DNS NS record
bighornsheep
Member Posts: 1,506
hi...I wanted to make sure...
say I have domain controller for domain1.com, FQDN is win2k3.domain1.com
the NS record for this domain can not be win2k3.domain1.com right?
it has to be another DNS server on a seperate domain.
So if I want to setup Win2k3 to use as a HTTP server for domain1.com, the DNS must be foreign, is this correct?
say I have domain controller for domain1.com, FQDN is win2k3.domain1.com
the NS record for this domain can not be win2k3.domain1.com right?
it has to be another DNS server on a seperate domain.
So if I want to setup Win2k3 to use as a HTTP server for domain1.com, the DNS must be foreign, is this correct?
Jack of all trades, master of none
Comments
To quote somewhere on the webernet,
So if your DC is also a DNS server holding the zone for its domain, it will (can) be a name server for its domain.
Just look at the NS record in dnsmgmt.msc
the ns record signifys that win2k3 is a name server.
if you setup win2k3 as a http server and all of your clients are configured to make requests to win2k3, win2k3 will use the host a record to resolve the ip address.
now, one thing that is not recommend is for a dc to point to itself to resolve dns requests.
there is no need for multiple domains.
This is mostly true. In a multi DNS Server enviornment, it is a good practice to have all DNS Servers point to one Master DNS Server; this includes the Master DNS Server itself. From there, you can strategically configure secondary ips to how you see fit. This ensures that dns updates are consistent across the infrastructure.
However, if you have a tiered DNS name structure, then you may indeed want to point to the servers with the parent records.
But if you don't have AD integrated zones, then only one server can be primary, and only primary will accept DNS updates, so it is best to only point to the server with the primary zone so that the hosts can register themselves.
whoops. haha
While I haven't actually done any DNS Architect-Level Design, my statement was based off of several things.
1. In Windows 2000 it is common practice NOT to point to itself due to island dns reasons.
2. My statement of pointing to master servers is a recommended practice by my company's Network Architects, which is also recommended in my Syngress 70-293 book, as well as by Mark Minasi in one of his newsletters in which I read which discussed about how to configure DCs to point to a master DNS.
When I stated to do this to make updates more consistent, the actual consistency wording was actually stated in the Syngress book. As for Mark Minasi's newsletter where he talks about having all DCs point to a master DNS server for their primary, i'll try to find the archived newsletter when I get home.
Obviously we all have our different design methods and I have been reading a lot about dns design lately. I've been looking at newsletters, reading a couple books about dns design, as well as talking with several different architects. Every source of information I have looked at have said always point dns to other servers to prevent island dns (which isn't an issue really in 2k3 anymore) and to have consistent dns updates by using a master dns ip.
Like I said though, we all have our different methods so don't take this post as a "no you're wrong" but just my experiences from what I have learned from my own research and experiences.
Edit: Btw, here's the link to the newsletter - newsletter #31 (you have to register though which is free).
http://www.minasi.com/query.asp
From his newsletter:
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...