for
"numerous Run-time events". Since ADI zone transfers are done through Active
Directory replications, no events are logged, as long as the zone can be
loaded from AD.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

Caryn,

There's another post connected to your thread from Kevin Goodnecht. Kevin
really knows his business and I have taken his advice many times. I agree
with Kevin that the DNS data is a very small and you'll never notice the
traffic replication generates. If you're going to be running DHCP and
you're running XP on the clients, be aware that with XP, clients CAN self
register themselves with DNS or you can set things up and tell DHCP to
handle things on behalf of the XP clients. We started with self
registration but we had some issue that caused us to switch to that DHCP
handles it instead. Since switching we haven't had any issues. I think our
issue had something to do with reverse lookups not getting deleted when the
forward address was vacated.

Regards.

 

Hi guys, many thanks for the information and input. This is a great forum!

Cheers!
-Caryn