Standard Primary vs AD Integrated?

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Bryan Erwin - 08 Jun 2007 20:25 GMT

Is there any reason why you would not want to AD integrate a DNS zone that is
not associated with an Active Directory domain. I know it can be done, are
there any issues associated with doing it or reasons why you might not want
to do this?

Thanks

Reply to this Message

Kevin D. Goodknecht Sr. [MVP] - 08 Jun 2007 21:10 GMT

Read inline please.

In news:860344F8-1FEE-48D0-A595-C06518F52C1A@microsoft.com,
Bryan Erwin <BryanErwin@discussions.microsoft.com> typed:

> Is there any reason why you would not want to AD integrate a DNS zone
> that is not associated with an Active Directory domain. I know it can
> be done, are there any issues associated with doing it or reasons why
> you might not want to do this?

If you are hosting a zone for a Publicly available domain and want full
control of NS and SOA MNAME records. By using AD integrated zones, you
increase the security on the zone, but you lose some control over those
records. You can add NS records, but the DC will create it's own NS record
and name itself as the Master Name server on the SOA.
By using standard zones you can make the NS and MNAME records to suit the
network they serve.

Signature

Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Reply to this Message

Bryan Erwin - 08 Jun 2007 22:00 GMT

That makes sense. What about zones for non ad ware devices that may only need
to be accessed/resolved by users in specific locations. By AD integrating,
this data gets unnecessarily replicated throughout the entire enterprise. Is
this a valid reason not to AD integrate a zone, especially one that host not
ad aware hosts?

Thanks

> Read inline please.
>
[quoted text clipped - 12 lines]
> By using standard zones you can make the NS and MNAME records to suit the
> network they serve.

Reply to this Message

Kevin D. Goodknecht Sr. [MVP] - 09 Jun 2007 01:54 GMT

Read inline please.

In news:F46ACAB0-5B75-4AEC-BC7B-307C20BFC80A@microsoft.com,
Bryan Erwin <BryanErwin@discussions.microsoft.com> typed:

> That makes sense. What about zones for non ad ware devices that may
> only need to be accessed/resolved by users in specific locations. By
> AD integrating, this data gets unnecessarily replicated throughout
> the entire enterprise. Is this a valid reason not to AD integrate a
> zone, especially one that host not ad aware hosts?

Actually, replication depends a lot on your Forest structure, if you have
multiple domains in your forest, you can choose to replicate to
DomainDNSZones or a custom replication partition.
Yes, you can use Primary/secondary zones for names that must resolve
differently from site to site.

Signature

Reply to this Message