DNS at two sites

[rem.fraserlw at netscape dot net]

We are setting up servers for a hosted backup site. We currently have 2
workgroup servers at the hosted site. For full backup testing I would
like to set up a domain controller for the hosted site using our
companyname.com FQDN, and add the worgoup servers to the domain. Can I
set up DNS on the hosted domain controller using the hosting site DNS
servers? Thanks

 

[Kevin D. Goodknecht Sr. [MVP]]

rem.fraserlw at netscape dot net" <"rem.fraserlw at netscape dot net
wrote:

We are setting up servers for a hosted backup site. We currently
have 2 workgroup servers at the hosted site. For full backup testing
I would like to set up a domain controller for the hosted site using
our companyname.com FQDN, and add the worgoup servers to the domain.
Can I set up DNS on the hosted domain controller using the hosting
site DNS servers?

These servers are hosted at a remote site like at an ISP?
You want the Domain Controller to use the hosting provider's DNS servers
using the publicly available companyname.com name?
I'm not sure you would want to use the publicly available FQDN of your
public domain name because some of the records will cause conflict of
accessing a website that is not on the domain controller.
But then, the picture you have given is still out of focus, so I can't
really tell you if it would work or not. On the face of it I would advise
against it, because it would be easier to use a third level DNS name such as
AD.companyname.com and have the DC host its own DNS zone. Then have the AD
"child" name delegated to the DCs DNS server, where the ad.companyname.com
zone would be located along with the _msdcs.ad.companyname.com zone (Win2k3
default behavior).

 

[rem.fraserlw at netscape dot net]

Thanks for the reply. The server will be running Exchange server,
although the exchange services will only be running if our primary site
is off line through some disaster. The hosting company are like an ISP
in that they are supplying internet access for our hosted backup servers
and any workstations we would set up at their facility in the disaster
scenario. My plan was to try to re-create our current setup for the
backup site, but using the hosting companies DNS. Would this cause any
problems?

 

[Kevin D. Goodknecht Sr. [MVP]]

rem.fraserlw at netscape dot net" <"rem.fraserlw at netscape dot net
wrote:

Thanks for the reply. The server will be running Exchange server,
although the exchange services will only be running if our primary
site
is off line through some disaster. The hosting company are like an
ISP
in that they are supplying internet access for our hosted backup
servers and any workstations we would set up at their facility in
the disaster scenario. My plan was to try to re-create our current
setup for the
backup site, but using the hosting companies DNS. Would this cause
any problems?

One, the hosting company's DNS would need to support the AD domain and
should accept dynamic updates.
Two, I don't understand your thinking, unless you create the DC at the
remote site as a replica DC in the current domain. If you do that then
there's no way to use the hosting company's DNS because the two Domain
Controllers would use the AD DNS to communicate with each other unless the
hosting company hosts your AD zone.

It would be possible to host the remote Exchange at the remote site, but you
have to create a VPN link between the sites so the can replicate with each
other. It would make some sense to have the Exchange server at the hosting
company, but firewalled from the public. Then when users connect to Exchange
they'll be doing it over the high speed link, but still have better access
when accessing it from the internet, because the server will be closer to
the internet trunk.

But setting it up the way you are considering will be an Administrative
nightmare.

 

[rem.fraserlw at netscape dot net]

The only time the exchange server services would be running is when our
primary site was offline (office burnt down or some other disaster). I
phrased my question badly. If I put a domain controller at the backup
site and setup DNS on it using companyname.com forward lookup zone and
the backup sites DNS servers as forwarders, would it cause any problems
with DNS at our primary site (companyname.com forward lookup zone and
our isp's DNS servers as forwarders) I need to recreate our current
setup at the backup site for testing. Hope I'm being clearer and thanks
for your response

 

[Kevin D. Goodknecht Sr. [MVP]]

rem.fraserlw at netscape dot net" <"rem.fraserlw at netscape dot net
wrote:

The only time the exchange server services would be running is when
our primary site was offline (office burnt down or some other
disaster). I phrased my question badly. If I put a domain
controller at the backup
site and setup DNS on it using companyname.com forward lookup zone
and
the backup sites DNS servers as forwarders, would it cause any
problems with DNS at our primary site (companyname.com forward
lookup zone and
our isp's DNS servers as forwarders) I need to recreate our current
setup at the backup site for testing. Hope I'm being clearer and

I still stand by my original reply, it will be an administrative nightmare
unless you promote the remote site as a replica in the current
forest/domain.
If you promote it to be in its own separate domain, you haven't really
created a backup site. It would be a totally different forest and domain
with the same name. No trust can be created between the domains, and members
of one domain are not members of the other domain. They will each reject the
other as being an imposter.

It would make more sense to link the sites by VPN, and promote it as a
replica DC.

 

[rem.fraserlw at netscape dot net]

Thanks. I see your point

rem.fraserlw at netscape dot net" <"rem.fraserlw at netscape dot net
wrote:



I still stand by my original reply, it will be an administrative nightmare
unless you promote the remote site as a replica in the current
forest/domain.
If you promote it to be in its own separate domain, you haven't really
created a backup site. It would be a totally different forest and domain
with the same name. No trust can be created between the domains, and members
of one domain are not members of the other domain. They will each reject the
other as being an imposter.

It would make more sense to link the sites by VPN, and promote it as a
replica DC.