Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » DNS zone transfer
DNS zone transfer [message #371742] Tue, 19 January 2010 09:05 Go to next message
southpaw  is currently offline southpaw  United States
Messages: 61
Registered: July 2009
Member
Hi All,

Just want to clarify ... I have read it is not recommended to configure a
notify list for Integrated active zones because it can degrade system
performance. However it is recommended to use notify list for secondary (
non- Active Integrated zones) . Can someone pls confirm?

TIA..
Re: DNS zone transfer [message #371798 is a reply to message #371742] Tue, 19 January 2010 10:02 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
- How many DNS Zones do you have? How many Secondaries DNs servers would be
notified?
- In most scenarios, I don't see problems with that. In very large scenarios
things generally don't work that way, I mean, If a DNS Zone is ADI, then,
generally, That Zone will only exist in the DCs without Secondary DNS server
on the client's site.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"southpaw" <nospam@somewhere.com> wrote in message
news:egCv0ESmKHA.3792@TK2MSFTNGP02.phx.gbl...
> Hi All,
>
> Just want to clarify ... I have read it is not recommended to configure a
> notify list for Integrated active zones because it can degrade system
> performance. However it is recommended to use notify list for secondary
> ( non- Active Integrated zones) . Can someone pls confirm?
>
> TIA..
Re: DNS zone transfer [message #373360 is a reply to message #371742] Tue, 19 January 2010 19:31 Go to previous messageGo to next message
Jonathan de Boyne Pol  is currently offline Jonathan de Boyne Pol  United Kingdom
Messages: 232
Registered: January 2010
Senior Member
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<blockquote cite="mid:egCv0ESmKHA.3792@TK2MSFTNGP02.phx.gbl" type="cite">
<p>Just want to clarify ... I have read it is not recommended to
configure a notify list for Integrated active zones because it can
degrade&nbsp; system performance.</p>
</blockquote>
<p>It's not recommended to configure a notify list because it's <em>mixing
and matching two different DNS database replication mechanisms</em>:
Active Directory and "zone transfer".&nbsp; Such notifications are part of
the "zone transfer" database replication mechanism.&nbsp; The "master"
content DNS server sends notificiations to "slaves", letting the slaves
know that there are updates available and that they should initiate
zone transfers if they so desire.&nbsp; If one is replicating one's DNS data
using Active Directory, then it's sensless to be sending "zone
transfer" notifications around, since one isn't using the "zone
transfer" mechanism to replicate those data in the first place.<br>
</p>
</body>
</html>
Re: DNS zone transfer [message #373565 is a reply to message #371742] Thu, 21 January 2010 02:26 Go to previous messageGo to next message
Dave Warren  is currently offline Dave Warren  Canada
Messages: 162
Registered: July 2009
Senior Member
In message <egCv0ESmKHA.3792@TK2MSFTNGP02.phx.gbl> "southpaw"
<nospam@somewhere.com> was claimed to have wrote:

>Just want to clarify ... I have read it is not recommended to configure a
>notify list for Integrated active zones because it can degrade system
>performance. However it is recommended to use notify list for secondary (
>non- Active Integrated zones) . Can someone pls confirm?

Active Directory synchronized DNS servers exchange data through AD,
notifies are completely ignored. They're trivially small simple
requests, you won't see any performance hit from leaving notifies
enabled, but since they're totally disregarded by AD DNS servers for AD
enabled zones, there is no advantage in sending them.

However, if you have any non-AD DNS servers *or* non-AD integrated
zones, then you'll probably want to send notifies to those servers.
Re: DNS zone transfer [message #373818 is a reply to message #371742] Thu, 21 January 2010 09:40 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"southpaw" <nospam@somewhere.com> wrote in message
news:egCv0ESmKHA.3792@TK2MSFTNGP02.phx.gbl...
> Hi All,
>
> Just want to clarify ... I have read it is not recommended to configure a
> notify list for Integrated active zones because it can degrade system
> performance. However it is recommended to use notify list for secondary
> ( non- Active Integrated zones) . Can someone pls confirm?
>
> TIA..


Southpaw,

You received an explanation regarding why from a few other folks. AD
integration means the zone data is stored in the actual AD database and
replicates to other DCs, so notificatons are superfluous.

I am curious of your current infrastructure config, how many zones exist and
what type of zones they are (ADI or Primary/Secondaries). If you are not
using Primary/Secondaries, it's something you don't have to worry about or
set. Are you seeing any errors that prompted your question?

Thank you,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Re: DNS zone transfer [message #377213 is a reply to message #373818] Tue, 26 January 2010 02:11 Go to previous messageGo to next message
Jonathan de Boyne Pol  is currently offline Jonathan de Boyne Pol  United Kingdom
Messages: 232
Registered: January 2010
Senior Member
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<blockquote cite="mid:OGiHlzinKHA.5524@TK2MSFTNGP05.phx.gbl" type="cite">
<p>My question is since I don't have rights to administer this DNS
server how can I speed up the changes to the secondary on my DCs.? I
search for notify option on the secondary zone but was unable to find
such setting or perhaps I am mistaken..
</p>
</blockquote>
<p>Yes, you're mistaken.&nbsp; As I wrote before, notifications are sent <em>from</em>
the "master" <em>to</em> the "slave".&nbsp; So whether and when
notifications are generated is, obviously, a configuration option <em>on
the master</em>.&nbsp; There's nothing that you, on the slave, can do to
alter whether and when the master decides to inform you about things.&nbsp;
That's for the people in that "different group" to configure.&nbsp; If they
make changes in their DNS data and those changes don't propagate to
other content DNS servers quickly enough for your taste, then it's <em>their</em>
problem to fix.&nbsp; They are the ones maintaining the server, and they are
the ones with the machine that has the sole knowledge of when DNS data
have been changed.<br>
</p>
<p>Your only option, from where you stand, is to decide not to
replicate those data, and to decide to force all enquiries to go
directly to the master content DNS server that that "different group"
runs.&nbsp; (This can be done in two ways: conditional forwarding, to pass
off the entire job of query resolution to that other group's server, or
"stub zones", to retain the task of query resolution yourself locally,
but to ensure that your resolving proxy contacts the other group's
content server.)&nbsp; Obviously, you're replicating the DNS content because
you don't want the extra long-distance query traffic and you don't want
to rely upon the network links always being up.&nbsp; So there's a price for
that option that you will vrey probably be unwilling to pay.&nbsp; You need
to decide whether you want to pay that price, or whether you will find
it cheaper to talk to that "different group" about its server sending
notification messages.<br>
</p>
</body>
</html>
Re: DNS zone transfer [message #377460 is a reply to message #377213] Tue, 26 January 2010 08:36 Go to previous messageGo to next message
southpaw  is currently offline southpaw  United States
Messages: 61
Registered: July 2009
Member
Jonathan,

Thank you for your valuable input. ..

I wanted to get all the facts in before I contact DNS group. Now that I am armed with this insightful knowledge I think I would resort to the latter option and contact the Meta ip DNS server group and perhaps suggest setting up notification messages on the Master .

One question,.. Alert notification can only be set up on the Master/primary DNS server, correct . Also, is there any relation to alert notification messages and SOA refresh interval?

Thanks again.
"Jonathan de Boyne Pollard" <J.deBoynePollard-newsgroups@NTLWorld.COM> wrote in message news:IU.D20100126.T091115.P9632.Q0@J.de.Boyne.Pollard.localhost...
My question is since I don't have rights to administer this DNS server how can I speed up the changes to the secondary on my DCs.? I search for notify option on the secondary zone but was unable to find such setting or perhaps I am mistaken..

Yes, you're mistaken. As I wrote before, notifications are sent from the "master" to the "slave". So whether and when notifications are generated is, obviously, a configuration option on the master. There's nothing that you, on the slave, can do to alter whether and when the master decides to inform you about things. That's for the people in that "different group" to configure. If they make changes in their DNS data and those changes don't propagate to other content DNS servers quickly enough for your taste, then it's their problem to fix. They are the ones maintaining the server, and they are the ones with the machine that has the sole knowledge of when DNS data have been changed.


Your only option, from where you stand, is to decide not to replicate those data, and to decide to force all enquiries to go directly to the master content DNS server that that "different group" runs. (This can be done in two ways: conditional forwarding, to pass off the entire job of query resolution to that other group's server, or "stub zones", to retain the task of query resolution yourself locally, but to ensure that your resolving proxy contacts the other group's content server.) Obviously, you're replicating the DNS content because you don't want the extra long-distance query traffic and you don't want to rely upon the network links always being up. So there's a price for that option that you will vrey probably be unwilling to pay. You need to decide whether you want to pay that price, or whether you will find it cheaper to talk to that "different group" about its server sending notification messages.


--
Re: DNS zone transfer [message #377559 is a reply to message #377460] Tue, 26 January 2010 10:24 Go to previous messageGo to next message
Dave Warren  is currently offline Dave Warren  Canada
Messages: 162
Registered: July 2009
Senior Member
In message <ubnkK1pnKHA.1544@TK2MSFTNGP02.phx.gbl> "southpaw"
<nospam@somewhere.com> was claimed to have wrote:

>Alert notification can only be set up on
>the Master/primary DNS server, correct .

In this context, yes.

>Also, is there any relation to alert notification
>messages and SOA refresh interval?

They do similar things, but in different ways.

The SOA refresh interval tells secondary servers how often to check with
the master for zone file updates. In the absence of notifications, this
controls how long it will take before updates are noticed.

Notifies largely negate the refresh interval since they allow the master
to tell the slaves when an update has been made. However, notifies are
pushed out and there is no mechanism to ensure they're delivered
successfully, so the refresh interval still needs to be set to something
sane to handle the case of a lost notify.
Re: DNS zone transfer [message #378680 is a reply to message #377559] Wed, 27 January 2010 16:47 Go to previous message
southpaw  is currently offline southpaw  United States
Messages: 61
Registered: July 2009
Member
Thanks Dave...

"Dave Warren" <dave-usenet@djwcomputers.com> wrote in message
news:g19ul5de2j6b7qi84jtu8ln6v6aj2f07jr@4ax.com...
> In message <ubnkK1pnKHA.1544@TK2MSFTNGP02.phx.gbl> "southpaw"
> <nospam@somewhere.com> was claimed to have wrote:
>
>>Alert notification can only be set up on
>>the Master/primary DNS server, correct .
>
> In this context, yes.
>
>>Also, is there any relation to alert notification
>>messages and SOA refresh interval?
>
> They do similar things, but in different ways.
>
> The SOA refresh interval tells secondary servers how often to check with
> the master for zone file updates. In the absence of notifications, this
> controls how long it will take before updates are noticed.
>
> Notifies largely negate the refresh interval since they allow the master
> to tell the slaves when an update has been made. However, notifies are
> pushed out and there is no mechanism to ensure they're delivered
> successfully, so the refresh interval still needs to be set to something
> sane to handle the case of a lost notify.
Previous Topic:Problems with KB978207 - out of band IE patch
Next Topic:AD/Network design question
Goto Forum:
  


Current Time: Tue Jan 16 10:39:31 MST 2018

Total time taken to generate the page: 0.08288 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software