Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS questions

Status
Not open for further replies.
adriandan

adriandan

MIS
Dec 7, 2004
31
US
I have 2 locations as follows:
Florida - Server 2000 with DNS Active Directory Integrated
California - Server 2003 with NDS ADI
I need to know how to forward the DNS settings to each other for a better response time.
Does anyone know how to connect both domanins for a faster time? Thank you in advance...
 
Sort by date Sort by votes
Adrian, we need more information about your situation. For example:

Are your current servers linked in any way at the moment?

Are your zones AD-integrated or not? Is one of the servers the primary and the other a secondary for the zone data?

What sort of queries do you want to speed up? Queries for in-house name resolutions or internet-wide resolutions?

What sort of response time do you get now?

If you make the servers both forward to each other, you may get faster response times at first, but I think you are likely to generate a whole lot of excess traffic (a resolution loop) that would leave you worse off for having tried it.

ShackDaddy
 
Upvote 0 Downvote
ShackDaddy,

Thank you for your response. I have both server as AD-Integrated and they are both primary. I wouldlike Internet-wide resolution since we are far apart. Is there a link where it can tell me how to do it step by step or I am dreaming!!! If there will be a resolution loop - as per your statement - then what willbe the best course? At this time the only connection I have the the Firewall VPN site to site but it is slow. Please advise. Thank you
 
Upvote 0 Downvote
and i gather that both DCs are of the same domain???
or forest?

Aftertaf

I just want something I can never have...
 
Upvote 0 Downvote
Aftertaf,

No there are not. They are in different domains..
 
Upvote 0 Downvote
If I understand, your intent is to have faster traffic between your two offices, correct?

Depending on how much traffic there is (without putting a monitor on the line -- how many users are there in each location and what kind of applications are you using back and forth? or one way?)

Also, what's your connection speed at each end? If you have ADSL the outbound data is going to be pretty slow compared to the inbound... you may want to consider a second DSL line, or if you're lucky enough to be in the areas that are starting to get Fiber Optic Internet, then go for that! (Lots of info about connection speeds and reliable ISPs is at

Just a guess, though, you are most likely wanting to put in a Point to Point VPN tunnel -- which if connected by the proper hardware at each end, you'll avoid any extraneous traffic running through your network such as you described above. Your original question about DNS actually has very little to do with it, unless you are using Domain Names instead of IP addresses to make your connection. If these are permanent connections... they should be done with IP addresses and then DNS is moot except for building the trust between the domains... then they will replicate the permissions at each location.

There isn't a lot of traffic involved in that... and it's sticky -- it caches for awhile so the whole AD doesn't transfer every time someone is trying to authenticate.

If you want a good overview article, take a look at this:
Plus you'll also find a lot of info back at BroadbandReports regarding VPN hardware that users who may be in a very similar situation as you have experience with:


Good luck!

Jeff
TechSoEasy
 
Upvote 0 Downvote
TechSoEasy

Thank you for the info. The speed is not an issue. I have a full T1 and half of T1 at the other office. Faster traffic is what I am looking for at this time...
 
Upvote 0 Downvote
Adriandan, what you might be needing isn't so much an increase in DNS resolution speed as some sort of proxy-caching of web content. That's where the real slowdowns come.

But let's start with DNS. Is each of the DNS servers able to make independent recursive queries to the outside, or do all queries get routed through a single server? If the latter is the case, I would expect to see slower resolution at one of your sites for new requests but fairly quick resolution for anything that's been cached. The way to get the fastest DNS resolutions is to allow each server to make its own. A T-1 is fast, but if you are using a VPN to carry the traffic over that T-1, you really have a much slower connection. If security requires that you have one office only access the internet through the VPN, then setting up a caching server in the network furthest from the VPN is probably the best idea.

If you aren't currently doing any content caching, then you may be resolving names quickly but waiting forever for pages to load. That's what a proxy/caching server is good for. You may be able to fire up ISA server on one of your DC's just for the caching component or, better, set it up as a separate server at each site and configure all the local browsers to point to it as a proxy server.

Another avenue to look at is to analyze the content filter at your site, if there is one, and make sure that it is as streamlined in its evaluation algorithms as possible.

ShackDaddy
 
Upvote 0 Downvote
ShackDaddy,

Thank you for the info. I will look into it and make the right changes. Thank you again.
 
Upvote 0 Downvote
ShackDaddy,

Here's what I have at this time. There is a Group VPN enabled on both of the firewalls (Sonicwall). I have the VPN Client software installed on the client machines. They are able to logon to my domain and we are able to logon to their domain meaning that everything is in order.However when I am login on trying to to access a certain drive, or any drive, it takes 2-3 minutes to open. I have been told that DNS needs to be adjusted so that both domains will trust each other. Can you agree on this?
 
Upvote 0 Downvote
Let me start by saying that I assume that when you say "domain" and "trust" you are talking about a Microsoft Active Directory domain. If not, then what I'll say next won't apply.

Trust is not determined by DNS. That is determined by settings in the Active Directory. You need to use the Active Directory Domains and Trusts tool to create trusts between your two domains. For this to work at all though, the domains need to be able to query each other's DNS zones and to make this go smoothly, I would configure each DC with a stub zone that refers to the other domain's DNS server.

For more information on stub zones, search for the phrase "understanding stub zones." Once the simple stub zones are in place, your servers will have a much easier time talking to each other and you can work out any trust issues that may be slowing things down for you.

ShackDaddy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
977
suncit
suncit
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
900
fredmartinmaine
fredmartinmaine
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
448
telecotek1
telecotek1
Shimness
  • Locked
  • Question
Hyper-V Server Build Questions
Replies
6
Views
392
technome
technome
evr72
  • Locked
  • Question
Wundows Server 2003 DNS can resolve names but not ip addresses
Replies
0
Views
198
evr72
evr72

Part and Inventory Search

Sponsor

Back
Top