AD and multiple DNS zones on a multi-homed server
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

AD and multiple DNS zones on a multi-homed server

 
Post new topic   Reply to topic    Forum Index -> microsoft.public.windows.server.active_directory
Author Message
Dave Shawley
Guest
PostPosted: Sat Jan 12, 2008 3:14 am    Post subject: AD and multiple DNS zones on a multi-homed server Reply with quote
Now doesn't this sound like fun!

The system that I am working on now has four physically distinct
networks each a separate NIC for each network. Don't ask why I am
doing this since it would take a while to explain and probably isn't
even germane. I am doing this with a set of Windows 2003 servers. The
DNS service is hosted on the DCs and each network has its own DNS zone
assigned to it. The tricky part is the DNS layout that I am using.
I'll use "dev.local" as the Active Directory DNS Domain Name for
example. In this case, the four DNS zones would be named
"net1.dev.local", "net2.dev.local", "net3.dev.local", and
"net4.dev.local". I have each NIC configured to register itself in DNS
using the assigned network-specific DNS suffix.

Now... I'm not entirely sure if this is a problem or not. I suspect
that Windows 2003 is quite unhappy with the fact that I do not have a
NIC using the Active Directory name as the suffix. What I am seeing is
the NS records in the Active Directory domain ("dev.local") are
mysteriously disappearing.

I configured Active Directory and DNS initially with only one network
using the "dev.local" DNS suffix. Then I manually add the other 4 sub-
zones and adjust the DNS suffix on each NIC appropriately. Now I have
each sub-zone configured so that the NS records are not automatically
created (via dnscmd). I create separate NS records for the appropriate
NIC on each DC and assigned them to the sub-zone. Shortly after this,
the NS records in the top-level domain ("dev.local" the AD zone)
disappear. So that is problem #1.

I'm not entirely sure if no having NS records in the AD zone will
cause problems in the future or not. It doesn't seem to be causing
problems currently. One problem that I am seeing, however, was
uncovered with DNS lint. Even though the TLD does not have NS records
registered, every zone has the top-level name for the DC in its SOA
record! This is making DNS Lint very unhappy and I'm expecting that it
may cause me problems in the future.

Just in case, my rambling made no sense whatsoever, here is a recap of
the configuration:
(1) The Active Directory Domain is named "dev.local"
(2) The top-level DNS zone is named "dev.local"
(3) The top-level DNS zone does not contain any NS records
(4) The Name Server member of the SOA record for "dev.local" points to
dc1.dev.local
(5) Each sub-zone contains one NS record for the network-specific
address of each DC
(6) The Name Server member of the SOA for each sub-zone points to
dc1.dev.local
(7) The top-level DNS zone contains four address (A) records for
server - one for each network

No matter what I do, the Microsoft DNS server resets the name server
in every SOA to the Active Directory name of the DC (e.g.,
"dc1.dev.local"). This is really annoying me... does anyone know how
to make the DNS server stop doing this?

Thanks in advance,
Dave.
--
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> microsoft.public.windows.server.active_directory All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory