Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DC's & DNS
- Thread starter KRPGroup
- Start date
I would generally suggest using Active Directory integrated zones on your DC's with DNS. There are benefits with AD-integrated over using standard primary and secondary zones. The only reason I would usually use standard zones is if I had non-AD-integrated-capable DNS servers in use, and I needed to keep using them.
If you do need to use standard zones, you would have one primary and the rest would be secondary for any given zone. The zone would generally equate with the domain name. Primary gets the updates, and the secondary ones are read only.
HTH,
Jason
If you do need to use standard zones, you would have one primary and the rest would be secondary for any given zone. The zone would generally equate with the domain name. Primary gets the updates, and the secondary ones are read only.
HTH,
Jason
- Thread starter
- #3
I have 2 - 2003 DC and 1 - 2000 server, all clients are XP pro.
How do I tell if the DNS are currently Intergrated.
I was going to delete what I thought to be the secondary DNS zone and I rec'd a warning that all DC with this zone would be deleted so I canceled out. Is this mean I have intergrated zones.?
How do I tell if the DNS are currently Intergrated.
I was going to delete what I thought to be the secondary DNS zone and I rec'd a warning that all DC with this zone would be deleted so I canceled out. Is this mean I have intergrated zones.?
You should be able to see the type of zone under the DNS console, when you open the forward lookup zones folder so that all the zones are shown in the right side of the window. It shows the type of zone as one of the columns.
Why are you deleting a zone? All AD-integrated zones are read/write and are shown as "primary."
HTH,
Jason
Why are you deleting a zone? All AD-integrated zones are read/write and are shown as "primary."
HTH,
Jason
- Thread starter
- #5
I was getting a Event ID 2088
[quote\Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller...... a lot more to the event
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
1ofMyDC's
Failing DNS host name:
454e6b2e-81e5-4966-8980-839c14aa3660._msdcs.MyDomain.com [/quote]
So I was looking at the DNS and was expecting it to be setup as Primary/2ndary but after a closer look each dns was listed as SOA. I thought this was a problem.
After the warning I canceled the delete the zone.
[quote\Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller...... a lot more to the event
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
1ofMyDC's
Failing DNS host name:
454e6b2e-81e5-4966-8980-839c14aa3660._msdcs.MyDomain.com [/quote]
So I was looking at the DNS and was expecting it to be setup as Primary/2ndary but after a closer look each dns was listed as SOA. I thought this was a problem.
After the warning I canceled the delete the zone.
Each DC that runs AD integrated DNS is the SOA for its zone. Look in the _msdcs folder under the forward lookup zone, and see what is shown there for CNAME records for your DC's - are all the DC's listed? Also, make sure that your DC's all have the proper listings for A records and are listed under NS records. The error seems to be saying that one DNS server cannot find the other DNS server for replication, indicating a problem with the DNS record for the DC that cannot be found.
Here is some info that should help:
DNS Requirements for CNAME Lookup Success
Although name resolution in Windows Server 2003 with SP1 is more aggressive at ensuring that replication can occur when a CNAME lookup fails, failure of this method indicates that either the DNS clients or DNS servers are not configured properly. It is important to understand the requirements for successful CNAME lookup and to ensure that DNS is functioning accordingly.
Resolving the fully qualified, GUID-based, CNAME resource record of the source domain controller to the current IP address of the source domain controller requires the following DNS configurations:
1.
In their respective TCP/IP client settings, the source domain controller and destination domain controller must be configured to resolve DNS names by using only valid DNS servers that directly host, forward, or delegate to the following DNS zones:
1.
_msdcs.ForestRootDNSDomainName, to resolve queries for computers in the forest.
2.
The DNS zone that corresponds to the primary DNS suffix of the respective target domain controller, to resolve queries for computers in the domain. (The source domain controller can resolve the domain name of the target domain controller, and the reverse is also true.) The primary DNS suffix is usually the same as the DNS name of the domain to which a computer is joined. You can view the primary DNS suffix in the properties of My Computer.
If the DNS servers that the source domain controller is configured to use for name resolution do not host these zones directly, the DNS servers that are used must forward or delegate to DNS servers that do host these zones.
2.
The source domain controller must have successfully registered the following resource records:
• GUID-based CNAME resource record in the DNS zone _msdcs.ForestRootDNSDomainName
• Host A resource record in the DNS zone that corresponds to its primary DNS suffix
Full link with additional info below. I found this by googling "Event ID 2088"
HTH,
Jason
Here is some info that should help:
DNS Requirements for CNAME Lookup Success
Although name resolution in Windows Server 2003 with SP1 is more aggressive at ensuring that replication can occur when a CNAME lookup fails, failure of this method indicates that either the DNS clients or DNS servers are not configured properly. It is important to understand the requirements for successful CNAME lookup and to ensure that DNS is functioning accordingly.
Resolving the fully qualified, GUID-based, CNAME resource record of the source domain controller to the current IP address of the source domain controller requires the following DNS configurations:
1.
In their respective TCP/IP client settings, the source domain controller and destination domain controller must be configured to resolve DNS names by using only valid DNS servers that directly host, forward, or delegate to the following DNS zones:
1.
_msdcs.ForestRootDNSDomainName, to resolve queries for computers in the forest.
2.
The DNS zone that corresponds to the primary DNS suffix of the respective target domain controller, to resolve queries for computers in the domain. (The source domain controller can resolve the domain name of the target domain controller, and the reverse is also true.) The primary DNS suffix is usually the same as the DNS name of the domain to which a computer is joined. You can view the primary DNS suffix in the properties of My Computer.
If the DNS servers that the source domain controller is configured to use for name resolution do not host these zones directly, the DNS servers that are used must forward or delegate to DNS servers that do host these zones.
2.
The source domain controller must have successfully registered the following resource records:
• GUID-based CNAME resource record in the DNS zone _msdcs.ForestRootDNSDomainName
• Host A resource record in the DNS zone that corresponds to its primary DNS suffix
Full link with additional info below. I found this by googling "Event ID 2088"
http://technet2.microsoft.com/WindowsServer/en/Library/43e6f617-fb49-4bb4-8561-53310219f9971033.mspx
HTH,
Jason
I meant to include in the last post - make sure your DNS settings for your servers are set properly on the TCP/IP settings for the network connection properties.
Jason
Jason
- Thread starter
- #8
- Status