DNS config best practis?

[Ed]

What is the best way to config the DNS servsers and nics
of the domain controllers dns config if I have the
following layout.

Domain 1 in main office1 with dns server1

Domain 2 in remote1 site with dns server2

Domain 3 in remote2 site with dns server3

All computer should point only to the local dns servers in
each site..

All servers except for the dns servers should only point
to local dns servers.

But on the dns servers, should the forwarder on each site
be configured to forward to the other two sites befor they
forward to the internet ? and what of the nic configs on
the dns servers, should any of the other dns server be
added to the dns server lists ?

The goal is that each site should be able accesss the
other sites when browsing the network and "talk" to each
other..


And a bonus question is there a max allowd reply time when
pinging for a domain sync to be able to work ? (I mean if
the ping time to a remote site is 400ms will this cause
sync errors in the forrest? )

Best regards
Edvert

 

[Kevin D. Goodknecht]

In

What is the best way to config the DNS servsers and nics
of the domain controllers dns config if I have the
following layout.

The best setup is one domain serving all sites with a DC and a DNS server at
all sites let AD take care of the replication, that way only a catastrophic
failure at all sites simultaniously would put you down at anyone site.
But you did not give that choice.

Domain 1 in main office1 with dns server1

Domain 2 in remote1 site with dns server2

Domain 3 in remote2 site with dns server3

All computer should point only to the local dns servers in
each site..

All servers except for the dns servers should only point
to local dns servers.

But on the dns servers, should the forwarder on each site
be configured to forward to the other two sites befor they
forward to the internet ? and what of the nic configs on
the dns servers, should any of the other dns server be
added to the dns server lists ?

If internet acces is required then all DNS servers should forward to the
internet.
Then have a secondary for the remote sites in each DNS server then add those
names to the search list. But this will not help Network Neighborhood for
that you need WINS because NEthood uses NetBIOS which has notta to do with
DNS

The goal is that each site should be able accesss the
other sites when browsing the network and "talk" to each
other..

My self with the choices you gave I would publish shares in AD and forget
WINS and browsing. The shares would still be in Nethood in the Directory
provided all machines are WIN2k or later. If any clients are Win9x or NT4
then WINS is your only choice.

And a bonus question is there a max allowd reply time when
pinging for a domain sync to be able to work ? (I mean if
the ping time to a remote site is 400ms will this cause
sync errors in the forrest? )

This should not really be an issue if each of the remote sites has a
secondary zone.

This is not a simple solution and answering to all concerns in one reply
would not be easy because a lot depends on the OS of the clients at each
site. Although, solutions get easier with Win2k and later clients.

 

[Ed]

Thank you Kevin for your answers
on my posts the during the last week.
You made me and a poor techi in singapore and bangkok very
happy

Best regards
Edvert

 

[Kevin D. Goodknecht [MVP]]

In

Thank you Kevin for your answers
on my posts the during the last week.
You made me and a poor techi in singapore and bangkok very
happy

That's a good deal I'm glad to hear I helped you.

 

[Michael Johnston [MSFT]]

Are there indeed 3 different domains in play here or are these one domain? If it's just one domain, then AD replication will
handle syncing all the zones and forwarding to each other will not be necessary. Each DC should point to itself as the primary in
the IP settings and then the DNS server at the main site for secondary.

If these are 3 seperate domains, it gets a bit more complicated. The easiest solution would be to host secondaries of each
domain on each DNS server. For instance, Domain1 would host a primary zone for itself and secondaries for Domains 2 and 3.
Again, only point each DNS server to itself as primary and the DNS server at the main site as secondary. Do not forward to
each other. This will cause looping problems. Only forward to the ISP.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.