dns setup

[doobrie]

apart from a problem outlined in another post on dns im after the right
way i should have dns setup on my site ....

i have 2 regional site dc's .... connected to the company's single w2k
domain over a wan - dns is AD integrated ... the idea is that we will
get our internet / company connectivity via the wan via proxy server
with an adsl vpn backup should the wan fail

i have dhcp hand out dc1 & dc2 as the workstations dns servers along
with the default gateway and ip address

should i use the forwarders on these dc's dns to point anywhere or
should i disable forwarders and just have the company's other dns
servers listed in the forward lookup zone?

also, being new to AD dns am i safe to delete my forward lookup zone and
recreate it should the need arise or even uninstall and reinstall dns if
i cant get any further on this one?

also, in my reverse lookup zone file should i just have my servers
listed in there for pointers or do my workstations need to go in too or
is it dynamic in any way?

ive a fair bit of clue to find on all this and i'll be able to get HQ's
domain admin to go over it with me but i do like to find these things
out myself and get up to speed on them too so any pointers would be
helpful ... much reading will be done over the next couple days me
thinks!

thx

 

[Steve Duff [MVP]]

In most cases, you should configure this way:

= List the local domain DNS as #1 in DHCP

= List the remote domain DNS as #2 in DHCP

(note that this will result in a different DNS order
at your two sites.)

= If you want to use outside DNSen for
forwarding, do that in the DNS server's forwarding.
You can skip forwarders, and just use root hints to resolve
non-local queries. However on occasion, you may receive
odd errors resolving on specific public zones when using
root hints that may drive you back to using forwarders.

You do NOT want to list your internal DNS as forwarders
because of the possibillity of forwarding loops.

You can tear down and reinstall DNS if you really think
it is necessary, but most of the time when people think it is,
it isn't.

Get the "netdiag" utililty from the Win2k Resource Kit (www.reskit.com)
and use a "netdiag /fix" to check, create and repair the basic domain
DNS zone entries.

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[Michael Johnston [MSFT]]

We typically recommend that you use forwarders to your ISP on your internal DNS servers. This isn't a requirement but more of a judgement call. Either way,
DNS can resolve Internet names. In AD, you can certainly delete the DNS zone. Just beware that this will replicate to all DCs in that domain. This would
remove that zone from all DNS servers in that domain. Creating the zone again, will then add the zone to all DCs in the domain. This isn't a problem as long as
you are sure to re-register your DCs in the zone after it's been recreated. Removing/reinstalling DNS from the server is also a non event. Just make sure that it
points to at least one other DC in the domain for DNS so that it can locate the AD after it's resintalled. Otherwise you may get an error that DNS could not
enumerate the AD and load it's zones.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.