DNS Island Question/ contradiction?

[Bill B]

"Windows 2000-based DNS severs should point to themselves for DNS in their
TCP/IP properties. If this server needs to resolve names from its Internet
service provider (ISP),you should configure a forwarder. "

http://support.microsoft.com/defaul...port/kb/articles/Q275/2/78.ASP&NoWebContent=1

I have 2 DCs in a single domain envionrment. both dcs are dns servers. it
has to be this way as none of the other servers in the environment are
available to me for a DC or DNS role.

Forwarders do not matter, as the dns servers are root - its a private
network with no internet access.

The two statements above seem to contradict each other. If I follow the
technote settings and point the second DNS server to the primary one in its
tcp/ip properties i am in contadiction of the first rule of thumb, but if i
follow the first rule of thumb i am in contradiction of the technot.

any suggestions?

 

[Herb Martin]

I have 2 DCs in a single domain envionrment. both dcs are dns servers. it

has to be this way as none of the other servers in the environment are
available to me for a DC or DNS role.

Perfectly fine -- it may even be the BEST choice in general.

Forwarders do not matter, as the dns servers are root - its a private
network with no internet access.

Ok, no problem here either.

"Windows 2000-based DNS severs should point to themselves for DNS in their
TCP/IP properties. If this server needs to resolve names from its Internet
service provider (ISP),you should configure a forwarder. "


The two statements above seem to contradict each other. If I follow the
technote settings and point the second DNS server to the primary one in its
tcp/ip properties i am in contadiction of the first rule of thumb, but if i
follow the first rule of thumb i am in contradiction of the technot.

What "two statements" -- you quote say, "Point to themselves"
which is fine.

BUT since you are using a Primary/Secondary and KNOW therefore
that the Secondary (which is also a DC) will need to send CLIENT
UPDATES to the Primary for dynamic updates it can make sense
to point the secondaries client settings to the Primary -- if the primary
is down this causes a problem for the Secondary as an ordinary DNS
client though -- you cannot resolve names even though this secondary
has the entire DNS database itself.

General rule: Point DNS and WINS servers at themselves.

BTW, to make it more robust change both DCs to AD integrated
and then either can accept updates.http://support.microsoft.com/defaul...port/kb/articles/Q275/2/78.ASP&NoWebContent=1

 

[Todd Maxey [MSFT]]

Bill,

One other thing. There is an assumption here that you are using Active
Directory Integrated forward lookup zones.

 

[Bill B]

Thanks,


Also, they are AD integrated. I think i erroneously stated they were
secondary and primary.
I did have it set up so that DC A pointed to itself and DC B pointed to DC
A per the technote.

Didnt realize i could Criss Cross, thats the solution ill go with...


Bill

 

[Ace Fekay [MVP]]

In

Thanks,


Also, they are AD integrated. I think i erroneously stated they were
secondary and primary.
I did have it set up so that DC A pointed to itself and DC B
pointed to DC
A per the technote.

Didnt realize i could Criss Cross, thats the solution ill go with...


Bill

Just to point out, I've used this solution since the beta product and it
works like a charm and have never come across the Island issue with this
config.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory