#2 and #5 are contradictory.
Sam
Discussion on:
View:
Show:
Is that a "Windows != high availablity" statement? If not, how do #2 and #5 contradict each other?
How can something be thought of as high availability that has to be rebooted every month? Our (2200) Linux servers routinely run two - three years between reboots. And we have NetWare servers with >1000 people a day logging into them that have been up seven years since last reboot. DNS/DHCP runs fine on both of these platforms (Comments bashing NetWare/eDirectory will be directed to /dev/null). I know the CIO of a fortune 200 company who told his staff if anyone puts mission-critical applications on a Windows server, he wanted their name, employee ID number, and termination paperwork brought to his desk. That's somewhat extreme, but yeah, I see from where he comes with that.
If you've got NetWare and Linux/SUSE+OES servers that haven't been rebooted for years, then you've got systems that have not had ciritical driver/kernel/CDM/HAM/NLM/security updates applied, else the systems would have been restarted. I'm much happier keeping my servers updated with currently available hotfixes and patches than worrying if I'll have to explain to the CIO how his servers got hacked and/or exploited.
You guys don't full maintenance on your system at all... I feel some cold air blowing around.
It's #1 and #5 that conflict. 1 says limit the number of DNS servers in the system, 5 says have more than three...
#2 only suggests having DNS and DHCP on the same machine, which implies using windows DHCP, which isn't too common. Most people use their router for DHCP, or a Linux system that provides other services like files, printers or backups.
I disagree with the suggestion to use windows for DHCP. But that's really just a matter of taste, there's not much operational difference between windows and Linux services. I just don't like having to pay for a license in order to have a server.
#2 only suggests having DNS and DHCP on the same machine, which implies using windows DHCP, which isn't too common. Most people use their router for DHCP, or a Linux system that provides other services like files, printers or backups.
I disagree with the suggestion to use windows for DHCP. But that's really just a matter of taste, there's not much operational difference between windows and Linux services. I just don't like having to pay for a license in order to have a server.
Seems that the 2nd dimension of this should be IPv6 DNS practices. DNS and v6 seem like they should be stuck together with Glue.
I have seen several articles from ms and other sources that seem to indicate wins is required for outlook prior to 2003 and exchange prior to 2010. Something to look out for if wins is removed. Tried to turn off wins last year and numerous problem reports started coming from users.
This can come in handy. It can also be a source of difficulty in troubleshooting if they were configured and then forgotten.
#1 is stating to "limit the number of zones" which is completely different. It's referring to limiting the number of different DNS servers. If two companies merged with five DNS servers each, ten may be overkill and they can reduce down to five total. Depending on the size of an organization, it may not be necessary to have 10 DNS servers, however you still leave enough to handle all the requests and be redundant.
Using Windows for DHCP is not unusual at all in larger deployments. Windows DHCP is much more configurable than those built into routers and switches, not to mention more tightly integrated with Active Directory.
#2 states to use Windows for both DNS and DHCP rather than Linux or routers and switches. It doesn't imply that you put them on the same box which can be a security vulnerability.
Using Windows for DHCP is not unusual at all in larger deployments. Windows DHCP is much more configurable than those built into routers and switches, not to mention more tightly integrated with Active Directory.
#2 states to use Windows for both DNS and DHCP rather than Linux or routers and switches. It doesn't imply that you put them on the same box which can be a security vulnerability.
I recommend you use a purpose built appliance and system to manage DNS. Infoblox is probably the best choice. It provides a highly available grid for both DNS and DHCP, dynamic dns registration and a very secure platform.
If you know what you are doing Windows is the ONLY DNS that you can use for Active Directory environments. To use anything else is ridiculous.
If you really know Windows and Active Directory, then you know Microsoft absolutely supports the use third-party DNS for AD, such as BIND and Infoblox, and there are valid reasons why some choose to go that route.
I never said that BIND or the use of other 3rd party DNS servers wasnt a "supported" configuration. Maybe I should have said that it is a moronic configuration! People just love to trash MS. I support Red Hat and HPUX in my AD environment and often have to keep the *nix L0s3rs in check.
why not build your own dns server with a DHCP server from Linux and have your own network to mess with rather then rely on your isp's or windows
Why not BSD instead of Linux? And why would Windows or any other DNS server limit you to using your ISP's resolver? There are other public resolvers, and root hints go just as far in a Windows DNS server role as any other.
I'd skip group policies for basic DNS settings when those can be applied via DHCP options. Group Policy is fantastic, that's for sure, and I use it for network settings as a whole sometimes, but DNS servers and other network location options I usually have set via DHCP options to keep things simple.
It can be done, but it's usually not advisable. I'd much rather assign static addresses to servers and control TCP/IP configurations via GPO, where appropriate.
Please mention in this DNS troulshoot points (like critcal prod environments)
with a large network like mine i find DHCP Server extremely lucrative and restless IP resource to my usual and nuw network users who most are high rollers and they don't like wizards to mess around with their laptops evry time they switch to a different network
Well, people always say WINS isn't needed anymore, but MS says that's not the case across the board. Not everyone runs the latest and greatest OS and software, so it is still needed in some cases. For example: http://technet.microsoft.com/en-us/library/dd285511(EXCHG.80).aspx
We were running Exchange 2007 from 2008-2010 in a multi-domain environment (six domains, to be exact), and we were completely WINSless the whole time and had no problems.
And in 2005-2006, at a different company, we also upgraded Windows 2000 AD, WINS, & Exchange 2000 to Windows 2003 AD & Exchange 2003, dropping WINS, in a multi-domain environment. I don't recall that we had any problems in that configuration, either, even though at the time, everyone was telling us it couldn't be done.
And in 2005-2006, at a different company, we also upgraded Windows 2000 AD, WINS, & Exchange 2000 to Windows 2003 AD & Exchange 2003, dropping WINS, in a multi-domain environment. I don't recall that we had any problems in that configuration, either, even though at the time, everyone was telling us it couldn't be done.
A year or so ago we turned off our WINS servers. There are about 2% of the systems that either could not function or tooks minutes to connect to resources (like exchange 2003) and SQL Server 2000. We have a dispersed network with slow WAN links between the sites. So, maybe not time to give up WINS
On every system I have configured over the years... I always added the Primary and Secondary DNS server of the Internet itself. The addresses I use are: 4.2.2.1 and 4.2.2.2. Since the U.S. Government pays for those to always be available... It makes life easier.
After all... If you place those addresses at the bottom of the DNS server list you will always get a usable answer.
After all... If you place those addresses at the bottom of the DNS server list you will always get a usable answer.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
