Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Kevin RemdeFull of I.T.@KevinRemde
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
Here is a “best of” Q&A from our webcast we did today on an overview of DNS. This was part 8 of the 12 part Windows Server 2003 Administration series I delivered earlier this year.
BIG THANKS to Mr. Bryan von Axelson for helping out as our sole Q&A person today. As you see below, he did a great job of finding answers to some tough questions.
Additional resources for this session are also available HERE.
“Mr Remde did the win 2003 server series few months ago, is this the same series or material??”
Same part #8 session, only longer! I was unable to get through the 3rd demo when I only had an hour for that content last time. This time you got the full session in all of its glory!
“Can you refer me to the past webcasts on shadow copy and ASR?”
Yes indeed. http://www.microsoft.com/technet/community/events/windows2003srv/tnt4-04-links-7.mspx
“Will Kevin discuss the scenarios where reverse lookup zones are required?”
We didn’t really address that in the session, but here is some information on DNS Reverse Lookup that might help - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/edf68cca-86f1-4b89-8e44-79f768963e95.mspx
“So does it do the same thing without recursion checked or does it directly go to the root servers?”
Without recursion checked it will NOT go to the root servers. It will also not use any configured forwarders.
Here’s a really good troubleshooting document:http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e42d510a-443d-4c31-96da-f66a67a89d86.mspx
“Why is the _msdcs zone delegated to the same DNS server in Server 2003?”
This Microsoft-specific sub-domain allows location of domain controllers that have Windows Server 2003–specific roles in the domain, as well as the location by globally unique identifier (GUID) when a domain has been renamed. Check out - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/08eb226b-0192-4c05-b919-c9311bafae35.mspx
“Poll question states: ‘With recursion enabled, where does your local DNS server first look when it receives a query for an external URL?’. If recursion is not enabled will it go to the local cache or Internet root servers first?”
No - DNS process recursion can be enabled or disabled. - This means the processes of trying to satisfy a query is repeated until a solution is found. This is enabled by default causing DNS servers to contact other servers to resolve queries. If recursion is disabled, it will not look to the root servers or any external server or forwarder. It will only return results for what it knows and is locally authoritative for.
“I understand the functionality of the zone, but what doesn't make sense is that if you look under the contoso.com zone, you see that the _msdcs has been delegated, but the delegation is to a zone that exists on the same server, which is viewable just about the contoso.com zone in the GUI. Why is that done?”
This Microsoft-specific subdomain allows location of domain controllers that have Windows Server 2003–specific roles in the domain, as well as the location by globally unique identifier (GUID) when a domain has been renamed. - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/08eb226b-0192-4c05-b919-c9311bafae35.mspx
“Where was that datacenter photo taken! I've never seen such a thick mesh of cat5!!!”
“Is there anyway to get the SOA serial number to follow the more conventional YYYYMMDDNN Year,Month,Day,Version numbering?”
I am not finding anything on making it more conventional - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/f800ced0-617e-4a20-a00e-9d44a4fad1ca.mspx
“Will secure updates work with non-windows workstation?”
Depends on the settings in the Access Control List (ACL). See http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c4291308-ab72-49bb-88f6-4aa56fa21661.mspx
“If getting AD and DNS communication errors 4004 and 4015 on a reverse lookup zone, Ad is functioning correctly, can you force the removal of the zone in AD?”
I wasn’t able to find the answer to this. I did see several people online have asked the same question. If you are reading this and you’re the person who asked this, please email me directly, and I’ll see what more I can find for you. Or if someone else reading this wants to share their solution for this, please add a comment!
“When setting up a split DNS (local and Internet for the same name space), you set up the local DNS to forward but how do you answer ‘Do not use recursion for this domain’?”
I don’t think I understand this question. You’re setting up an internal DNS Server for your AD domain, maybe corp.contoso.com, where contoso.com is an externally known and managed DNS namespace. So internally on your DNS server you probably have it set up with a forwarder to some external DNS Server. Recursion shouldn’t be a problem, because queries that are internal will be resolved right away. All others will be sent to the forwarded DNS Server for that server to be responsible for finding an answer.
If I don’t get it, please comment or email me.