Two Subnets. One domain. Where to put DNS servers?

Discussion in 'DNS Server' started by JohnS, May 17, 2004.

  1. JohnS

    JohnS Guest

    I am currently testing Windows 2003 AD. I have set up a
    test lab similar to my real network. Two subnets in a
    single domain, between a router. I have already upgraded
    from NT 4 to WIn2K3 AD on subnet A. The primary DNS is
    192.168.5.1, on a Win2K3 DC. On Subnet B, there is an NT 4
    BDC that has not been upgraded, the real network has it on
    the opposite side of the country, so it won't be upgraded
    for a while.

    My question is the DNS zone. I don't understand fully on
    how to create DNS zone with two different subnets
    (192.168.5.0 and 192.168.10.0). I already have a DNS
    server with mycompany.com on subnet A (192.168.5.0). If I
    were to upgrade my subnet B to Win2k3 AD, and install DNS
    on that, should I also crreate a primary zone for
    mycompany.com with the 192.168.10.0?

    I understand creating DNS zone for one domain/subnet. I
    just don't know if I need to do anything special to DNS if
    I have two subnets (or sites in AD) in one domain.

    Any advice?
     
    JohnS, May 17, 2004
    #1
    1. Advertisements

  2. In
    That's the nice thing about DNS it doesn't care about subnets, the ideal
    layout would be to upgrade both DCs. The problem comes in when you have
    clients on the subnet with the NT4. If they use DDNS the DNS server that
    they need register in is clear across the country.
    All machines will need to use the Win2k3 for DNS, you can pull a secondary
    zone off of it to the NT4, then use it as an alternate DNS for the clients
    that are close to it.

    So far as setting up the zone goes, there is not much you need to do DDNS
    will take care of most of it for you, except for the NT4 and Win9x clients
    that you might want to registered in DNS. Since these clients don't support
    DDNS you will either have to statically assign IP addresses and manually
    create the records, or use the Win2k3 as the DHCP server. Win2k and Win2k3
    DHCP can register legacy clients in DNS.

    You should upgrade the NT4 ASAP, then you can use AD Integrated DNS zone
    which will replicate to both DCs and greatly reduce the complexity of the
    setup and you will benefit more from Active Directory.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], May 17, 2004
    #2
    1. Advertisements

  3. JohnS

    Guest Guest

    Thank you for the reply. I think I'm answering my own
    question here. Then I guess the best solution without
    traveling (initially) to the East cost would be during the
    real upgrade, install a member Win2K3 server with DNS, send
    over to the remote site, and DCPromo it to a DC (thru term
    serv). Enable DNS to be integrated and set DHCP
    accordingly to the new subnet. Having an NT 4 BDC along
    with the newly promoted WIn2k3 DC wouuld not cause any
    problem, right? Until I got a chance to travel over there,
    then I will remove the NT 4 BDC.
     
    Guest, May 18, 2004
    #3
  4. JohnS

    John Collins Guest

    You may wish to reconsider doing a dcpromo via Terminal Services... there
    are too many things that *could* go wrong ;)
     
    John Collins, May 18, 2004
    #4
  5. In
    Yes, things can go wrong, but it can be done, just make sure before you
    DCPROMO it that it has the current DC as its only DNS in TCP/IP properties,
    there shouldn't be a problem.

    I certainly would want to DCPROMO it before shipping it IMO that does leave
    to much to chance. Not to mention the replication errors until the DC is up
    on the other side of the country, what happens if the shipment gets "lost"?
    Then, you have to do a metadata cleanup because the DC wasn't demoted out of
    the domain.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], May 18, 2004
    #5
  6. JohnS

    Guest Guest

    Do you mean to say "I certainly would NOT want to DCPROMO
    it before shipping it IMO that does leave to much to
    chance."? I think I will go with the dcpromo thru term
    serv way. Will have DNS point back to the current DC at
    the HQ. Will also have a ghost image of the member 2k3
    server before doing the dcpromo. Just in case. I got a
    internal guy on the other side that is techno savy enough
    to rely on for some computer stuff.
     
    Guest, May 18, 2004
    #6
  7. In <>
    posted a question
    Then Kevin replied below:
    Uh Duh, Big red truck. My fat fingered typing was out of sync with my brain.
    That is what I meant, I hope you got that from my next statement about what
    would happen if something happened to it in shipment.
    DCPROMO works fine over Terminal Services. Once the DCPROMO process starts
    even if you get disconnected it will continue to run until you can get
    reconnected, and wait for you if it needs input from you.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], May 18, 2004
    #7
  8. JohnS

    Guest Guest

    One quick question/problem. I've already setup the test AD
    with two DC with DNS AD intregrated in Site A
    (192.168.5.0). Works like a charm. I've install another
    Win2K3 member server, and DC Promo it to AD controller.
    This is the DC for Site B (192.168.10.0) Add the server's
    ip to the Name server list on Site A's DNS zone. Start up
    the DNS Server services. But Nothing happen. DNS was not
    replicated over to the new DC on the other subnet.

    I keep getting error 4015 (critical error from AD) in the
    event log. Is there anything special that I need to do do
    the other subnet's DNS config?
     
    Guest, May 20, 2004
    #8
  9. In <>
    posted a question
    Then Kevin replied below:
    Are there any blocked ports between the two subnets?

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], May 22, 2004
    #9
  10. JohnS

    Guest Guest

    No. I have a fw in between, but I've set one rule to allow
    from all to all using all protocols. Initial dcpromo went
    fine, and the promoted dc was assigned to the correct site.
    But after reboot, there is no updates/replications. I
    thought it might take a while, but after a couple hours, I
    don't think it is working.
    Demote the server is working, though. I think I will try
    domote that dc to a member server, put in on Site A subnet,
    promo it, and see if DNS is working or not.

    From this thread, I thought I got the
    preparations/configurations right. I just don't know what
    I am missing.

    Thanks.
     
    Guest, May 24, 2004
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.