DNS Server Questions

[bombergirl]

Hi:

Need some advise on this, I am not very sure whether it can be done or not.
My client has proposed setting up 3 AD servers (windows 2003 servers) at different locations. All 3 servers will be Global catalogue. However they are not going to use the DNS server in AD, they propose using a DNS server that is currently running as a standalone Windows 2003 server.Is it possible to do that? I mean how is the client going to login without using the AD DNS server?

Help is needed. Thanks

 

[aftertaf]

they CAN use a member server as DNS, but it is a greater network burden and security risk.

plus, they'll have 3 sites, it is not a good idea to do things that way...
tell them this!!


Aftertaf

"Solutions are not the answer." - Richard Nixon

 

[bombergirl]

the thing is this DNS server that they propose, is not going to be even set up as a member server. It will be just a standalone DNS server.

Thanks aftertaf for your reply

 

[aftertaf]

in theory it is possible...

but it may well be a headache to administer after...

curious as to why they choose such a way of doing things...

Aftertaf

"Solutions are not the answer." - Richard Nixon

 

[bombergirl]

if it is possible how do i do that? Care to explain?

Well, the reason given is, they don't want to have too many DNS servers.

 

[aftertaf]

if they use AD-integrated dns servers, its not exactly a huge burden on the machines and it'll reduce a whole lot the network traffic intersite.

and it'll make the whole IP setup more secure because not just anyone can add host records, (only verified domain members) and replication occurs via AD replication, so encrypted and compressed between sites.

tell them it is possible to do what they want, but it is really not recommended from a network usage point of view, and a security one...

and it'll need to accept dynamic updates from anyone!

Aftertaf

"Solutions are not the answer." - Richard Nixon

 

[GlenJohnson]

In theory what you want to do will work, but the network will be so slow, the users will tell you it's not working. Everybody going to one dns server for name resolution will be just to much work on the one server. All servers need to be ad dns servers to make the network run efficiently. Good luck.

Glen A. Johnson
Johnson Computer Consulting

 

[bombergirl]

Hi Thanks for your reply, appreciate it.
But I would like to know, if it is possible to do it, how do i go about doing this? Do i all a forwarder to the standalone DNS server and point to my AD server?

 

[Andreh]

Hi Bombergirl,

I am an engineer in Australia working for a customer who are running a MS AD Domain, Citrix Metaframe XP and Novell 6.5 domain using a Windows 2K DNS server that is a member of it's own workgroup.

I won't go into the reasons why this has been done (Was a Novell network that grew in an unplanned manner by someone else) as i am looking to integrate DNS into AD at the moment, but it works fine. The DNS server is a standard primary. It is a bit of a hassle as records here are created manually but as long as they are in the DNS (the records) and the clients have the correct DNS server settings there is no reason 'name resolution' won't occur.

Goodluck

"Assumption is the mother of all f#%kups!