List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Nameserver list for DC's with their own DNS?

Prev Next

You are not authorized to post a reply.

Author

Messages

rm@xxxx.yyy

08/26/2005 9:56 AM
Guys,I seem to recall that best practice dictates that DC's running DNS should be pointed only to themselves as nameservers. Why is it not acceptable to specify a secondary nameserver on these machines?Thx,RM

Alm@xxxx.yyy

08/26/2005 10:23 AM
________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of RM Sent: Fri 8/26/2005 5:55 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Nameserver list for DC's with their own DNS? Guys, I seem to recall that best practice dictates that DC's running DNS should be pointed only to themselves as nameservers. Why is it not acceptable to specify a secondary nameserver on these machines? Thx, RM >

rm@xxxx.yyy

08/26/2005 10:52 AM
Thanks. I'm currently cleaning up from an incident where a server was promoted to DC and somehow its own DNS stopped functioning. Based on the event log errors, I suspect that the zone was flipped over to AD-integrated before replication had finished. DNS needed AD, but AD couldn't finish replication without a functional DNS. The server would not allow anyone to logon via RDP ("could not contact a domain controller") yet I could still access the machine's registry from the network. I solved the problem by hand-editing the NameServer reg key (under currentcontrolset\tcpip) to point to a remote DC at the nearest hub site. A few minutes later, I could log on. I suspect that if a secondary name server had been specified right from the start, this little scare would have never happened. RM ----- Original message ----- From: "Al Mulnick" To: ActiveDir@xxxxxxxxxxxxxxxxxx Date: Fri, 26 Aug 2005 18:20:46 -0400 Subject: RE: [ActiveDir] Nameserver list for DC's with their own DNS? There tends to be a lot of back and forth for this type of stuff. But consider it this way, if you specify the local host (127.0.0.1) as the name server, does it make sense for the host to look to another host if it's own DNS has failed? That's really the heart of the question. A functioning DC that as AD-integrated DNS should be able to query itself and get an authoritative answer for its domain. If not, the DC is not functioning and needs attention. Personally? I've set 'em up both ways and have not had a concern for either. I prefer to put a secondary server in there as a matter of fact. More a feeling of comfort than anything useful. In practice, it's more likely that it will return an authoritative answer than a failure and fall-back to its secondary. Good monitoring is a good idea as well. Al ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of RM Sent: Fri 8/26/2005 5:55 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Nameserver list for DC's with their own DNS? Guys, I seem to recall that best practice dictates that DC's running DNS should be pointed only to themselves as nameservers. Why is it not acceptable to specify a secondary nameserver on these machines? Thx, RM List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Nameserver list for DC's with their own DNS?

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads