| Author | Messages | |
deji
Posts:262
 | | 02/01/2012 5:01 PM |
| Brian,
Would you really, seriously "stick with ..... WINS"? It's not a trick question, and I'm interested in your response.
In response to the original query, the number of suffixes, on their own, do NOT "slow down" your queries. What slows down your is how much of your suffixes the client has to loop through BEFORE they find the record they are looking for.
In order words, it is NOT a DNS problem. IF there are REALLY about a hundred places in which a client has to look to find a resource, someone needs to be concerned with much more than "suffixes". Someone needs to review the entire infrastructure. Yes, looping through one hundred and so suffixes in search of a particular record is going to be slooooooooooooooower than just looking in one or two places. However, the fact that you have one hundred suffixes will not slow down a lookup for a record that is in the zone at the top of the search list because the looping stops once the record is located.
BTW, this is one of the major reasons the GlobalNames feature was invented, although it also requires that you get a handle on your naming conventions so that your "IMPORTANT" servers are not named the same across your enterprise.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Brian Arkills [barkills@washington.edu]
Sent: Tuesday, October 04, 2011 9:46 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] OT - DNS Suffix Search List - limitations?
We've got a managed workstation deployment that has 10 DNS suffixes. I've campaigned against this lengthy list but haven't yet managed to kill it due to political forces that are opposed because users are now trained to not fully qualify. And there are some application servers that rely on this list (which I think is crazy).
With this approach and any number of DNS suffixes, you begin to run into questions about whether xyz.com should be added or not. And if it is added, in which place in the order should it go? Who has a say in that ordering and is there posturing/politicking that results? And can someone successfully hijack some of your users by knowing that xyz.com comes before abc.com?
Personally, I'd stick to fully qualified DNS names + WINS. This setting is a tar pit waiting to suck you in and not let go of you until you are petroleum. 
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Matt Casey
Sent: Tuesday, October 04, 2011 7:03 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] OT - DNS Suffix Search List - limitations?
I would expect your potential issues to surface from the number of look ups that have to occur before an answer is returned and the existence of the same host names existing in multiple dns zones.
If they are seriously considering adding that number of suffixes to all clients then I would suggest they study the existing DNS look up traffic and make sure to prioritize the list by both the frequently used host names and suffixes as well as the importance/time sensitivity of any of the relying apps. They should then try to determine a metric of how to order the suffixes. You would want to avoid ending up with a seldom used dns suffix that is at the bottom of list of a 100 that causes a 'critical' (to someone) app to hour-glass while waiting for a name to resolve. Also, and possibly more importantly with that number of suffixes in the list your probability of encountering names that resolve in more than one zone and having to determine who is supposed to win.
On Tue, Oct 4, 2011 at 9:33 AM, Mittleman, Riva B. <MittlemanR@coned.com<mailto:MittlemanR@coned.com>> wrote:
Yes, I have the same question, although we’re only pushing 6...
Does a long list slow down all DNS lookups?
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of Figueroa, Johnny
Sent: Thursday, September 29, 2011 3:54 PM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: RE: [ActiveDir] Windows 7 migration and handling User GPOs
Shouldn’t this go under a different subject?
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of Tony Gordon
Sent: Thursday, September 29, 2011 12:49 PM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: RE: [ActiveDir] Windows 7 migration and handling User GPOs
Group,
Does anyone have references to what potential issues can be encountered if a large number (20-30) of DNS suffices is added to a search list? I have searched and came up with nothing.
Desktop group is looking to add that many entries to the list and I heard rumors of increasing that number beyond that (possibly to a hundred).
Thank you, Tony.
Tony Gordon | Identity & Access Management Architect
Aon Service Corporation | End User Services | Global Technology Solutions & Services
MCITP:EA, Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
• 847.883.7892<tel:847.883.7892> (Direct)
tony dot gordon at aonhewitt dot tld | www.aon.com<http://www.aon.com>
P Please consider the environment before printing this e-mail.
________________________________
Akomolafe, Deji
The content of this e-mail (including any attachments) may be private, personal, sensitive, confidential or commercially privileged. If you are not (or have any reason to believe that you may not be) the intended recipient, we ask that you please delete this e-mail and destroy any copies.
________________________________
| | | |
|
|