DNS Caching-Only Server on DC Not So Incredible Hulk 5/11/2007 9:42:01 PM Is it possible to make a DC a caching-only DNS Server? Is there an article that explains how to do this? Thanks.

Re: DNS Caching-Only Server on DC "Herb Martin" <news[ at ]learnquick.com> 5/11/2007 10:48:27 PM "Not So Incredible Hulk" <NotSoIncredibleHulk[ at ]discussions.microsoft.com> wrote in message news:07BF6473-96FA-4B49-9289-8384F19588F7[ at ]microsoft.com... [Quoted Text] > Is it possible to make a DC a caching-only DNS Server? Of course but such makes less sense for several reasons. Usually a caching only DNS server is between the local/private net and the external/public net (where DCs do NOT usually belong.) Also, if this is going to support AD (especially in a small domain) then the DNS should probably be AD Integrated unless there is some positive reason for doing otherwise. > Is there an article that explains how to do this? No, not really, because "caching only" DNS is the default -- all DNS servers are caching only UNTIL you add at least one ZONE to them. Well, as long as you do NOT "Disable Recursion" in the Advanced tab which would almost never make sense for internal DNS. What are you really trying to accomplish? (Rather than how you think you might try to do that.) Also note that if you are already using AD Integrated DNS on this domain then the records are ALREADY* replicated to the DC and might as well provide the zone. *Unless you use one of the new Win2003 AD-DNS replicatin scopes, but then once it is a DNS server it would almost certainly be included in replication again anyway. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: DNS Caching-Only Server on DC Not So Incredible Hulk 5/14/2007 8:31:03 PM My goodness. Herb Martin lives..... I remember you fondly from the old Saluki MCSE list-server a thousand years ago. I was thinking about using 2003 Application Partitions to separate out the DNS data. I have been battling AD replication errors as well as strange situations where AD-integrated DNS servers get "sick" and wipe out the forward lookup zones on all of the DNS servers in the domain. (The latter has happened twice in the past two months.) In addition, we don't have enough IT personnel to keep track of the far-flung infrastructure we have. My thinking was that I would try to minimize the number of AD-integrated DNS servers and simply use DCs with caching-only DNS servers in the branches. Windows doesn't seem to like this approach. It re-creates the AD-Integrated zones automatically whether I like it or not. I guess I'll have to re-adjust my approach. "Herb Martin" wrote: [Quoted Text] > > "Not So Incredible Hulk" <NotSoIncredibleHulk[ at ]discussions.microsoft.com> > wrote in message news:07BF6473-96FA-4B49-9289-8384F19588F7[ at ]microsoft.com... > > Is it possible to make a DC a caching-only DNS Server? > > Of course but such makes less sense for several reasons. > > Usually a caching only DNS server is between the local/private > net and the external/public net (where DCs do NOT usually belong.) > > Also, if this is going to support AD (especially in a small domain) > then the DNS should probably be AD Integrated unless there is > some positive reason for doing otherwise. > > > Is there an article that explains how to do this? > > No, not really, because "caching only" DNS is the default -- all DNS servers > are caching only UNTIL you add at least one ZONE to them. > > Well, as long as you do NOT "Disable Recursion" in the Advanced > tab which would almost never make sense for internal DNS. > > What are you really trying to accomplish? (Rather than how you think > you might try to do that.) > > Also note that if you are already using AD Integrated DNS on this > domain then the records are ALREADY* replicated to the DC and > might as well provide the zone. > > *Unless you use one of the new Win2003 AD-DNS replicatin scopes, > but then once it is a DNS server it would almost certainly be included > in replication again anyway. > > -- > Herb Martin, MCSE, MVP > http://www.LearnQuick.Com > (phone on web site) > > > >

Re: DNS Caching-Only Server on DC "Herb Martin" <news[ at ]learnquick.com> 5/15/2007 1:05:19 AM "Not So Incredible Hulk" <NotSoIncredibleHulk[ at ]discussions.microsoft.com> wrote in message news:51D030B9-7D82-440E-A90B-4F14FD2572BC[ at ]microsoft.com... [Quoted Text] > My goodness. Herb Martin lives..... I remember you fondly from the old > Saluki MCSE list-server a thousand years ago. I believe we talked on the phone today too...if not there was a large coincidence since Oz called me (also from Saluki.) > I was thinking about using 2003 Application Partitions to separate out the > DNS data. I have been battling AD replication errors as well as strange > situations where AD-integrated DNS servers get "sick" and wipe out the > forward lookup zones on all of the DNS servers in the domain. (The latter > has > happened twice in the past two months.) This is a very uncommon problem and is more likely due to hard drive issue or some such. Most AD replication problems are in fact DNS based but AD "corruption" (sickness) is just not something that happens (to a noticeable degree.) > In addition, we don't have enough IT > personnel to keep track of the far-flung infrastructure we have. My > thinking > was that I would try to minimize the number of AD-integrated DNS servers > and > simply use DCs with caching-only DNS servers in the branches. Windows > doesn't seem to like this approach. It re-creates the AD-Integrated zones > automatically whether I like it or not. You can set the replication scope to the specific partitions if you use all Win2003. It's not a bad idea, but it should NEVER be necessary. > I guess I'll have to re-adjust my approach. Your approach is not wrong, but there is something else going on. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: DNS Caching-Only Server on DC "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 5/15/2007 5:11:24 AM Read inline please. In news:51D030B9-7D82-440E-A90B-4F14FD2572BC[ at ]microsoft.com, Not So Incredible Hulk <NotSoIncredibleHulk[ at ]discussions.microsoft.com> typed: [Quoted Text] > My goodness. Herb Martin lives..... I remember you fondly from the > old Saluki MCSE list-server a thousand years ago. > > I was thinking about using 2003 Application Partitions to separate > out the DNS data. I have been battling AD replication errors as well > as strange situations where AD-integrated DNS servers get "sick" and > wipe out the forward lookup zones on all of the DNS servers in the > domain. (The latter has happened twice in the past two months.) In > addition, we don't have enough IT personnel to keep track of the > far-flung infrastructure we have. My thinking was that I would try > to minimize the number of AD-integrated DNS servers and simply use > DCs with caching-only DNS servers in the branches. Windows doesn't > seem to like this approach. It re-creates the AD-Integrated zones > automatically whether I like it or not. One thing you have to keep in mind, you cannot delete an AD integrated zone from just one DC, if you delete an ADI zone from one DC, you delete it from all DCs. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps Send IM: http://www.icq.com/people/webmsg.php?to=296095728 =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================