Should DC's with DNS point to self first?

Discussion in 'Active Directory' started by Gonzo, Feb 18, 2007.

  1. Gonzo

    Jorge Silva Guest

    Everybody thanks for the help, I decided to point the DC's to themselves
    Slow startups are generally cause because the AD starts before DNS, and that
    causes the delay, it could be changed through some modifications, but isn't
    recommended to mess with that. By using alternate available servers can
    alleviate the problem.
    Yes, you could say something like that. In short works like this: Any query
    made to a domain that DNS isn't aware, the DNS try to look for that domain
    in that provided ip address. If you specify a domain and relate an ip
    address (Conditional forwarding), in this case all queries made to that
    specific domain will be forwarded to that specific ip address. For example
    You could do a Conditional Forwarding for a specific domain that you need to
    trust/or create a trust, and you can "unconditional" forward all other
    domains "public domains" to your ISP DNS. If you select the option "don't
    use recursion for this domain", in case of failed query to the specified ip
    address, the DNS won't attempt to use the root hints list to solve the
    queries.
    Reverse lookup zones are not required for AD communication.
    You can create a reverse lookup zone in order to prevent your server trying
    to register PTR records in the internet blackhole DNS server,
    priosoner.iana.org causing 40960 and 40961 events.
    --

    I hope that the information above helps you.
    Have a Nice day.
    Jorge Silva
    MCSE
     
    Jorge Silva, Feb 19, 2007
    #21
    1. Advertisements

  2. Gonzo

    Gonzo Guest

    Thanks, great explainations, what is the difference between a stub zone and
    a secondary zone?

    Also I had a look at root hints, have no idea what they are used for, just
    had a read up, but they never explain in simple terms what they mine.
     
    Gonzo, Feb 20, 2007
    #22
    1. Advertisements

  3. Gonzo

    Erik Cheizoo Guest

    A reason for not using ISP forwarding and relying on root hints is the
    script kiddies polluting ISP DNS servers.
    I've run into an instance or two where windows update stopped working. When
    I did a nslookup for microsoft.com, I ended up somewhere, but definitely not
    at the Microsoft site.

    --
    Kind regards,

    Erik Cheizoo
    eXcellence & Difference - we keep your business running
    ============================================
    Always test in a non-production environment before implementing
    Guidelines for posting: http://support.microsoft.com/?id=555375
    ============================================
     
    Erik Cheizoo, Feb 20, 2007
    #23
  4. Gonzo

    Erik Cheizoo Guest

    A secondary zone is a copy of a zone, transferred to the local DNS server.
    The DNS server will be able to resolve locally.
    A stub zone is a very small zone, which only lists the DNS servers
    authoritive for that zone. Requests will be forwarded to one of those DNS
    servers

    --
    Kind regards,

    Erik Cheizoo
    eXcellence & Difference - we keep your business running
    ============================================
    Always test in a non-production environment before implementing
    Guidelines for posting: http://support.microsoft.com/?id=555375
    ============================================
     
    Erik Cheizoo, Feb 20, 2007
    #24
  5. Gonzo

    Gonzo Guest

    How woudl I populat root hints, surely I wouldn't have to add all the
    domains users want to access on the internet?
     
    Gonzo, Feb 20, 2007
    #25
  6. Ah yes, very well. My post was aimed more at the OP than you, as more often
    than not I tend to favour your approach too, but you make an interesting
    point re. the debate. I guess we have to be careful of using the word
    should when only voicing our opinions, but I'm probably more guilty than you
    when it comes to this...
     
    Paul Williams [MVP], Feb 20, 2007
    #26
  7. Gonzo

    Gonzo Guest

    I we were to use root hints, would we have to add all the domains users want
    to access then?
     
    Gonzo, Feb 21, 2007
    #27
  8. No. Root hints are the root servers. Your DNS server resolves the name by
    chasing the referrals from the root hints. This is known as recursion. The
    Windows client always sends recursive queries by default. If you want to
    use root hints you don't need to do anything other than ensure that the
    server(s) in question have UDP and TCP 53 access to the Internet.
     
    Paul Williams [MVP], Feb 23, 2007
    #28
  9. You don't populate it. This is there by default. There's a KB to get them
    back if you've got rid of them, but by default you'll have root hints.
    They're not used if you have forwarders configured.
     
    Paul Williams [MVP], Feb 23, 2007
    #29
  10. Yes, you're correct. The forwarder(s) are favoured (less work for the
    server).
     
    Paul Williams [MVP], Feb 23, 2007
    #30
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.