Installed new network, we have 2 campus's so we have a server in each campus. Best practises for DNS in this case? We are connected via a 3mb telstra megalink. Do I set up a DNS in each site or user forwarders? No time to read up on it, so thought one of you lovely people might give me some tips
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Sites and DNS
- Thread starter cwissy
- Start date
This is what you want to do....mainly for fault tolerance of the domain but this setup will also localize traffic to each site.
1) Install each server as a domain controller (of the same domain)
2) Configure DNS as Active Directory Integrated DNS. This way the DNS database is protected in Active Directory and replicated between all domain controllers
3) Install the DNS service on both DC's. This will allow both DC's to service DNS requests from clients
4) Configure the clients so that they point to thier local DNS server first and the remote DNS secondarily.
5) User AD Sites and Services and create two AD Sites. One site for each campus location. Because AD Sites are configures using Subnets as boundaries, your clients will know which DC is local and use it for authentication.
-later
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
1) Install each server as a domain controller (of the same domain)
2) Configure DNS as Active Directory Integrated DNS. This way the DNS database is protected in Active Directory and replicated between all domain controllers
3) Install the DNS service on both DC's. This will allow both DC's to service DNS requests from clients
4) Configure the clients so that they point to thier local DNS server first and the remote DNS secondarily.
5) User AD Sites and Services and create two AD Sites. One site for each campus location. Because AD Sites are configures using Subnets as boundaries, your clients will know which DC is local and use it for authentication.
-later
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
LordMarshal
MIS
Cwissy,
How often do your DNS records change in a given day (do you even need internal DNS?) If you are primarily looking for outbound lookups(requests for web addresses and the like), then I would not recommend setting up a DNS server on each campus. (Although it would allow for local caching of responses, in the end you are not likely to see any real improvement in performance with local DNS for out-of-network requests, since they will invariable have to go ask a server outside your network where the URL is.)
If this is primarily for internal hosts to register with and navigate, then Joseph's recommendation is absolutely correct. I also (even with Telestra) would not worry about bandwidth for DNS on a 3 meg link. Frankly user traffic will kill you before system traffic even comes close. Even AD replication won't touch that 3 meg...
hope that helps you out,
LM
How often do your DNS records change in a given day (do you even need internal DNS?) If you are primarily looking for outbound lookups(requests for web addresses and the like), then I would not recommend setting up a DNS server on each campus. (Although it would allow for local caching of responses, in the end you are not likely to see any real improvement in performance with local DNS for out-of-network requests, since they will invariable have to go ask a server outside your network where the URL is.)
If this is primarily for internal hosts to register with and navigate, then Joseph's recommendation is absolutely correct. I also (even with Telestra) would not worry about bandwidth for DNS on a 3 meg link. Frankly user traffic will kill you before system traffic even comes close. Even AD replication won't touch that 3 meg...
hope that helps you out,
LM
- Thread starter
- #5
if you had the same as above but 150 sites - link of between 256k and 10mb - would you recommend the same.
if you did on each local dc's tcpip properties for the dns server - would you just put the ip addresses in as it's self and one other at a central site - i assume this isnt to inportant as the forwarders for further resolution would be the same
if you did on each local dc's tcpip properties for the dns server - would you just put the ip addresses in as it's self and one other at a central site - i assume this isnt to inportant as the forwarders for further resolution would be the same
Terry,
The more important issue isn't DNS; rather, user/computer authentication. Therefore, I would recommend the same configuration. Where (if you have the money) to install at least one DC per site.
You should condider two things: The number of clients per site and the WAN link speed and reliability.
If you have a local DC at each site and design your AD Sites and Services properly to indentify WAN links, your local clients will use the local DC to autheniticate with. This is important if you have many users trying to logon as without a local DC, authentication will occur over the WAN link. For a few users this will not be a problem....but if you have 10's or users, this could cause performance problems. Therefore, I would suggest having DC's local to your users if you can afford to do that.
If you use AD integrated DNS, all DC's will have a copy of the DNS database. Therefore, you could install the DNS service on all DC's. and then point the local clients to the nearest DC (using DHCP or manual assignment).
The recommendation for pointing your DNS server IP settings is to point DNS 1 local and DNS 2 to a Central DNS server.
-later
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
The more important issue isn't DNS; rather, user/computer authentication. Therefore, I would recommend the same configuration. Where (if you have the money) to install at least one DC per site.
You should condider two things: The number of clients per site and the WAN link speed and reliability.
If you have a local DC at each site and design your AD Sites and Services properly to indentify WAN links, your local clients will use the local DC to autheniticate with. This is important if you have many users trying to logon as without a local DC, authentication will occur over the WAN link. For a few users this will not be a problem....but if you have 10's or users, this could cause performance problems. Therefore, I would suggest having DC's local to your users if you can afford to do that.
If you use AD integrated DNS, all DC's will have a copy of the DNS database. Therefore, you could install the DNS service on all DC's. and then point the local clients to the nearest DC (using DHCP or manual assignment).
The recommendation for pointing your DNS server IP settings is to point DNS 1 local and DNS 2 to a Central DNS server.
-later
Joseph L. Poandl
MCSE 2003
If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
cheers
each site will have a dc - irespective of amount of users - (some sites have 2 people - some have 100 - but most probably 30
and i was planning to organise them into sites and each with ou for admin etc
the dns is also be replicated to our dns servers - netware ones (this is mainly for other servers and also if i have a disaster i can recover from netware easier - as i undersatnd it better
thanks again - just nice to get confirmations of thoughts
each site will have a dc - irespective of amount of users - (some sites have 2 people - some have 100 - but most probably 30
and i was planning to organise them into sites and each with ou for admin etc
the dns is also be replicated to our dns servers - netware ones (this is mainly for other servers and also if i have a disaster i can recover from netware easier - as i undersatnd it better
thanks again - just nice to get confirmations of thoughts
- Status
Similar threads
