Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DNS Restructure

0 views
Skip to first unread message

Tynman

unread,
Sep 28, 2005, 3:26:03 PM9/28/05
to
I've just inherited a rather large DNS environment and would like some
comments/suggestions on how to make it better. Our internal and external DNS
servers are separate and we host both. Currently, we have a root domain with
8 child domains. Each child domain has a "child root" DNS server(s) are
setup with forwarders to a DNS server in the root domain. All other child
DNS servers point to the "child root" server.

All child DNS servers have the default Cache.dns root hints. I'm thinking I
should point the root hints of the child servers to the root; however, I'm
not 100% sure how to set that up. Should I just point them all to the root
DNS server and then the root server use it's root hints to resolve external
requests?

All child domain DNS servers also point to themselves for DNS. Each child
domain hosts its own Forward lookup zone and on the root server there's a
stub zone pointing to the child zone. As far as reverse DNS goes, it's kind
of a mess... For the most part, each child domain hosts its own reverse zone;
however, there is no delegation/stub at the root server pointing back. Any
recommendations on how and if I should use stub zones for the child reverse
zones?

Any thoughts/suggestions are greatly appreciated.

Todd J Heron

unread,
Sep 28, 2005, 10:36:07 PM9/28/05
to
Why not replicate the ADI zone of all domains to all DNS servers in the
forest? They you don't need to worry about delegations or stub zones.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"Tynman" <Tyn...@discussions.microsoft.com> wrote in message
news:4DF95256-F4DE-4903...@microsoft.com...

Tynman

unread,
Sep 29, 2005, 9:05:04 AM9/29/05
to
Won't that increase replication traffic substantially? We currently have
about 120 sites with a total of 4000 users. Our slowest link is 256k. We
had issues with our forward zone that used delegated zones only because they
do not update themselves, but since we've switched to stub zones it's not an
issues.

I'm trying to think what I can do about the reverse zone. Right now, each
region has their own 10.x.x.x subnet and some with two. I had though that I
could stub out each 10.x subnet at the root level, but, maybe it makes sense
to replicate that reverse zone as you say, throughout the forest.

Kevin D. Goodknecht Sr. [MVP]

unread,
Oct 3, 2005, 9:18:59 AM10/3/05
to
Tynman <Tyn...@discussions.microsoft.com> wrote:
> I've just inherited a rather large DNS environment and would like some
> comments/suggestions on how to make it better. Our internal and
> external DNS servers are separate and we host both. Currently, we
> have a root domain with 8 child domains. Each child domain has a
> "child root" DNS server(s) are setup with forwarders to a DNS server
> in the root domain. All other child DNS servers point to the "child
> root" server.

You want to clarify your term "Child root"?

>
> All child DNS servers have the default Cache.dns root hints. I'm
> thinking I should point the root hints of the child servers to the
> root; however, I'm not 100% sure how to set that up. Should I just
> point them all to the root DNS server and then the root server use
> it's root hints to resolve external requests?

Is this Win2k or Win2k3?

I'd leave the Root hints alone, if the parent DNS cannot be located by using
root hints, turn off recursion on the Forwarders tab by checking "Do not use
recursion"

>
> All child domain DNS servers also point to themselves for DNS. Each
> child domain hosts its own Forward lookup zone and on the root server
> there's a stub zone pointing to the child zone. As far as reverse
> DNS goes, it's kind of a mess... For the most part, each child domain
> hosts its own reverse zone; however, there is no delegation/stub at
> the root server pointing back. Any recommendations on how and if I
> should use stub zones for the child reverse zones?

What subnet ranges are you using?


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Tynman

unread,
Oct 3, 2005, 10:16:02 AM10/3/05
to
Hi, thanks for the post. What I mean by child root is we have a regional
office in each domain and that regional office as a DNS server that all
branch offices point to. Then, all regional office point back to our
corporate office.

We're running a mix of 2000/2003, but we hope to have all 2003 by the end of
the year. It's my understanding that if each internal DNS server is using
the default root hints, that it's not very efficient because each server can
query Internet DNS servers and this causes more traffic and doesn't make
efficient use of caching. Right now, the parent DNS server is located by
using forwarders.

Our subnet scope is 10.x.x.x. Each location is assigned a 10.x.x.x subnet.

Thanks for the comments!

0 new messages