Dynamic Updates forwarded in a DNS caching-only? Gabriel/TFI 5/17/2007 10:01:01 PM We are running an Active Directory in a subsidiary under a delegated zone of the corporate namespace (ad.company.com). Our AD is made of 1 HUB with 2 DCs that has connectivity towards all remote sites, a bounch of big offices with one local DC and some small sites with no local DC. Users in small branches (less than 20 users per site) authenticate against the HUB DCs. No problems with authentication or GPO. All DCs are Win2003 SP2 and running DNS with AD integrated zones. All DC/DNS servers are forwarding to corporate DNS servers for resolving corporate non-AD hosts (company.com) and Internet hosts. In small branches we installed DNS service caching-only that does not host any zone, just forwards query to AD DNS servers in the HUB. Every client is configured to point to the local DNS in its site via DHCP. Caching work flawlessy either for AD hosts or corporate/internet hosts. (AD hosts looks like having a very short TTL). Everything is working fine, but I would like to post some questions: - Is this DNS design correct? - How do clients update their DNS record in branch offices as there's no writable zone there? Is the dynamic update forwarded to DNS servers in HUB as it occurs with name resolution? Thanks in advance. Regards, Gabriele

Re: Dynamic Updates forwarded in a DNS caching-only? "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 5/19/2007 3:19:26 AM Read inline please. In news:D703A381-AD83-473F-A042-4C4F09F0CD4D[ at ]microsoft.com, Gabriel/TFI <GabrielTFI[ at ]discussions.microsoft.com> typed: [Quoted Text] > We are running an Active Directory in a subsidiary under a delegated > zone of the corporate namespace (ad.company.com). > Our AD is made of 1 HUB with 2 DCs that has connectivity towards all > remote sites, a bounch of big offices with one local DC and some > small sites with no local DC. > Users in small branches (less than 20 users per site) authenticate > against the HUB DCs. No problems with authentication or GPO. > All DCs are Win2003 SP2 and running DNS with AD integrated zones. All > DC/DNS servers are forwarding to corporate DNS servers for resolving > corporate non-AD hosts (company.com) and Internet hosts. > In small branches we installed DNS service caching-only that does not > host any zone, just forwards query to AD DNS servers in the HUB. > Every client is configured to point to the local DNS in its site via > DHCP. Caching work flawlessy either for AD hosts or > corporate/internet hosts. (AD hosts looks like having a very short > TTL). > > Everything is working fine, but I would like to post some questions: > - Is this DNS design correct? > - How do clients update their DNS record in branch offices as there's > no writable zone there? Is the dynamic update forwarded to DNS > servers in HUB as it occurs with name resolution? > > Thanks in advance. When a client tries to update DNS, it sends its update to the DNS server listed on the SOA record for the domain as the primary. It does not mean the update will be successful, but the update request will go out. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps Send IM: http://www.icq.com/people/webmsg.php?to=296095728 =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: Dynamic Updates forwarded in a DNS caching-only? Gabriel/TFI 5/21/2007 1:10:02 AM "Kevin D. Goodknecht Sr. [MVP]" wrote: [Quoted Text] > > Everything is working fine, but I would like to post some questions: > > - Is this DNS design correct? > > - How do clients update their DNS record in branch offices as there's > > no writable zone there? Is the dynamic update forwarded to DNS > > servers in HUB as it occurs with name resolution? > > When a client tries to update DNS, it sends its update to the DNS server > listed on the SOA record for the domain as the primary. It does not mean the > update will be successful, but the update request will go out. Kevin, thanks for your reply. I erroneously thought that DNS update was sent by DHCP client to the 1st available DNS server of the client's preferred list, so in the case of a Caching-only DNS server (fowarding to "real" DNS/DC) I believed the DNS update was sent by the client to the Caching-DNS which forwarded the request to the forwarder. If I understand well now, the Caching-only DNS server just helps the client to perform the SOA query, then the client will contact the primary DNS server in the SOA for dynamic update, right? I had a look at KB816592 (http://support.microsoft.com/kb/816592) and found that in AD-integrated DNS zones, any DNS server authoritative for the zone can answer the SOA query by adding its name as the primary SOA name server: "For standard primary zones, the primary server, or owner, that is returned in the SOA query response is fixed and static. The primary server name always matches the exact DNS name as that name is displayed in the SOA resource record that is stored with the zone. However, if the zone that is being updated is directory-integrated, any DNS server that is loading the zone can respond and dynamically insert its own name as the primary server of the zone in the SOA query response". Regards, Gabriele > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728