Options

DC and DNS Server

willhi1979willhi1979 Member Posts: 191
in Planning Network Infra 70-293
Hi all,

I have a pretty simple question. I've been watching the CBT Nuggets for the 293, and in the DNS 1 video, he said that sometimes companies put DNS Servers on DCs. He said they did it when they were using secure, active directory replication to minimize the replication traffic. Has anyone seen this in the real world? Would the DNS Replication traffic bog down the Domain Controller? Thanks!
· Share on FacebookShare on Twitter

Comments

  • Options
    TechnitoTechnito Member Posts: 152
    It depends on the network. You will see this mostly in a Windows network that spans multiple sites with each site divided by WAN connections. And yes, running multiple services on any server will bog down the server. But when it comes to Active Directory Integrated DNS zones, the DNS service is installed on the Domain Controller. Most companies use clusters or some other type of fault tolerant technique to support this type of setup. I haven't seen the video, but he was probably basically explaining that companies use AD Integrated DNS zones because zone transfers are transferred through normal AD replication, which minimizes excessive bandwidth traversing WAN links. Also dynamic updates will be secure using these types of zones.
    Knowledge is being an Architect, no matter what field.....
    · Share on FacebookShare on Twitter
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    Real world

    Pretty much all Windows Domains will use AD intergrated zones, another reality is that most companies large enough to even edge toward the ammount of replication traffick that would cause an issue have enough bandwith to cope with any ammount of replication anyway...users copying power point presentations causes more of an issue for most companies.

    But well configured site links and reasonable replication schedules are used anyway in most cases.
    · Share on FacebookShare on Twitter
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Look into the difference between a Standard Primary zone and an Active Directory integrated zone.

    Benefits of using AD integrated zones.
    * Secure Transfers
    * Replication is done through AD replication (which uses compression) rather than zone transfers
    * A standard zone can only have 1 primary zones (all of the others must be secondary aka they are read only copies). With AD integrated you can have an infinite number of primary zones.
    * I'm sure there are some more benefits, but none are coming to mind at the moment. Feel free to update the list.

    Edit: To answer whether the replication bogs down the DC... DC's already do replication. This just adds some more to it and shouldn't be an issue. Even if it was, adding an extra DC or two to add more resources would be worth the costs in order to take advantage of the secure dynamic updates and the multiple primary zones.
    Decide what to be and go be it.
    · Share on FacebookShare on Twitter
  • Options
    willhi1979willhi1979 Member Posts: 191
    Thanks all. I knew they used the same type of replication and the benefits of using it. I was just curious about running both on the same server from a performance standpoint and a security standpoint.
    · Share on FacebookShare on Twitter
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    willhi1979 wrote: »
    Thanks all. I knew they used the same type of replication and the benefits of using it. I was just curious about running both on the same server from a performance standpoint and a security standpoint.

    It is very common to have ADI Zones and a copy of another Zone as a secondary btw, I prefer this method over conditional forwarders when configuring trusts etc and I have been known to make that zone AD intergrated if I am happy I have all the records I need and that they will not change, but that is not very common at all.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.