What DNS-Records have to be there?

[Stefan 'Birdie' Vogel]

Hello,

we currently try to troubleshoot a DNS-problem in our AD. (non MS-DNS, we
use QIP)

Exactly what DNS SRV RRs have to be registered from witch machine?

Asumeing the following small version of our domain structure:

forrest.com
domain.forrest.com

Site1 (central)
dc.forrest.com (Schema / Naming)
DC1.domain.forrest.com (PDC, RID and Infra)
DC2.domain.forrest.com (GC and Bridgehead)

Site2 (remote)
dc3.domain.forrest.com (GC and bridgehead / site link to site 1)


Site3 (remote)
dc4.domain.forrest.com (GC and bridgehead / sitelink to site 1


Site4 (remote)
dc5.domain.forrest.com (GC and bridgehead / sitelink to site 3!!!)



Or does anyone know a website explaining it in detail?

Hope someone can help me with this.

Regards
Stefan Vogel

 

[Paul Bergson [MVP-DS]]

For starters you could run dnslint, it should determine if they are all
there.
http://support.microsoft.com/default.aspx/kb/321046

Details on the dns records for AD
http://technet2.microsoft.com/Windo...75c3-4a77-ae93-a8804e9ff2a11033.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Stefan 'Birdie' Vogel]

The problem is more, that we don't miss any entries, but it looks liek we
have several woo much.....


i.e: we have this entries
_ldap._tcp.SITE1._sites.....
and
_ldap._tcp.SITE2._sites.....

for a DC in SITE1.

And our central DCs have this kind of entries for allmost all our sites
(about 40).
Is that normal? I don't think so.

Regards
Stefan

 

[Joe Richards [MVP]]

Look at the netlogon.dns files in %windir%\system32\config directory.

The actual records will vary based on your overally topology. For
instance if you have a site that doesn't have a DC for Domain Y some DC
for Domain Y will register some DNS records for that site.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

 

[Stefan 'Birdie' Vogel]

So am I right, that when I create a new site and a client at this site logs
in before the DC is active, that any of the allready existing DCs will
register a DNS-record for the new site?

But if so, shouldn't this entry be deleted from DNS after some time?

Regards
Stefan

 

[Paul Bergson [MVP-DS]]

What you should have within the _tcp.sitename.sites.domainname is a _gc,
_kerberos and _ldap srv record for each dc in the site that hosts these
services (If no gc on a dc then it shouldn't have a gc record). If you have
dc names in here that aren;t within this site, you should be able to remove
them. I would note any service location names (COMPLETELY) before removing
anything and then do it to just one DC's service.

Then run a netdiag
NetDiag.exe /l /v /test:dns

See if there are any error messages. If not I would remove another, etc...

Once done I would then run a netdiag /fix on each dc


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Joe Richards [MVP]]

It doesn't matter when the client logs on. If a new site is created and
it doesn't have coverage for a given domain, the "closest" DC will then
register records to cover that site. Once a DC is spun up in that site
for a given domain, any coverage records from another DC in another site
should be removed. I don't recall off the top of my head though if this
is an actual deregistration or it relies on scavenging.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm