DNS zone confusion

phoeneousphoeneous Go ping yourself...Posts: 2,333Member ■■■■■■■□□□
Im confused...

We have two offices (Nevada and California) connected by a wan link but are part of the same domain. Each office has a dc and each dc is also dns. In dns we have two forward lookup AD-integrated zones, company.com and California. Why are all the host records in the company.com zone and none of the records of hosts physically located in California, in the California zone? The only records that I see in the California zone are NS records for both dc's and the SOA record for the dc physically located in California. This dns infrastructure was created years before I got here and Im still learning dns but shouldn't the hosts physically located in California have their records in the California zone?

Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.

[/still learning]

Comments

  • sidsanderssidsanders Posts: 217Member ■■■□□□□□□□
    are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...
    GO TEAM VENTURE!!!!
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    sidsanders wrote: »
    are you a single forest - single domain AD shop? if so , is there a need for the (mostly) empty dns domain? the cali zone may not be set for dynamic updates, and none of the hosts in cali may be configured to use the local dns server. do you want to use the cali dns domain? are the dns servers secondary servers for each others zones, do they need to be? lots more that could be asked here...

    Single forest, single domain. Each dns points to itself and not the other. I guess my questiions are, does the Cali zone even need to be there? What would the best practice be to send updates to each other while minimizing traffic?
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    phoeneous wrote: »
    does the Cali zone even need to be there?

    That's what I was going to ask you; I don't see what purpose it's serving based on what you've said so far. DNS is broken up by domain/zone, not by site. Therefore, physical location doesn't enter into the equation.
    phoeneous wrote: »
    What would the best practice be to send updates to each other while minimizing traffic?

    AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth.
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    dynamik wrote: »
    AD-integrated should be fine. How many records do you have and what's the speed of your WAN link? I would suspect that DNS updates use a negligible amount of your bandwidth.

    Bonded 3MB.

    I'd say about 150 records on both sides.
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Yea, that's nothing. Export that zone to a file and see how large it is: How to export AD-integrated zones to file > ActiveDir.org

    Also, if you've configured each location as a separate site (which should be done; check Admin Tools > AD sites and services), AD replication will use compression.
  • gatewaygateway Posts: 232Member
    Also, if you are doing incremental zone transfers for 150 records, it will hardly use any bandwidth. Get rid of the Cali zone icon_wink.gif
    Blogging my AWS studies here! http://www.itstudynotes.uk/aws-csa
  • DevilsbaneDevilsbane Posts: 4,212Member ■■■■■■■■□□
    Is the california zone there just for some local intranet websites?
    Decide what to be and go be it.
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    Devilsbane wrote: »
    Is the california zone there just for some local intranet websites?

    No intranet sites. Honestly I dont know why they created it. And of course the vendor who setup dns in this office can no longer be contacted...

    It is officially 86'd.
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    phoeneous wrote: »
    Also, the forwarders for the California dns is the IP of the other dns server in Nevada. Shouldnt the forwarders for the California dns be pointing to their ISP's public dns servers? Thats how the Nevada dns is configured.

    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    phoeneous wrote: »
    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?

    It depends on how you want to do it. Forwarding to your ISP offloads the recursive queries to their servers, and they may already be cached there as well. If you don't have those configured, your DNS server will just use root hints.

    The way you have it currently configured is that your California branch will forward queries to your other DNS server, which in turn will forward queries to their ISP.

    I usually just forward the queries to the ISP unless there's a specific reason I don't want to, but from what you've said, you should be fine with any of these configurations.
  • sidsanderssidsanders Posts: 217Member ■■■□□□□□□□
    phoeneous wrote: »
    This question still stands. Should the Cali server be pointing its forwarders to its ISP or should it just rely on root hints?

    is any of the local gear pointing to it? if not, it isnt a big deal. if yes, you can add the "local" isp fwders and make them get hit first over the remote dc. have you set the cali dc to be a secondary/ad integrated for the more valid zone?
    GO TEAM VENTURE!!!!
Sign In or Register to comment.