On 11/03/15 18:01, James wrote:> Bob, > > Take a look at the following two links. > > http://retrohack.com/a-word-or-two-about-dns-islanding/ > > http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest > > I have more than two DC's but generally I would have each one point at > the other. > >I tried that, pointing each DC to the other and my DNS resolving slowed to a crawl, hung for short periods and generally became unresponsive. I just have: search <dns domain> nameserver 127.0.0.1 on each DC, and everything works ok for me, my feelings are that because each DC runs a DNS server and replicates info to the others then each DC should be able to respond. If something has gone wrong with the DNS server then probably there are others things that have gone wrong and may not respond to any DNS request. Pointing member servers & clients at both DCs is probably a good idea. Rowland
This has been discussed several times on the mailing list. The two blogs mentioned are interesting reading. Thanks for the thoughts, everyone. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [3] "Everyone deserves an award!!" On 2015-03-11 13:52, Rowland Penny wrote:> On 11/03/15 18:01, James wrote: > >> Bob, Take a look at the following two links. http://retrohack.com/a-word-or-two-about-dns-islanding/ [1] http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest [2] I have more than two DC's but generally I would have each one point at the other. > > I tried that, pointing each DC to the other and my DNS resolving slowed to a crawl, hung for short periods and generally became unresponsive. I just have: > > search <dns domain> > nameserver 127.0.0.1 > > on each DC, and everything works ok for me, my feelings are that because each DC runs a DNS server and replicates info to the others then each DC should be able to respond. If something has gone wrong with the DNS server then probably there are others things that have gone wrong and may not respond to any DNS request. > > Pointing member servers & clients at both DCs is probably a good idea. > > RowlandLinks: ------ [1] http://retrohack.com/a-word-or-two-about-dns-islanding/ [2] http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest [3] http://www.donelsontrophy.com
Hello Rowland, Am 11.03.2015 um 19:52 schrieb Rowland Penny:> I tried that, pointing each DC to the other and my DNS resolving slowed > to a crawl, hung for short periods and generally became unresponsive. I > just have: > > search <dns domain> > nameserver 127.0.0.1The only problem that can appear is DNS islanding. Do you use the the internal DNS or BIND? Where did DNS responding slowed down? On the DCs? Or DNS in general? Regards, Marc
On 11/03/15 20:07, Marc Muehlfeld wrote:> Hello Rowland, > > Am 11.03.2015 um 19:52 schrieb Rowland Penny: >> I tried that, pointing each DC to the other and my DNS resolving slowed >> to a crawl, hung for short periods and generally became unresponsive. I >> just have: >> >> search <dns domain> >> nameserver 127.0.0.1 > > The only problem that can appear is DNS islanding. > > Do you use the the internal DNS or BIND? > Where did DNS responding slowed down? On the DCs? Or DNS in general? > > Regards, > MarcI use bind9 (I think that there are too many problems with the internal server to make it usable) When I set search example.com nameserver <the other DC> on both the DCs, DNS became virtually unusable everywhere, I tried various other permutations, but the only one that works for me (YMMV) on the DCs is search example.com nameserver 127.0.0.1 Rowland
a nice example about dns islanding. http://retrohack.com/a-word-or-two-about-dns-islanding/ and with only 2 dc's setup the resolv.confs like : DC01 Primary DNS 10.1.1.2 Secondary DNS 127.0.0.1 DC02 Primary DNS 10.1.1.1 Secondary DNS 127.0.0.1 http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx says: If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. but this is manly MS DNS based, since there was a bug in the MS DNS server, concerning islanding.. Louis>-----Oorspronkelijk bericht----- >Van: rowlandpenny at googlemail.com >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: woensdag 11 maart 2015 22:03 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] reslov.conf on two DC's > >On 11/03/15 20:07, Marc Muehlfeld wrote: >> Hello Rowland, >> >> Am 11.03.2015 um 19:52 schrieb Rowland Penny: >>> I tried that, pointing each DC to the other and my DNS >resolving slowed >>> to a crawl, hung for short periods and generally became >unresponsive. I >>> just have: >>> >>> search <dns domain> >>> nameserver 127.0.0.1 >> >> The only problem that can appear is DNS islanding. >> >> Do you use the the internal DNS or BIND? >> Where did DNS responding slowed down? On the DCs? Or DNS in general? >> >> Regards, >> Marc > >I use bind9 (I think that there are too many problems with the >internal >server to make it usable) > >When I set > >search example.com >nameserver <the other DC> > >on both the DCs, DNS became virtually unusable everywhere, I tried >various other permutations, but the only one that works for me >(YMMV) on >the DCs is > >search example.com >nameserver 127.0.0.1 > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >