Just to confirm

[Matt Anderson]

"Lanwench [MVP - Exchange]"
message

My internal DNS server doesn't go down unless I take it down, generally
speaking, and I don't do that during business hours. See Kevin's reply
as
well - you can set up your networks as you like, but you aren't doing
it
properly if you use your ISP's DNS servers on any server or client on
your
network, and I assure you that this *does* cause problems.

Leythos, feel free to configure your network as you like, but you'll be
better off in the long run if you follow teh suggestions in this thread.
Best of luck to you : ).

Matt, and others - I agree with the above. It's definitely not the MS
way, not the approved MS way, but, the entire point of the conversation
was for me to learn WHAT PROBLEMS this setup causes. I've read one post
that described a number of issues with resolution of DNS if there is an
internal problem. I duplicated the DNS problem and when recovered it did
not exhibit the described problem.

My entire interest in this thread is only to learn about the problem,
not the proper MS way of configuring it, and to learn about what impact
it can have on my network. Based on everyone's comments I should be able
to see problems, but I'm unable to see them, and the domain requests do
not leave the local network (I would see them in the firewall logs if
they did).

So, here's a question for you: Have you tried it exactly like I describe
and seen the problem on YOUR networks? I'm not talking about some text-
book lab example, I'm talking about a network with 50+ active nodes and
multiple servers.

Yes, you'll see slow logons, and if you're not allowing cached credentials
even failed logons. Take your DC down (all of them) and try to log on the
network. You may find it take a long time to build the domain list and
other issues. I understand your post now, I hope this helps.

matt

 

[Leythos]

Yes, you'll see slow logons, and if you're not allowing cached credentials
even failed logons. Take your DC down (all of them) and try to log on the
network. You may find it take a long time to build the domain list and
other issues. I understand your post now, I hope this helps.

Thanks Matt, that was what I was trying to determine from all of this. I
appreciate you wading through my replies.

 

[Matt Anderson]

Thanks Matt, that was what I was trying to determine from all of this. I
appreciate you wading through my replies.

Glad to help!

Matt

 

[Lanwench [MVP - Exchange]]

Matt, and others - I agree with the above. It's definitely not the MS
way, not the approved MS way, but, the entire point of the
conversation was for me to learn WHAT PROBLEMS this setup causes.
I've read one post that described a number of issues with resolution
of DNS if there is an internal problem. I duplicated the DNS problem
and when recovered it did not exhibit the described problem.

I repeat - you've been lucky.

My entire interest in this thread is only to learn about the problem,
not the proper MS way of configuring it, and to learn about what
impact it can have on my network. Based on everyone's comments I
should be able to see problems, but I'm unable to see them, and the
domain requests do not leave the local network (I would see them in
the firewall logs if they did).

So, here's a question for you: Have you tried it exactly like I
describe and seen the problem on YOUR networks? I'm not talking about
some text- book lab example, I'm talking about a network with 50+
active nodes and multiple servers.

I wouldn't dream of trying it. I don't see the point, when setting it up in
'textbook fashion' works as well as it does. If your internal DNS servers
are falling down going boom on their own all the time, that's another story!

But again, to each his own.

 

[Leythos]

I wouldn't dream of trying it. I don't see the point, when setting it up in
'textbook fashion' works as well as it does. If your internal DNS servers
are falling down going boom on their own all the time, that's another story!

But again, to each his own.

But this is what separates the brave, or sometimes stupid (not meaning
you) from the rest of the world. I started working with DNS on Windows
before I could find a good paper on it and before MS provided clear
papers on it. The setups have been working for many years with nothing
to report on as problems.

I've learned a couple things, and don't take this wrong, I love the
Windows platform, have many of them and make a living from them, but
there is this old saying "There is the right way, the wrong way, and the
Microsoft way". In my case, it's not the MS way, but it does not appear
to be the wrong way in actual operation, at least not in any of the
networks I've setup like this.

I'll take everything under consideration, and I've not discounted any of
it, but it's hard to see a reason to change when the current method is
not degrading performance, has been working for years, and does not
cause any unnecessary external traffic.

Thanks for your time.

 

[Ace Fekay [MVP]]

In

But this is what separates the brave, or sometimes stupid (not meaning
you) from the rest of the world. I started working with DNS on Windows
before I could find a good paper on it and before MS provided clear
papers on it. The setups have been working for many years with nothing
to report on as problems.

I've learned a couple things, and don't take this wrong, I love the
Windows platform, have many of them and make a living from them, but
there is this old saying "There is the right way, the wrong way, and
the Microsoft way". In my case, it's not the MS way, but it does not
appear to be the wrong way in actual operation, at least not in any
of the networks I've setup like this.

I'll take everything under consideration, and I've not discounted any
of it, but it's hard to see a reason to change when the current
method is not degrading performance, has been working for years, and
does not cause any unnecessary external traffic.

Thanks for your time.


--

I know this is late and haven't been following the thread, but as everyone's
trying to point out, you've been lucky with your configuration of not having
followed the recommended 'best practices' that everyone is suggesting and
the MS docs suggest.

Honestly, we like to recommend these and all best practices for anyone that
posts for help or suggestions here in these forums. This helps us in helping
them in eliminating the obvious when diagnosing a problem.

Even if you decide to continue your current configuration, with all due
respect, I really hope and ask of you that if you respond to posts here to
help others, that you recommended "best practices", for no matter what sort
of configuration, but especially DNS and AD.

Thank you.

Happy Thanksgiving.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.