DNS issue obnetadmin 5/29/2007 3:14:01 PM I have a single AD domain spread across several locations with T1 links back to our Admin building. We had a Verizon circuit problem and no one on that segment could login. I have two DNS servers at one of the remote sites that handles DNS for the entire domain. How can I avoid a situation like this should it happen again in the future? DNS caching? Thanks for your help.

Re: DNS issue "Michael Dragone" <no.e-mail=less_spam> 5/29/2007 4:04:03 PM You would want to put a DNS server at each location that you want to protect from this type of outage. Likewise, you'll need to place domain controllers in these locations as well! "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... [Quoted Text] >I have a single AD domain spread across several locations with T1 links >back > to our Admin building. We had a Verizon circuit problem and no one on that > segment could login. I have two DNS servers at one of the remote sites > that > handles DNS for the entire domain. How can I avoid a situation like this > should it happen again in the future? DNS caching? Thanks for your help.

Re: DNS issue obnetadmin 5/29/2007 4:11:00 PM Michael- All the remote servers are DC's (as well as file and print). Do I just need to install DNS as AD integrated? Should I point them to any other server for forwarding? Thanks for the quick response. Sean "Michael Dragone" wrote: [Quoted Text] > You would want to put a DNS server at each location that you want to protect > from this type of outage. Likewise, you'll need to place domain controllers > in these locations as well! > > "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... > >I have a single AD domain spread across several locations with T1 links > >back > > to our Admin building. We had a Verizon circuit problem and no one on that > > segment could login. I have two DNS servers at one of the remote sites > > that > > handles DNS for the entire domain. How can I avoid a situation like this > > should it happen again in the future? DNS caching? Thanks for your help. >

Re: DNS issue "Michael Dragone" <no.e-mail=less_spam> 5/29/2007 8:13:13 PM Is this a 2000 or 2003 domain? "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... [Quoted Text] > Michael- > All the remote servers are DC's (as well as file and print). Do I just > need > to install DNS as AD integrated? Should I point them to any other server > for > forwarding? Thanks for the quick response. > > Sean > > "Michael Dragone" wrote: > >> You would want to put a DNS server at each location that you want to >> protect >> from this type of outage. Likewise, you'll need to place domain >> controllers >> in these locations as well! >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... >> >I have a single AD domain spread across several locations with T1 links >> >back >> > to our Admin building. We had a Verizon circuit problem and no one on >> > that >> > segment could login. I have two DNS servers at one of the remote sites >> > that >> > handles DNS for the entire domain. How can I avoid a situation like >> > this >> > should it happen again in the future? DNS caching? Thanks for your >> > help.

Re: DNS issue obnetadmin 5/30/2007 3:02:01 AM It is a 2003 domain. All of the remote DC's are running DNS. Do I just need to change the DHCP scope for each IP segment so that local DNS server takes precedence over the other two? "Michael Dragone" wrote: [Quoted Text] > Is this a 2000 or 2003 domain? > > "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... > > Michael- > > All the remote servers are DC's (as well as file and print). Do I just > > need > > to install DNS as AD integrated? Should I point them to any other server > > for > > forwarding? Thanks for the quick response. > > > > Sean > > > > "Michael Dragone" wrote: > > > >> You would want to put a DNS server at each location that you want to > >> protect > >> from this type of outage. Likewise, you'll need to place domain > >> controllers > >> in these locations as well! > >> > >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... > >> >I have a single AD domain spread across several locations with T1 links > >> >back > >> > to our Admin building. We had a Verizon circuit problem and no one on > >> > that > >> > segment could login. I have two DNS servers at one of the remote sites > >> > that > >> > handles DNS for the entire domain. How can I avoid a situation like > >> > this > >> > should it happen again in the future? DNS caching? Thanks for your > >> > help. >

Re: DNS issue "Michael Dragone" <no.e-mail=less_spam> 5/30/2007 4:10:29 AM If all of your domain controllers are running DNS and all of your DNS zones are Active Directory-integrated, then yes, ideally clients on each segment should look to their nearest DNS server to resolve queries. Before you change this make sure that Active Directory has replicated all the DNS data out to the new DNS servers. Also, how do you have your DNS servers configured to resolve queries for Internet domain names? "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message news:0D49E1BB-D58D-4EF3-AE8E-ADC616124F2B[ at ]microsoft.com... [Quoted Text] > It is a 2003 domain. All of the remote DC's are running DNS. Do I just > need > to change the DHCP scope for each IP segment so that local DNS server > takes > precedence over the other two? > > "Michael Dragone" wrote: > >> Is this a 2000 or 2003 domain? >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... >> > Michael- >> > All the remote servers are DC's (as well as file and print). Do I just >> > need >> > to install DNS as AD integrated? Should I point them to any other >> > server >> > for >> > forwarding? Thanks for the quick response. >> > >> > Sean >> > >> > "Michael Dragone" wrote: >> > >> >> You would want to put a DNS server at each location that you want to >> >> protect >> >> from this type of outage. Likewise, you'll need to place domain >> >> controllers >> >> in these locations as well! >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... >> >> >I have a single AD domain spread across several locations with T1 >> >> >links >> >> >back >> >> > to our Admin building. We had a Verizon circuit problem and no one >> >> > on >> >> > that >> >> > segment could login. I have two DNS servers at one of the remote >> >> > sites >> >> > that >> >> > handles DNS for the entire domain. How can I avoid a situation like >> >> > this >> >> > should it happen again in the future? DNS caching? Thanks for your >> >> > help. >>

Re: DNS issue obnetadmin 5/30/2007 1:07:03 PM The two remote DNS servers point to public DNS forwarders. Do I need to point my remote DC's to the forwarding DNS servers or the two inside DNS servers? "Michael Dragone" wrote: [Quoted Text] > If all of your domain controllers are running DNS and all of your DNS zones > are Active Directory-integrated, then yes, ideally clients on each segment > should look to their nearest DNS server to resolve queries. > > Before you change this make sure that Active Directory has replicated all > the DNS data out to the new DNS servers. > > Also, how do you have your DNS servers configured to resolve queries for > Internet domain names? > > "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > news:0D49E1BB-D58D-4EF3-AE8E-ADC616124F2B[ at ]microsoft.com... > > It is a 2003 domain. All of the remote DC's are running DNS. Do I just > > need > > to change the DHCP scope for each IP segment so that local DNS server > > takes > > precedence over the other two? > > > > "Michael Dragone" wrote: > > > >> Is this a 2000 or 2003 domain? > >> > >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > >> news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... > >> > Michael- > >> > All the remote servers are DC's (as well as file and print). Do I just > >> > need > >> > to install DNS as AD integrated? Should I point them to any other > >> > server > >> > for > >> > forwarding? Thanks for the quick response. > >> > > >> > Sean > >> > > >> > "Michael Dragone" wrote: > >> > > >> >> You would want to put a DNS server at each location that you want to > >> >> protect > >> >> from this type of outage. Likewise, you'll need to place domain > >> >> controllers > >> >> in these locations as well! > >> >> > >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > >> >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... > >> >> >I have a single AD domain spread across several locations with T1 > >> >> >links > >> >> >back > >> >> > to our Admin building. We had a Verizon circuit problem and no one > >> >> > on > >> >> > that > >> >> > segment could login. I have two DNS servers at one of the remote > >> >> > sites > >> >> > that > >> >> > handles DNS for the entire domain. How can I avoid a situation like > >> >> > this > >> >> > should it happen again in the future? DNS caching? Thanks for your > >> >> > help. > >> >

Re: DNS issue "Michael Dragone" <no.e-mail=less_spam> 5/30/2007 1:30:09 PM I would point them to your public DNS forwarders. Just to recap - You have a single 2003 Active Directory domain with Active Directory-integrated DNS zones. You have X locations, each with a T1 link back to HQ. Each location now has at least one domain controller and at least one DNS server. Clients at each location receive their nearest DNS server via DHCP. All DNS servers have one or more forwarders configured to resolve Internet domain names. Right? You'll also want to review the TechNet documentation on Global Catalog server placement. Since you have a single Active Directory domain you won't be that GC reliant unless you're running a GC heavy application such as Exchange. Regardless, consider making all your DCs Global Catalog servers or enabling Universal Group Membership caching. See http://technet2.microsoft.com/windowsserver/en/library/0e4d2466-68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true for details. "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message news:2B4A3564-EEC8-4597-9189-A809EF03E933[ at ]microsoft.com... [Quoted Text] > The two remote DNS servers point to public DNS forwarders. Do I need to > point > my remote DC's to the forwarding DNS servers or the two inside DNS > servers? > > "Michael Dragone" wrote: > >> If all of your domain controllers are running DNS and all of your DNS >> zones >> are Active Directory-integrated, then yes, ideally clients on each >> segment >> should look to their nearest DNS server to resolve queries. >> >> Before you change this make sure that Active Directory has replicated all >> the DNS data out to the new DNS servers. >> >> Also, how do you have your DNS servers configured to resolve queries for >> Internet domain names? >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> news:0D49E1BB-D58D-4EF3-AE8E-ADC616124F2B[ at ]microsoft.com... >> > It is a 2003 domain. All of the remote DC's are running DNS. Do I just >> > need >> > to change the DHCP scope for each IP segment so that local DNS server >> > takes >> > precedence over the other two? >> > >> > "Michael Dragone" wrote: >> > >> >> Is this a 2000 or 2003 domain? >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> >> news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... >> >> > Michael- >> >> > All the remote servers are DC's (as well as file and print). Do I >> >> > just >> >> > need >> >> > to install DNS as AD integrated? Should I point them to any other >> >> > server >> >> > for >> >> > forwarding? Thanks for the quick response. >> >> > >> >> > Sean >> >> > >> >> > "Michael Dragone" wrote: >> >> > >> >> >> You would want to put a DNS server at each location that you want >> >> >> to >> >> >> protect >> >> >> from this type of outage. Likewise, you'll need to place domain >> >> >> controllers >> >> >> in these locations as well! >> >> >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in >> >> >> message >> >> >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... >> >> >> >I have a single AD domain spread across several locations with T1 >> >> >> >links >> >> >> >back >> >> >> > to our Admin building. We had a Verizon circuit problem and no >> >> >> > one >> >> >> > on >> >> >> > that >> >> >> > segment could login. I have two DNS servers at one of the remote >> >> >> > sites >> >> >> > that >> >> >> > handles DNS for the entire domain. How can I avoid a situation >> >> >> > like >> >> >> > this >> >> >> > should it happen again in the future? DNS caching? Thanks for >> >> >> > your >> >> >> > help.

Re: DNS issue obnetadmin 5/30/2007 2:13:02 PM I have 3 root DC's at our main location which are also GC's for the entire domain. The Exchange server resides there as well. Would making every remote DC a GC create any overkill? Currently alll remote DC's point to the two remote DNS servers and then they forward to the public DNS servers. Your saying I should setup the public DNS forwarders on all DC'S? "Michael Dragone" wrote: [Quoted Text] > I would point them to your public DNS forwarders. > > Just to recap - You have a single 2003 Active Directory domain with Active > Directory-integrated DNS zones. You have X locations, each with a T1 link > back to HQ. Each location now has at least one domain controller and at > least one DNS server. Clients at each location receive their nearest DNS > server via DHCP. All DNS servers have one or more forwarders configured to > resolve Internet domain names. Right? > > You'll also want to review the TechNet documentation on Global Catalog > server placement. Since you have a single Active Directory domain you won't > be that GC reliant unless you're running a GC heavy application such as > Exchange. Regardless, consider making all your DCs Global Catalog servers or > enabling Universal Group Membership caching. > > See > http://technet2.microsoft.com/windowsserver/en/library/0e4d2466-68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true > for details. > > "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > news:2B4A3564-EEC8-4597-9189-A809EF03E933[ at ]microsoft.com... > > The two remote DNS servers point to public DNS forwarders. Do I need to > > point > > my remote DC's to the forwarding DNS servers or the two inside DNS > > servers? > > > > "Michael Dragone" wrote: > > > >> If all of your domain controllers are running DNS and all of your DNS > >> zones > >> are Active Directory-integrated, then yes, ideally clients on each > >> segment > >> should look to their nearest DNS server to resolve queries. > >> > >> Before you change this make sure that Active Directory has replicated all > >> the DNS data out to the new DNS servers. > >> > >> Also, how do you have your DNS servers configured to resolve queries for > >> Internet domain names? > >> > >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > >> news:0D49E1BB-D58D-4EF3-AE8E-ADC616124F2B[ at ]microsoft.com... > >> > It is a 2003 domain. All of the remote DC's are running DNS. Do I just > >> > need > >> > to change the DHCP scope for each IP segment so that local DNS server > >> > takes > >> > precedence over the other two? > >> > > >> > "Michael Dragone" wrote: > >> > > >> >> Is this a 2000 or 2003 domain? > >> >> > >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message > >> >> news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... > >> >> > Michael- > >> >> > All the remote servers are DC's (as well as file and print). Do I > >> >> > just > >> >> > need > >> >> > to install DNS as AD integrated? Should I point them to any other > >> >> > server > >> >> > for > >> >> > forwarding? Thanks for the quick response. > >> >> > > >> >> > Sean > >> >> > > >> >> > "Michael Dragone" wrote: > >> >> > > >> >> >> You would want to put a DNS server at each location that you want > >> >> >> to > >> >> >> protect > >> >> >> from this type of outage. Likewise, you'll need to place domain > >> >> >> controllers > >> >> >> in these locations as well! > >> >> >> > >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in > >> >> >> message > >> >> >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... > >> >> >> >I have a single AD domain spread across several locations with T1 > >> >> >> >links > >> >> >> >back > >> >> >> > to our Admin building. We had a Verizon circuit problem and no > >> >> >> > one > >> >> >> > on > >> >> >> > that > >> >> >> > segment could login. I have two DNS servers at one of the remote > >> >> >> > sites > >> >> >> > that > >> >> >> > handles DNS for the entire domain. How can I avoid a situation > >> >> >> > like > >> >> >> > this > >> >> >> > should it happen again in the future? DNS caching? Thanks for > >> >> >> > your > >> >> >> > help. >

Re: DNS issue "Michael Dragone" <no.e-mail=less_spam> 5/30/2007 2:26:36 PM I would make them all GCs, but again - take a look at the TechNet document that I posted a link to earlier so you understand the design implications. I would setup the public forwarders on all the DNS servers only to save a hop during name resolution (from remote site->main location->forwarder vs. remote stie->forwarder). "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message news:5F1FAF4F-5270-4264-A6B5-8FF44A6160C3[ at ]microsoft.com... [Quoted Text] >I have 3 root DC's at our main location which are also GC's for the entire > domain. The Exchange server resides there as well. Would making every > remote > DC a GC create any overkill? Currently alll remote DC's point to the two > remote DNS servers and then they forward to the public DNS servers. Your > saying I should setup the public DNS forwarders on all DC'S? > > "Michael Dragone" wrote: > >> I would point them to your public DNS forwarders. >> >> Just to recap - You have a single 2003 Active Directory domain with >> Active >> Directory-integrated DNS zones. You have X locations, each with a T1 link >> back to HQ. Each location now has at least one domain controller and at >> least one DNS server. Clients at each location receive their nearest DNS >> server via DHCP. All DNS servers have one or more forwarders configured >> to >> resolve Internet domain names. Right? >> >> You'll also want to review the TechNet documentation on Global Catalog >> server placement. Since you have a single Active Directory domain you >> won't >> be that GC reliant unless you're running a GC heavy application such as >> Exchange. Regardless, consider making all your DCs Global Catalog servers >> or >> enabling Universal Group Membership caching. >> >> See >> http://technet2.microsoft.com/windowsserver/en/library/0e4d2466-68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true >> for details. >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> news:2B4A3564-EEC8-4597-9189-A809EF03E933[ at ]microsoft.com... >> > The two remote DNS servers point to public DNS forwarders. Do I need to >> > point >> > my remote DC's to the forwarding DNS servers or the two inside DNS >> > servers? >> > >> > "Michael Dragone" wrote: >> > >> >> If all of your domain controllers are running DNS and all of your DNS >> >> zones >> >> are Active Directory-integrated, then yes, ideally clients on each >> >> segment >> >> should look to their nearest DNS server to resolve queries. >> >> >> >> Before you change this make sure that Active Directory has replicated >> >> all >> >> the DNS data out to the new DNS servers. >> >> >> >> Also, how do you have your DNS servers configured to resolve queries >> >> for >> >> Internet domain names? >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in message >> >> news:0D49E1BB-D58D-4EF3-AE8E-ADC616124F2B[ at ]microsoft.com... >> >> > It is a 2003 domain. All of the remote DC's are running DNS. Do I >> >> > just >> >> > need >> >> > to change the DHCP scope for each IP segment so that local DNS >> >> > server >> >> > takes >> >> > precedence over the other two? >> >> > >> >> > "Michael Dragone" wrote: >> >> > >> >> >> Is this a 2000 or 2003 domain? >> >> >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in >> >> >> message >> >> >> news:7FD1C5F2-1E69-4BEA-B49C-7B6B0BFDBB0E[ at ]microsoft.com... >> >> >> > Michael- >> >> >> > All the remote servers are DC's (as well as file and print). Do I >> >> >> > just >> >> >> > need >> >> >> > to install DNS as AD integrated? Should I point them to any other >> >> >> > server >> >> >> > for >> >> >> > forwarding? Thanks for the quick response. >> >> >> > >> >> >> > Sean >> >> >> > >> >> >> > "Michael Dragone" wrote: >> >> >> > >> >> >> >> You would want to put a DNS server at each location that you >> >> >> >> want >> >> >> >> to >> >> >> >> protect >> >> >> >> from this type of outage. Likewise, you'll need to place domain >> >> >> >> controllers >> >> >> >> in these locations as well! >> >> >> >> >> >> >> >> "obnetadmin" <obnetadmin[ at ]discussions.microsoft.com> wrote in >> >> >> >> message >> >> >> >> news:83E254DE-3C04-43CB-8341-A25EAF0AB825[ at ]microsoft.com... >> >> >> >> >I have a single AD domain spread across several locations with >> >> >> >> >T1 >> >> >> >> >links >> >> >> >> >back >> >> >> >> > to our Admin building. We had a Verizon circuit problem and no >> >> >> >> > one >> >> >> >> > on >> >> >> >> > that >> >> >> >> > segment could login. I have two DNS servers at one of the >> >> >> >> > remote >> >> >> >> > sites >> >> >> >> > that >> >> >> >> > handles DNS for the entire domain. How can I avoid a situation >> >> >> >> > like >> >> >> >> > this >> >> >> >> > should it happen again in the future? DNS caching? Thanks for >> >> >> >> > your >> >> >> >> > help. >>