Question

Locked

When useing dual DCs are both Primary DNS?

By jocar7 ·
I have 2 Windows 2k3 DCs both running AD, DNS and DHCP. Both are set with a DS integrated Primary DNS zone. I am using the 80/20 rule for DHCP. Is this a recommend setup or should one be primary and one secondary?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

DNS servers and Domain Controllers aren't the same thing

by CG IT In reply to When useing dual DCs are ...

while many SMBs have their DNS servers located on their domain controllers, DNS services are simply name to address translation.

Domain controllers provide centralize authentication/directory services.

The two don't have to be on the same server and in most medium to large businesses, they aren't.

The listing in a clients TCP/IP properties is the order that clients use to locate resources. In a domain, that would be a domain controller to authenticate with using the domain name eg server name.domain name.local or whatever extension is used. DNS resolves this name to an address so that clients can find the server.

So if you only have 1 DNS server for the domain, if that goes down, clients won't be able to find a domain controller to authenticate with, even if you have 2 or 3 or 4 domain controllers for the domain. So, with 2 DNS servers on the domain, clients will use the first one listed[as you title primary]. If that server is unavailable, the client will look at the second one listed[or as titled secondary], so on and so forth.

Collapse -

I understand how a domain infrastructure works

by jocar7 In reply to DNS servers and Domain Co ...

What I was asking is that I have 2 existing Domain Controllers that both have AD, DNS Server and DHCP Server services enabled. Both are set within the DNS server as DS intregrated Primary Zone for the same AD Zone (Company.com). Should one of these two servers actually be set to be a secondary even though they are both DS integrated DNS servers?

Collapse -

DNS zones

by Screen Gems In reply to I understand how a domain ...

Zones contain all the DNS records for the domain name.

example: Domain name = Contsco.com
Contsco.com only needs one DNS zone for the domain name.

If you have a subdomains [child domain] [ contigious name space] in Active Directory, you can intergrate them so that the DNS servers for the parent, also are authoritative for the child [contains all DNS records for the parent and child domains]. You can also create secondary zones for the child domain name space to basically, delegate authority.

you can create a zone for non contigiuous name space domain names that the DNS server is authoritative for [contains all the records for the domain] and that DNS server will resolve queries for that domain.

so the processing order of DNS servers to use to resolve name to address queries in a client's TCP/IP properties has to contain the DNS servers that will be able to resolve queries the client needs. If not the DNS server will forward the unresolved query to root hint servers [ a whois query on the internet].

Collapse -

Seriously.

by jocar7 In reply to DNS zones

Seriously. Are you two actually reading my post. I am NOT asking how ANY domain services work. I am ONLY asking if it is expectable that both of my DC's are PRIMARY zones for the SAME SINGLE TREE FOREST. I am really having second thoughts on wasting me time with this site.

Collapse -

if you don't get it then you need to refresh yourself on DNS

by CG IT In reply to Seriously.

DNS works on zones and zones contain all the records for the domain namespace. ZONES dude.

If you have a single forest single domain namespace then you have 1 DNS ZONE that contains the A,CNAME,MX, ALIAS, SRV,SOA and that whole long list of DNS records. Active Directory intergrated simply means a copy of the forward lookup zone is stored in Active Directory. This is why Active Directory won't work if there isn't a DNS server available. It's also why if all the DNS servers go down, you can install the DNS service on a domain controller and volia! your back in business.

a primary zone in Active Directory is a parent domain zone. A secondary zone in Active Directory is a child domain zone. there are many different zones types, stub, forward lookup, revers lookup, and they all relate to the DNS heiarchy name space.

Primary and secondary DNS servers relate to which ones client use to resolve name to ip address queries.

Seriously, if you don't know this, you better brush up on how DNS works and how active directory works with DNS.

added: so here's the question for you, if you have 2 DNS servers for your single forest, single domain active directory network, what zone will it have? Each of the DNS servers have a copy of the zone they are authoritative for. They replicate with each other to ensure the the records contained in the zone the are authoritative for, are the same.

Collapse -

The same.

by jocar7 In reply to if you don't get it then ...

**added: so here's the question for you, if you have 2 DNS servers for your single forest, single domain active directory network, what zone will it have?**

They have the same zone (mycompany.org), as they are connected to the same Active Directory Partition.

Collapse -

:)

by CG IT In reply to The same.
Collapse -

Single Domain x2 DC's

by jocar7 In reply to When useing dual DCs are ...

I have a Single Domain x2 DC's both with DNS (set as Primary) and DHCP. Think of them as Mirrored servers. They were setup previous to me. I was just trying to remember if that was correct.

Collapse -

yes that's basically the idea .

by CG IT In reply to Single Domain x2 DC's

:)

in DNS there is the active directory intergrated for zone updates. This means DNS gets its zone updates in Active Directory [the copy contained in Active directory].

So "in theory" , records created on one DNS server is copied to Active Directory and that is replicated via the multi master mode of DCs throughout the domain controllers and other DNS servers get their zone transfers from the domain controllers, not some rogue DNS server that's not a member of the domain [though in the old days this has happened when some of the IT Admins and Engineers who didn't know what they were doing allowed zone transfers from any DNS server or from a list of DNS servers in DNS. You can't imagine what a mess that makes when a non domain member DNS server can update a DNS zone in an Active Directory network].

Back to Hardware Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums