What's the best practice for a dns setup?

Discussion in 'DNS Server' started by Paul, Sep 22, 2006.

  1. Paul

    Paul Guest

    We have a multi domain, multi site single forest AD structure. Our current
    setup is that whenever we create a new domain we make it an AD intergrated
    stub zone in the root zone.

    Is this the best practice?

    Or is it normal practice to make every child domain simply replicate all its
    zone information as part of AD replication?

    i.e. by chosing the option to have each zone an active directory integrated
    zone replicated to all domains in the forest.
    Paul, Sep 22, 2006
    1. Advertisements

  2. Paul

    Herb Martin Guest

    "Best practices" are not really the way to think about such
    DNS issues -- in such DNS we have first to make it "work"
    then to make it efficient, that is really the only true best

    You method, if every DNS server can find every other DNS
    server is acceptable.

    Why did you pick stub? And not Conditional Forwarding (w2k3),
    or Delegation (for CHILD domains only), or AD Integrated with
    Forest Wide repliction (w2k3), or even holding the secondaries
    (works even in W2k) instead of Stubs?

    None of the above are "better" per se, without knowing many
    things about your size, WANS, pattern of usage, etc.

    Stub zones are essentially "secodaries without all the records";
    they allow finding a "real DNS" server for that zone without
    transferring (large numbers of) records that might never be
    needed in a location.

    Were you to expect to need (most of) those records regularly
    then using a Secondary would probably be better but using
    AD Integrated with Forest Wide replication would likely be
    more efficient.
    That is another viable method. One considers the likelyhood
    of NEEDING those records balanced against the cost of transferring
    them ALL (even if some are never needed.)

    It is of course more efficient than using "cross Secondaries" since
    AD replication is better, but this (i.e., AD Forest Wide) only works
    if you have only Win2003 DCs.
    Were you to only need a few dozen records (DCs, Email Servers, etc) of
    a 200,000 computer domain which lives across a slow WAN (e.g.,
    North and South America but in the same forest) then you would probably
    choose either Stub Zones or Conditional Forwarding which are virtually
    equal choice in MOST cases.

    The difference is that Stubs automatically maintain the list of DNS servers,
    while Conditional Forwarding fixes the DNS servers to the list that the
    Admin supplies.

    So, Stubs offer lower maintenance but do NOT allow for the Admin
    to pick the "most efficient" choice. (Changes to DNS servers or their
    IP address are automatic with Stub zones, but a remote DNS server
    might not choose the "closest DNS Server" with Stubs and Conditional
    Forwaring allows the Admin to pick.)

    NA - SA example. Suppose that the WAN from Rio is 'physically' along
    WAN lines from Rio-Miami but there are DNS servers in NA in every
    major city. With Stubs the Rio DNS server COULD be sending requests
    to Seattle or Bangor, or Nome Alaska, but with Conditional Forwarding
    the Admin would pick perhaps Miami only (or Miami and Atlanta if that
    is the way the WANS run.)
    Herb Martin, Sep 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.