Results 1 to 7 of 7

Thread: AD & DNS!

  1. #1
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    AD & DNS!

    Hi,

    I'm about to start setting up a 2000 AD domain in our datacentre and it is my understanding that AD requires that the DC's I use (a couple of Compaq Poliant DL380's) should act as the primary DNS for all the clients (workstation and server) in the domain. The company already has a full DNS system based on UNIX servers I believe and someone else (who is very pro Linux and anti-"Windoze") said that someone put an AD domain in somewhere in our company and it screwed up the DNS. I do not know whether that is true or not but it does seem sensible to ask if anyone has any suggestions as to how the DNS should be configured on the new servers ... I think it may be preferable to configure them as stub servers but any advice would be greatly appreciated.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: AD & DNS!

    Take a look at the results of Search The Knowledge Base particularly the first article: How to Enable Dynamic Updates on UNIX BIND DNS Servers.

    Joe
    Joe

  3. #3
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Interesting ...

    ... however I have no control over the DNS configuration, I'm just setting up a small (100 servers max) AD domain in one of our company datacentres.

    Sorry ... I should have made my lack of ability to change any of the UNIX DNS configuration clearer.

  4. #4
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Interesting ...

    Can you explain a bit more about your current DNS setup, particularly...
    <UL><LI>Is the DNS namespace managed by the Unix servers a real assigned Internet namespace, or is it a "made up" company one?
    <LI>Is the DNS namespace managed by the Unix servers visible on the external Internet?
    <LI>Does the AD domain need to use the same namespace, or could you use a completely different one for these servers?
    <LI>Do computers that are not part of the AD setup need to use services from the AD domain?
    <LI>Do computers that are part of the AD setup need to use services whose names are currently managed by the Unix servers?[/list]One possible option would be to configure the AD domain with it's own namespace, and forward all queries that the DCs can't resolve to the Unix domain, but this would only work if nothing outside your AD ever wanted to resolve names within it. Another option would be to get the Unix sysadmins to delegate a portion of the namespace to you - but it sounds as though the internal politics may not allow this.

    You may find some of the suggestions in this article helpful.

    StuartR

  5. #5
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Re: Interesting ...

    Thanks Stuart ... the article was interesting and both me and my colleague read it before we started setting up the domain (which so far consists of 2 DC's and 3 client servers).

    Once we've got the backbone structure right we'll start migrating Win2K servers (we've made the decision to keep it Win2K or better only) from our NT4 domain.

  6. #6
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Interesting ...

    So what DNS design did you end up with?

    StuartR

  7. #7
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Re: Interesting ...

    Hi Stuart,

    Essentially what we have is what I think is called a forwarding domain where we have two DC's (now three since apparently a TS licensing server must be set up on a DC and we wanted that on a separate server) set up to identically forward all DNS requests that they know nothing about to the main company DNS and on all client servers (and the TS/DC server) the primary and secondary DNS points only to those two servers so, hopefully, giving a degree of redundancy should one of the DNS/DC's fail.

    Currently all servers point their browsers to an automatic configuration script outside of the AD domain but I'm not 100% sure that's necessary, I will have to do some testing but I think that could be made to forward through the DC's as well.

    Anyway ... thank you for your advice :-)

    James

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •