Active Directory Clients w/ DDNS

Discussion in 'Microsoft Windows 2000 DNS' started by JohnF, Dec 29, 2003.

  1. JohnF

    JohnF Guest

    Hello,
    We are considering using non Windows DNS servers on our
    network. It was suggested that the Dynamic update for DNS
    not be enabled on the clients. On the client side if we
    Uncheck the "register this connections address in DNS" in
    the advanced properties of TCP/IP, will this have a
    negative effect in Active Directory if we are not using
    Dymanic DNS?
    Thanks,

    John
     
    JohnF, Dec 29, 2003
    #1
    1. Advertisements

  2. In news:085e01c3ce31$80b8f430$,
    JohnF <> posted a question
    Then Kevin replied below:
    : Hello,
    : We are considering using non Windows DNS servers on our
    : network. It was suggested that the Dynamic update for DNS
    : not be enabled on the clients. On the client side if we
    : Uncheck the "register this connections address in DNS" in
    : the advanced properties of TCP/IP, will this have a
    : negative effect in Active Directory if we are not using
    : Dymanic DNS?
    : Thanks,
    :
    : John

    If you want to remotely administer your clients it will be a problem. But
    it is not a requirement for clients to register in DNS. It is a requirement
    for DCs to register in DNS, and if you do not use a DDNS for the DCs you
    will have to manually create a lot of records to locate the DC and
    especially global catalogs. Every member and client must be able to locate
    the Global Catalog or logon will be impossible.
    Most everyone here will suggest you keep your AD domain zone on your Win2k
    DC, AD Integrated zones are much more secure and you can only have ADI zones
    on a DC.
    You can however use your non-windows DNS as a forwarder to act as a local
    caching DNS for your network. If they are using BIND DNS it can help speed
    up resolution for frequently accessed external sites because the default
    maximum cache TTL for BIND DNS is seven days where MS DNS Max cache TTL is
    one day.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], Dec 29, 2003
    #2
    1. Advertisements

  3. JohnF

    Guest Guest

    Thanks Kevin,
    That does help


    >-----Original Message-----
    >In news:085e01c3ce31$80b8f430$,
    >JohnF <> posted a

    question
    >Then Kevin replied below:
    >: Hello,
    >: We are considering using non Windows DNS servers on our
    >: network. It was suggested that the Dynamic update for

    DNS
    >: not be enabled on the clients. On the client side if we
    >: Uncheck the "register this connections address in DNS"

    in
    >: the advanced properties of TCP/IP, will this have a
    >: negative effect in Active Directory if we are not using
    >: Dymanic DNS?
    >: Thanks,
    >:
    >: John
    >
    >If you want to remotely administer your clients it will

    be a problem. But
    >it is not a requirement for clients to register in DNS.

    It is a requirement
    >for DCs to register in DNS, and if you do not use a DDNS

    for the DCs you
    >will have to manually create a lot of records to locate

    the DC and
    >especially global catalogs. Every member and client must

    be able to locate
    >the Global Catalog or logon will be impossible.
    >Most everyone here will suggest you keep your AD domain

    zone on your Win2k
    >DC, AD Integrated zones are much more secure and you can

    only have ADI zones
    >on a DC.
    >You can however use your non-windows DNS as a forwarder

    to act as a local
    >caching DNS for your network. If they are using BIND DNS

    it can help speed
    >up resolution for frequently accessed external sites

    because the default
    >maximum cache TTL for BIND DNS is seven days where MS DNS

    Max cache TTL is
    >one day.
    >
    >
    >--
    >Best regards,
    >Kevin D4 Dad Goodknecht Sr. [MVP]
    >Hope This Helps
    >============================
    >--
    >When responding to posts, please "Reply to Group" via

    your
    >newsreader so that others may learn and benefit from your

    issue.
    >To respond directly to me remove the nospam. from my

    email.
    >==========================================
    > http://www.lonestaramerica.com/
    >==========================================
    >Use Outlook Express?... Get OE_Quotefix:
    >It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    >==========================================
    >Keep a back up of your OE settings and folders with
    >OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    >==========================================
    >
    >
    >.
    >
     
    Guest, Dec 29, 2003
    #3
  4. JohnF

    Herb Martin Guest

    To add to what Kevin said: Don't do it without Dynamic DNS.

    While technically possible, it is practically unworkable.

    Clients include DCs and these (for all practical purposes) MUST register
    dynamically with DNS for many reasons beyond initial setup (moving DCs,
    site definitions, GCs etc.)

    So, yes, you can register all WORKSTATION "clients" manually but you
    don't want to register DC CLIENTS that way.

    Use Microsoft DNS if at all possible -- it is actually better for an
    internal
    Microsoft based network. (Really -- I use BIND for other purposes sometimes
    and am quite willing to tell you when Non-MS is better or when MS is
    better.)

    --
    Herb Martin
    <> wrote in message
    news:01a801c3ce37$36aa4f00$...
    > Thanks Kevin,
    > That does help
    >
    >
    > >-----Original Message-----
    > >In news:085e01c3ce31$80b8f430$,
    > >JohnF <> posted a

    > question
    > >Then Kevin replied below:
    > >: Hello,
    > >: We are considering using non Windows DNS servers on our
    > >: network. It was suggested that the Dynamic update for

    > DNS
    > >: not be enabled on the clients. On the client side if we
    > >: Uncheck the "register this connections address in DNS"

    > in
    > >: the advanced properties of TCP/IP, will this have a
    > >: negative effect in Active Directory if we are not using
    > >: Dymanic DNS?
    > >: Thanks,
    > >:
    > >: John
    > >
    > >If you want to remotely administer your clients it will

    > be a problem. But
    > >it is not a requirement for clients to register in DNS.

    > It is a requirement
    > >for DCs to register in DNS, and if you do not use a DDNS

    > for the DCs you
    > >will have to manually create a lot of records to locate

    > the DC and
    > >especially global catalogs. Every member and client must

    > be able to locate
    > >the Global Catalog or logon will be impossible.
    > >Most everyone here will suggest you keep your AD domain

    > zone on your Win2k
    > >DC, AD Integrated zones are much more secure and you can

    > only have ADI zones
    > >on a DC.
    > >You can however use your non-windows DNS as a forwarder

    > to act as a local
    > >caching DNS for your network. If they are using BIND DNS

    > it can help speed
    > >up resolution for frequently accessed external sites

    > because the default
    > >maximum cache TTL for BIND DNS is seven days where MS DNS

    > Max cache TTL is
    > >one day.
    > >
    > >
    > >--
    > >Best regards,
    > >Kevin D4 Dad Goodknecht Sr. [MVP]
    > >Hope This Helps
    > >============================
    > >--
    > >When responding to posts, please "Reply to Group" via

    > your
    > >newsreader so that others may learn and benefit from your

    > issue.
    > >To respond directly to me remove the nospam. from my

    > email.
    > >==========================================
    > > http://www.lonestaramerica.com/
    > >==========================================
    > >Use Outlook Express?... Get OE_Quotefix:
    > >It will strip signature out and more
    > > http://home.in.tum.de/~jain/software/oe-quotefix/
    > >==========================================
    > >Keep a back up of your OE settings and folders with
    > >OEBackup:
    > > http://www.oehelp.com/OEBackup/Default.aspx
    > >==========================================
    > >
    > >
    > >.
    > >
     
    Herb Martin, Dec 29, 2003
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Herb Martin

    Re: make my own ddns for my two clients?

    Herb Martin, Jul 2, 2003, in forum: Microsoft Windows 2000 DNS
    Replies:
    1
    Views:
    710
  2. Thanassis Stathopoulos

    DDNS Windows clients, W2k, W2k3 and DDNS/DHCP interaction

    Thanassis Stathopoulos, Aug 12, 2003, in forum: Microsoft Windows 2000 DNS
    Replies:
    2
    Views:
    3,548
    Ivan Sheng
    Aug 12, 2003
  3. Kevin D. Goodknecht Sr. [MVP]

    Re: How to setup DDNS in Windows 2000 server without Active Directory?

    Kevin D. Goodknecht Sr. [MVP], Jul 14, 2004, in forum: Microsoft Windows 2000 DNS
    Replies:
    15
    Views:
    383
    Kevin D. Goodknecht Sr. [MVP]
    Jul 17, 2004
  4. Ace Fekay [MVP]

    Re: How to setup DDNS in Windows 2000 server without Active Directory?

    Ace Fekay [MVP], Jul 15, 2004, in forum: Microsoft Windows 2000 DNS
    Replies:
    4
    Views:
    254
    Ace Fekay [MVP]
    Jul 16, 2004
  5. Duncan

    Active Directory DDNS security delegation question

    Duncan, Sep 6, 2005, in forum: Microsoft Windows 2000 DNS
    Replies:
    2
    Views:
    230
    Duncan
    Sep 8, 2005
Loading...

Share This Page