|
|
Good morning.
I've done some research and got some conflicting "best practice"
scenarios...
If someone could shed some light, I'd appreciate it.
What should the DNS control panel reflect for the primary domain controller
in an active directory domain that will also serve as primary DNS?
There are 7 other servers in different locations, all connected via
hardware-to-hardware VPN...
Settings for PDC:
Replication: All DC's
Dynamic Updates - Secure Only?
Start of Authority: Primary server is the PDC
Name servers - lists all DC's
Zone transfers: - Allow? Notify?
Any help would be sincerely appreciated.
--Bill
|
|
Read inline please.
In news:%23b2BvIilHHA.4688[ at ]TK2MSFTNGP03.phx.gbl,
Bill <bill[ at ]ctsfla.com> typed:
[Quoted Text] > Good morning.
> I've done some research and got some conflicting "best practice"
> scenarios...
> If someone could shed some light, I'd appreciate it.
>
> What should the DNS control panel reflect for the primary domain
> controller in an active directory domain that will also serve as
> primary DNS?
If the zone is Active Directory Integrated, Primary DNS means nothing, the
zone is a Master on all DCs. The main reason for the SOA primary record is
to let clients know where to send DDNS updates, since all servers list
themselves as Primary masters, all will accept zone updates, this is the
design of the multi-master environment.
> There are 7 other servers in different locations, all connected via
> hardware-to-hardware VPN...
> Settings for PDC:
> Replication: All DC's
If it is all DCs in the AD Domain<ADDomain>, this will replicate only to DCs
in the same domain, regardless of if they are Win2k or Win2k3. If all DCs
are in the same domain, this would sound right. If you have child or sister
domains, it will not replicate to them.
> Dynamic Updates - Secure Only?
Absolutely.
> Start of Authority: Primary server is the PDC
The SOA Primary, for ADI zones will always take the name of the DC the zone
is on by design. Remember only the SOA Primary accepts zone updates.
> Name servers - lists all DC's
Yes, all DCs that lie within the replication partition the zone is in.
> Zone transfers: - Allow? Notify?
Zone transfers are not needed between Active Directory integrated zones
because the zones replicate through AD, not zone transfers.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Read inline please.
In news:%23b2BvIilHHA.4688[ at ]TK2MSFTNGP03.phx.gbl,
Bill <bill[ at ]ctsfla.com> typed:
[Quoted Text] > Good morning.
> I've done some research and got some conflicting "best practice"
> scenarios...
> If someone could shed some light, I'd appreciate it.
>
> What should the DNS control panel reflect for the primary domain
> controller in an active directory domain that will also serve as
> primary DNS?
If the zone is Active Directory Integrated, Primary DNS means nothing, the
zone is a Master on all DCs. The main reason for the SOA primary record is
to let clients know where to send DDNS updates, since all servers list
themselves as Primary masters, all will accept zone updates, this is the
design of the multi-master environment.
> There are 7 other servers in different locations, all connected via
> hardware-to-hardware VPN...
> Settings for PDC:
> Replication: All DC's
If it is all DCs in the AD Domain<ADDomain>, this will replicate only to DCs
in the same domain, regardless of if they are Win2k or Win2k3. If all DCs
are in the same domain, this would sound right. If you have child or sister
domains, it will not replicate to them.
> Dynamic Updates - Secure Only?
Absolutely.
> Start of Authority: Primary server is the PDC
The SOA Primary, for ADI zones will always take the name of the DC the zone
is on by design. Remember only the SOA Primary accepts zone updates.
> Name servers - lists all DC's
Yes, all DCs that lie within the replication partition the zone is in.
> Zone transfers: - Allow? Notify?
Zone transfers are not needed between Active Directory integrated zones
because the zones replicate through AD, not zone transfers.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|