Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ADI DNS wisdom needed! 1

Status
Not open for further replies.
Bullnuts

Bullnuts

MIS
Aug 28, 2002
30
CA
ADI DNS issue,

I have 3 locations, Site X (300 Users), Site Y(25 Users), and Site Z(15 Users) that are connected via Dedicated VPN/T1 connections. This is a 2003 Server R2 network which all sites are part of xyz.com (no child domains). All sites login to the same domain. Site X is Forrest Root. Each Site has a DC which is also an ADI DNS SVR and GC. Site X DNS points to itself then ISP. Site Y and Z DNS points to Local DC ADI DNS then to Site X. I have configured AD sites and services correctly with the servers in the proper sites and Subnets tied to its corresponding site. Authentication is working well. I am looking for recommendations on DNS config. Since all 3 DC are ADI DNS should I setup Zone transfers between them or will ADI DNS take care of that? In testing if I uncheck zone transfers the SOA sn does not catch up to the Site X, which in theory means I would have to setup zone transfers between these DC’s..? Maybe one of you DNS guru’s could come up with a better suggestion for DNS structure as this is one dept where I am still learning….keeping in mind that I would like to keep the Network structure I have. Right now WINS is the only thing saving my ass and I would like to phase it out eventually,
Best Regards,
NT guy
 
Sort by date Sort by votes
Your setup seems fine, it's as per best practice. However with ADI you don't need to configure any zone transfers, that's done through AD. You can easily test if the transfers are working by just creating a test A record in each site and checking to see it replicates to all sites, if it does you know it's working, if it doesn't check the DNS event log on the DCs.
 
Upvote 0 Downvote
Thanks again for the tips, I now have a much better grasp on ADI DNS. Problem ended up being that I was receiving a DNS event 4515, 4004 and some KCC events on one of my DC’s due to the fact I jumped the gun on when AD replication was taking place and had some Duplicate DNS partitions created in the directory, which it does not like!

Basically read up MS article 867464, posted some forms and decided to delete all broken ADI zones that got created with the replication set to “all domain controllers in the AD domain, XYZ.com”. Then used ADSIedit to confirm the zone got deleted from the CN=MicrosoftDNS zone in DC=XYZ,DC=com. Next I forced replication to all DC’s and the old ForestDNSZones reappeared in the replication mode “to all DNS server in the AD forest XYZ.com”

Dcdiag /test:dns was still failing on Root hint errors, so I simply removed the root hints zone under CN=MicrosoftDNSZone and then copied them back from a known working DC and rerun the test. It passed all with success!.

Later,
se
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
11K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top