DNS zone confusion
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
Im confused...
We have two offices (Nevada and California) connected by a wan link but are part of the same domain. Each office has a dc and each dc is also dns. In dns we have two forward lookup AD-integrated zones, company.com and California. Why are all the host records in the company.com zone and none of the records of hosts physically located in California, in the California zone? The only records that I see in the California zone are NS records for both dc's and the SOA record for the dc physically located in California. This dns infrastructure was created years before I got here and Im still learning dns but shouldn't the hosts physically located in California have their records in the California zone?
Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.
[/still learning]
We have two offices (Nevada and California) connected by a wan link but are part of the same domain. Each office has a dc and each dc is also dns. In dns we have two forward lookup AD-integrated zones, company.com and California. Why are all the host records in the company.com zone and none of the records of hosts physically located in California, in the California zone? The only records that I see in the California zone are NS records for both dc's and the SOA record for the dc physically located in California. This dns infrastructure was created years before I got here and Im still learning dns but shouldn't the hosts physically located in California have their records in the California zone?
Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.
[/still learning]
Comments
-
sidsanders Member Posts: 217 ■■■□□□□□□□are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...GO TEAM VENTURE!!!!
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□sidsanders wrote: »are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...
Single forest, single domain. Each dns points to itself and not the other. I guess my questiions are, does the Cali zone even need to be there? What would the best practice be to send updates to each other while minimizing traffic? -
dynamik Banned Posts: 12,312 ■■■■■■■■■□does the Cali zone even need to be there?
That's what I was going to ask you; I don't see what purpose it's serving based on what you've said so far. DNS is broken up by domain/zone, not by site. Therefore, physical location doesn't enter into the equation.What would the best practice be to send updates to each other while minimizing traffic?
AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth. -
phoeneous Member Posts: 2,333 ■■■■■■■□□□AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth.
Bonded 3MB.
I'd say about 150 records on both sides. -
dynamik Banned Posts: 12,312 ■■■■■■■■■□Yea, that's nothing. Export that zone to a file and see how large it is: How to export AD-integrated zones to file > ActiveDir.org
Also, if you've configured each location as a separate site (which should be done; check Admin Tools > AD sites and services), AD replication will use compression. -
gateway Member Posts: 232Also, if you are doing incremental zone transfers for 150 records, it will hardly use any bandwidth. Get rid of the Cali zoneBlogging my AWS studies here! http://www.itstudynotes.uk/aws-csa
-
Devilsbane Member Posts: 4,214 ■■■■■■■■□□Is the california zone there just for some local intranet websites?Decide what to be and go be it.
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□Devilsbane wrote: »Is the california zone there just for some local intranet websites?
No intranet sites. Honestly I dont know why they created it. And of course the vendor who setup dns in this office can no longer be contacted...
It is officially 86'd. -
phoeneous Member Posts: 2,333 ■■■■■■■□□□Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.
This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints? -
dynamik Banned Posts: 12,312 ■■■■■■■■■□This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
It depends on how you want to do it. Forwarding to your ISP offloads the recursive queries to their servers, and they may already be cached there as well. If you don't have those configured, your DNS server will just use root hints.
The way you have it currently configured is that your California branch will forward queries to your other DNS server, which in turn will forward queries to their ISP.
I usually just forward the queries to the ISP unless there's a specific reason I don't want to, but from what you've said, you should be fine with any of these configurations. -
sidsanders Member Posts: 217 ■■■□□□□□□□This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
is any of the local gear pointing to it? if not, it isnt a big deal. if yes, you can add the "local" isp fwders and make them get hit first over the remote dc. have you set the cali dc to be a secondary/ad integrated for the more valid zone?GO TEAM VENTURE!!!!