 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / DNS / July 2005DNS in 2003 Domain
All, I'm fairly new to DNS in a 2003 domain. I've been tasked with making the DNS more efficient and seeing what can be done to improve it. The domain was migrated from a Win 2000 domain. I've been looking at the DNS structure we currently have, and been reading up on MS's site regarding the _msdcs bits. At the moment, we have a structure in DNS as such: Under the Forward Lookup Zone, we have DOMAIN.com, under DOMAIN.com there are 4 folders/containers called _msdcs, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones. What I cant get my head around is whether this layout is correct. On MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part as _msdcs.forestname and talks about going into its properties etc, but there is no properties tab for _msdcs. There is no Application Directory partition set up as yet. Our root domain controller is 2003, but we have a mixture of 2000 and 2003 DC's. Can anyone inform me about what the DNS layout structure should look like now we're on a 2003 domain, and how it can be optimised. At present our DNS works, but it hasnt been touched since we upgraded to 2003. Any help greatly appreciated. -- bassaddict ------------------------------------------------------------------------ View this thread: http://www.webservertalk.com/message1139050.html > All, > I'm fairly new to DNS in a 2003 domain. I've been tasked with making [quoted text clipped - 24 lines] > > Any help greatly appreciated. In addition to Jorge's reply, the _msdcs zone under your domain.com zone is delegated to your own server, thus why it should show up as a completely separate name space. If it doesn't, then there's an issue. That zone needs to be available everywhere in the forest and it;s replication scope is set to the ForestDnsZones app partition to be available as such. But if you are in a mixed environment, that zone is not available on a Win2000 DC. It would be easier to move your DNS services to only the Win2003 server and uninstall DNS off the Win2000 servers, to handle this function. If you are looking at the DNS zones on a Win2000 DNS console, those Win2003 properties will not be available hence a possible part of the confusion. Look at it under Win2003 and let us know if that zone exists. If they do not, follow that article you posted to fix it.  SignatureRegards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Infinite Diversities in Infinite Combinations. ================================= Hey Thanks to both of you for your replies. Let me just clarify the existing set up. Our Forest Root is 2003, and we have a mixture of Win 2000 and Win 2003 DCs and DNS Servers. All of our 15 branch offices have 2 DNS servers / DC's, one being Win 2000 and one being Win 2003. Each server points to itself for lookups and then to the Forest Root which is located at head office. Is this good practice? On our 2003 DNS servers, the option to create a default application directory partition is available (but not on the 2000 DNS boxes). Am i correct in thinking to set this up though, all DNS servers should be running on 2003? In my proposal, I am recommending upgrading all 2000 to 2003 DNS and using Application Directory Partition to improve replication, but does the Forest Functional level need to be raised to 2003? Underneath our ForwardLookupZone, we have our domain (lets call it domain.com) Underneath here, we have the default _msdcs, _sites, _tcp, _udp, DomainDnsZones and ForestDnsZones. The DNS is active directory integrated and uses forwarders to the forest root without recursion for the domain, and then the Forest Root forwards WITH recursion to the ISP DNS servers. From one of our Win 2000 boxes, the same subdomains as above exist and all replicate to each other. So are you saying the Application Directory replication is not available on 2000 DOMAINS or DCs/DNS servers? Because the option is there to create one from one of our 2003 DNS servers. Sorry if I sound like a beginner with DNS.... its because I am ! But I appreciate how helpful you are. Cheers -- bassaddict ------------------------------------------------------------------------ View this thread: http://www.webservertalk.com/message1139050.html Oh and by the way, we have no Forest Root Domain, just a Domai Controller that is the forest root for the whole domain. I am confusin myself as I've been told that _msdcs.forestname should sit about th DOMAIN.COM zone in DNS. But ours sits below. - Still, anything else you can add? - bassaddic ----------------------------------------------------------------------- View this thread: http://www.webservertalk.com/message1139050.htm > Oh and by the way, we have no Forest Root Domain, just a Domain > Controller that is the forest root for the whole domain. I am > confusing myself as I've been told that _msdcs.forestname should sit > about the DOMAIN.COM zone in DNS. But ours sits below. - > > Still, anything else you can add?? My take is to move DNS services to only Windows 2003 servers. Once that is done, then all the features will be of benefit. Keep in mind, when choosing replication scope, the bottom radio button is the DomainNC partition, which is one of the three logical partitions in a Win2000 domain database. That is the one you need to choose if you are in a mixed environment. If you chose to set the scope to one of the above radio buttons, then that zone will only be available on a Win2003 DC/DNS server. Once you have moved all DNS services to your Win2003 DC/DNS servers, then the _msdcs zone should appear as a separate namespace that is delegated from itself under the domain.com zone, which in that case, the _msdcs zone will now appear as a grayed out folder. If you look at the _msdcs.domain.com zone, you will now find it's replication scope set to the Forest app partition. Ace > Hey > [quoted text clipped - 19 lines] > for the domain, and then the Forest Root forwards WITH recursion to > the ISP DNS servers. If you have a child domain, and are delegating the child namespace to the child domain's DNS servers, then yes, you would forward from the child domain's DNS to the parent domain's DNS. OTHERWISE, if you only have ONE domain, DO NOT FORWARD TO EACH OTHER or to any others in the same domain. This will cause a forwarding loop and you will be bound with issues. Configuring as such is only for a delegation or stub scenario with child domains. If you have only one domain, as indicated in your more recent post, forward from each INDIVIDUAL DNS to the ISP. Allow recursion. > From one of our Win 2000 boxes, the same subdomains as above exist and > all replicate to each other. The folders underneath with the underscores in them (e.g. _msdcs, _tcp, _upd, and _sites), as you call "subdomains" are actually the SRV records, and not necessarily subdomains. These are the service location records that a DC registers into DNS and is used to locate domain controller services. So I'm not entirely sure what you mean by they "...all replicate with each other". Zone data in any AD Integrated zone types, since they are stored in the actual physical AD database, will replicate to other DC/DNS servers along with the default AD replication cycle, since they are part of the AD database. If the understanding is skewed meaning you thought they replicate "with each other", then in a way, they do, but all the data is replicated based on AD's replication process just because they are part of the database. > So are you saying the Application Directory replication is not > available on 2000 DOMAINS or DCs/DNS servers? Because the option is > there to create one from one of our 2003 DNS servers. The Application Partitions are not available for use by a Windows 2000 DC/DNS, albeit the partitions exist on such a machine, but it;s just that you can't take advantage of the feature. The ability to use that feature is only available by using Windows 2003 DC/DNS servers. > Sorry if I sound like a beginner with DNS.... its because I am ! But I > appreciate how helpful you are. > > Cheers No problem. The only way you'll find out is if you ask! Ace |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.