|
Home > Archive > microsoft.public.cert.exams.mcse > June 2002 > Dns Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Why are there two forward look up zones when you do a
straight active directory set up. There is one folder with
a . next to it which is standard primary and a folder with
my domain name next to it and active directory int which
I've set up. I set up everything as active directory not
standard primary. Whats the . forward lookup zone for?
Maybe I missed soemthing here. Naive domain, Win 2000
clients (obviously)
Thanks for any info. Its not causing a problem, just
curious!
| |
| 70-224 2002-06-22, 6:55 pm |
| "Nick" <look@yourself.com> wrote in message
> Why are there two forward look up zones when you do a
> straight active directory set up. There is one folder with
> a . next to it which is standard primary and a folder with
> my domain name next to it and active directory int which
> I've set up. I set up everything as active directory not
> standard primary. Whats the . forward lookup zone for?
> Maybe I missed soemthing here. Naive domain, Win 2000
> clients (obviously)
Not obviously. Native just means no down level DCs. Clients can be anything
even Dos and Win 3.11 machines (and yes I have to run those too).
> Thanks for any info. Its not causing a problem, just
> curious!
It's the root. A DNS name of www.microsoft.com is actually incomplete. It's
real name is:
www.microsoft.com.
Notice that "." at the end there. It makes sense if you remember that when
asking for a resolution you need to know who to ask for that "com" or "net"
part of the name. Especially now that there are so many of them like "to"
for the island nation of Tonga I believe. So who do you ask? You ask the
root of the internet. How does a server now where to find that one root?
Well either it has a "." forward lookup zone like your DNS in which case it
thinks it knows everything there is to know. Or you delete it and use 13
root hints which are addresses pre-entered (a bit like a hosts file really)
that hopefully don't change.
| |
|
| Thanks for that 224. So if I delete the "." I will have to
add data into root hints so it knows where to look? Like
an external ISP DNS Server? We're not connected to the
internet her by the way.
>-----Original Message-----
>"Nick" <look@yourself.com> wrote in message
>> Why are there two forward look up zones when you do a
>> straight active directory set up. There is one folder
with
>> a . next to it which is standard primary and a folder
with
>> my domain name next to it and active directory int which
>> I've set up. I set up everything as active directory not
>> standard primary. Whats the . forward lookup zone for?
>> Maybe I missed soemthing here. Naive domain, Win 2000
>> clients (obviously)
>
>Not obviously. Native just means no down level DCs.
Clients can be anything
>even Dos and Win 3.11 machines (and yes I have to run
those too).
>
>> Thanks for any info. Its not causing a problem, just
>> curious!
>
>It's the root. A DNS name of www.microsoft.com is
actually incomplete. It's
>real name is:
> www.microsoft.com.
>Notice that "." at the end there. It makes sense if you
remember that when
>asking for a resolution you need to know who to ask for
that "com" or "net"
>part of the name. Especially now that there are so many
of them like "to"
>for the island nation of Tonga I believe. So who do you
ask? You ask the
>root of the internet. How does a server now where to find
that one root?
>Well either it has a "." forward lookup zone like your
DNS in which case it
>thinks it knows everything there is to know. Or you
delete it and use 13
>root hints which are addresses pre-entered (a bit like a
hosts file really)
>that hopefully don't change.
>
>
>.
>
| |
| 70-224 2002-06-22, 6:55 pm |
| "Nick" <look@yourself.com> wrote in message
> Thanks for that 224. So if I delete the "." I will have to
> add data into root hints so it knows where to look? Like
> an external ISP DNS Server? We're not connected to the
> internet her by the way.
If you are not connected to the internet and have no pressing need to fiddle
with it then leaving it alone would probably be wise. TBH I can't remember
if Win2k automatically repopulates the root hints list if you delete the
root lookup zone. I use an XP machine to manage DNS and that has a button to
copy root hints from another server.
However I wouldn't use root hints anyway. I prefer to save bandwidth and use
forwarders instead and let my ISPs DNS servers do the work. That's what they
get paid for....
| |
| Don Julio 2002-06-22, 6:55 pm |
| How do you disable root hints? Just delete them?
"70-224" <Iggy@the.pop> wrote in message
news:F9kQ8.68644$Y8.608655@news.easynews.com...
> "Nick" <look@yourself.com> wrote in message
> > Thanks for that 224. So if I delete the "." I will have to
> > add data into root hints so it knows where to look? Like
> > an external ISP DNS Server? We're not connected to the
> > internet her by the way.
>
> If you are not connected to the internet and have no pressing need to
fiddle
> with it then leaving it alone would probably be wise. TBH I can't remember
> if Win2k automatically repopulates the root hints list if you delete the
> root lookup zone. I use an XP machine to manage DNS and that has a button
to
> copy root hints from another server.
>
> However I wouldn't use root hints anyway. I prefer to save bandwidth and
use
> forwarders instead and let my ISPs DNS servers do the work. That's what
they
> get paid for....
>
>
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Thu, 20 Jun 2002 04:00:25 -0700, in
microsoft.public.cert.exam.mcse, Nick (look@yourself.com) said,
>
> Why are there two forward look up zones when you do a
> straight active directory set up. There is one folder with
> a . next to it which is standard primary and a folder with
> my domain name next to it and active directory int which
> I've set up. I set up everything as active directory not
> standard primary. Whats the . forward lookup zone for?
> Maybe I missed soemthing here. Naive domain, Win 2000
> clients (obviously)
>
It's because you let dcpromo configure DNS. When you do that and when
you don't have a DNS infrastructure set up *before* you run dcpromo,
it creates a root zone.
70-224 has clarified further.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Thu, 20 Jun 2002 12:47:33 GMT, in
microsoft.public.cert.exam.mcse, 70-224 (Iggy@the.pop) said,
> If you are not connected to the internet and have no pressing need to fiddle
> with it then leaving it alone would probably be wise. TBH I can't remember
> if Win2k automatically repopulates the root hints list if you delete the
> root lookup zone.
>
It does.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Thu, 20 Jun 2002 14:41:06 +0100, in
microsoft.public.cert.exam.mcse, Don Julio (me@work.com) said,
> How do you disable root hints? Just delete them?
>
Rename cache.dns or add the root zone back.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| Or, enslave your DNS server to its Forwarder(s) by use
of the checkbox on the Forwarders definition sheet.
--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
"Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.177ba9e35db453b8989edb@msnews.microsoft.com...
> circa Thu, 20 Jun 2002 14:41:06 +0100, in
> microsoft.public.cert.exam.mcse, Don Julio (me@work.com) said,
> > How do you disable root hints? Just delete them?
> >
> Rename cache.dns or add the root zone back.
>
> Laura
> --
> One man's mundane and boring existence is another man's Technicolor.
> -Tick, Strange Days
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Thu, 20 Jun 2002 23:37:12 -0700, in
microsoft.public.cert.exam.mcse, Roger Abell [MVP]
(mvpNOSPAM@asu.edu) said,
>
> "Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
> news:MPG.177ba9e35db453b8989edb@msnews.microsoft.com...
> > circa Thu, 20 Jun 2002 14:41:06 +0100, in
> > microsoft.public.cert.exam.mcse, Don Julio (me@work.com) said,
> > > How do you disable root hints? Just delete them?
> > >
> > Rename cache.dns or add the root zone back.
> >
> Or, enslave your DNS server to its Forwarder(s) by use
> of the checkbox on the Forwarders definition sheet.
>
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
But that doesn't actually disable them.
From help:
"Using forwarders exclusively (no recursion)
When a DNS server is configured to use forwarders, they are used
before any other means of resolving a name is tried. If the list of
forwarders fails to provide a positive answer, a DNS server can
attempt to resolve the query itself using iterative queries and
standard recursion.
A server can also be configured to not perform recursion after
forwarders fail. In this configuration, the server does not attempt
any further recursive queries itself to resolve the name. Instead, it
fails the query if it does not get a successful query response from
any of the forwarders.
This forces a DNS server to use its configured forwarders exclusively
to perform final resolution when resolving a name query. In this mode
of operation, a server configured to use forwarders can still check
in its configured zones first to attempt to resolve a queried name.
If it finds a match in its authoritative data there, it can answer
the query based on that information.
To use this option, select the Do not use recursion option on the
Forwarders tab when a server is configured to use forwarders.
Note
When using forwarders, queries are sent to each forwarder in the
list, which is given a time-out value, in seconds, within which it
must respond before the next forwarder is tried."
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| Hi Laura,
?? It does make it so that it will never use them, which
does seem very close to disabling them. It seems that the
quote you have provided confirms this as the behavior.
The server will answer from its zones, or its cached records,
if possible. If these fail and the name query is for a name from
a zone it does not hold, it will then use the Forwarders. If the
Forwarders do not reply within the DNS servers timeout
tolerance, the DNS server will: without this box checked, begin
to work the query using its root hints; with this box checked, it
does not. This is the resolution path. The DNS server does
not use a different resolution path. Thus, with it check, use of
the Root Hints is shut off. Is this not disabled ??
Note: info applies to W2k, .Net differs regarding forwarding
--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.177c9f6b7b232631989eed@msnews.microsoft.com...
> circa Thu, 20 Jun 2002 23:37:12 -0700, in
> microsoft.public.cert.exam.mcse, Roger Abell [MVP]
> (mvpNOSPAM@asu.edu) said,
>
> >
> > "Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in
message
> > news:MPG.177ba9e35db453b8989edb@msnews.microsoft.com...
> > > circa Thu, 20 Jun 2002 14:41:06 +0100, in
> > > microsoft.public.cert.exam.mcse, Don Julio (me@work.com) said,
> > > > How do you disable root hints? Just delete them?
> > > >
> > > Rename cache.dns or add the root zone back.
> > >
> > Or, enslave your DNS server to its Forwarder(s) by use
> > of the checkbox on the Forwarders definition sheet.
> >
> > --
> > Roger Abell
> > MS MVP (Windows Platform), MCSE, MCDBA
>
> But that doesn't actually disable them.
>
> From help:
>
> "Using forwarders exclusively (no recursion)
> When a DNS server is configured to use forwarders, they are used
> before any other means of resolving a name is tried. If the list of
> forwarders fails to provide a positive answer, a DNS server can
> attempt to resolve the query itself using iterative queries and
> standard recursion.
>
> A server can also be configured to not perform recursion after
> forwarders fail. In this configuration, the server does not attempt
> any further recursive queries itself to resolve the name. Instead, it
> fails the query if it does not get a successful query response from
> any of the forwarders.
>
> This forces a DNS server to use its configured forwarders exclusively
> to perform final resolution when resolving a name query. In this mode
> of operation, a server configured to use forwarders can still check
> in its configured zones first to attempt to resolve a queried name.
> If it finds a match in its authoritative data there, it can answer
> the query based on that information.
>
> To use this option, select the Do not use recursion option on the
> Forwarders tab when a server is configured to use forwarders.
>
> Note
>
> When using forwarders, queries are sent to each forwarder in the
> list, which is given a time-out value, in seconds, within which it
> must respond before the next forwarder is tried."
>
> Laura
>
> --
> One man's mundane and boring existence is another man's Technicolor.
> -Tick, Strange Days
| |
| 70-224 2002-06-22, 6:55 pm |
| "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> Note: info applies to W2k, .Net differs regarding forwarding
What does .Net do differently?
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| allows definition of selective forwarders
Whereas W2k only allows for forwarders that are
always used for all names, .Net allows use of
different forwarders based on what the name is
--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"70-224" <Iggy@the.pop> wrote in message
news:S9JQ8.199033$og1.29383@news.easynews.com...
> "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> > Note: info applies to W2k, .Net differs regarding forwarding
>
> What does .Net do differently?
>
>
| |
| 70-224 2002-06-22, 6:55 pm |
| "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> allows definition of selective forwarders
>
> Whereas W2k only allows for forwarders that are
> always used for all names, .Net allows use of
> different forwarders based on what the name is
Thanks. Not much practical use for me but I guess that'll be handy for some.
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:#CmgXsUGCHA.2672@tkmsftngp13...
> allows definition of selective forwarders
>
> Whereas W2k only allows for forwarders that are
> always used for all names, .Net allows use of
> different forwarders based on what the name is
>
bad form, but . . .
I forgot to mention that the ability to define stub zones
also impacts whether forwarders are used at all for
names in those stubbed zones.
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
> Associate Expert - Windows XP ExpertZone
> http://www.microsoft.com/windowsxp/expertzone
>
> "70-224" <Iggy@the.pop> wrote in message
> news:S9JQ8.199033$og1.29383@news.easynews.com...
> > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> > > Note: info applies to W2k, .Net differs regarding forwarding
> >
> > What does .Net do differently?
> >
> >
>
>
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Fri, 21 Jun 2002 10:03:59 -0700, in
microsoft.public.cert.exam.mcse, Roger Abell [MVP]
(mvpNOSPAM@asu.edu) said,
>
> ?? It does make it so that it will never use them, which
> does seem very close to disabling them. It seems that the
> quote you have provided confirms this as the behavior.
>
No, it only makes it so that root hints are never used *if* you
select the option to disable recursion. Enabling forwarders, in and
of itself, neither removes root hints nor stops them from being used.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Fri, 21 Jun 2002 11:21:52 -0700, in
microsoft.public.cert.exam.mcse, Roger Abell [MVP]
(mvpNOSPAM@asu.edu) said,
> >
> > Whereas W2k only allows for forwarders that are
> > always used for all names, .Net allows use of
> > different forwarders based on what the name is
> >
>
> bad form, but . . .
> I forgot to mention that the ability to define stub zones
> also impacts whether forwarders are used at all for
> names in those stubbed zones.
>
>
..Net DNS rocks.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| "Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.177d7599986ddefe989ef6@msnews.microsoft.com...
> circa Fri, 21 Jun 2002 10:03:59 -0700, in
> microsoft.public.cert.exam.mcse, Roger Abell [MVP]
> (mvpNOSPAM@asu.edu) said,
> >
> > ?? It does make it so that it will never use them, which
> > does seem very close to disabling them. It seems that the
> > quote you have provided confirms this as the behavior.
> >
> No, it only makes it so that root hints are never used *if* you
> select the option to disable recursion. Enabling forwarders, in and
> of itself, neither removes root hints nor stops them from being used.
>
> Laura
hmmm . . .
Somehow I think that is what my initial post was adding to the thread :-)
--
Roger
| |
| Roger Abell [MVP] 2002-06-22, 6:55 pm |
| "Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.177d75c2322bd36d989ef7@msnews.microsoft.com...
> circa Fri, 21 Jun 2002 11:21:52 -0700, in
> microsoft.public.cert.exam.mcse, Roger Abell [MVP]
> (mvpNOSPAM@asu.edu) said,
> > >
> > > Whereas W2k only allows for forwarders that are
> > > always used for all names, .Net allows use of
> > > different forwarders based on what the name is
> > >
> >
> > bad form, but . . .
> > I forgot to mention that the ability to define stub zones
> > also impacts whether forwarders are used at all for
> > names in those stubbed zones.
> >
> >
> .Net DNS rocks.
>
> Laura
The improved scenario coverage is nice, but I would
have preferred if DNS views had made it in ;-)
--
Roger
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Fri, 21 Jun 2002 23:48:54 -0700, in
microsoft.public.cert.exam.mcse, Roger Abell [MVP]
(mvpNOSPAM@asu.edu) said,
> > .Net DNS rocks.
> >
> > Laura
>
> The improved scenario coverage is nice, but I would
> have preferred if DNS views had made it in ;-)
>
Too true.
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Laura A. Robinson 2002-06-22, 6:55 pm |
| circa Fri, 21 Jun 2002 23:48:35 -0700, in
microsoft.public.cert.exam.mcse, Roger Abell [MVP]
(mvpNOSPAM@asu.edu) said,
> > > ?? It does make it so that it will never use them, which
> > > does seem very close to disabling them. It seems that the
> > > quote you have provided confirms this as the behavior.
> > >
> > No, it only makes it so that root hints are never used *if* you
> > select the option to disable recursion. Enabling forwarders, in and
> > of itself, neither removes root hints nor stops them from being used.
> >
> > Laura
>
> hmmm . . .
> Somehow I think that is what my initial post was adding to the thread :-)
>
"Or, enslave your DNS server to its Forwarder(s) by use
of the checkbox on the Forwarders definition sheet."
There are two checkboxes on that property page- one to enable
forwarders, and if that is enabled, then the second one to disable
recursion is then no longer greyed out. I had read your post as
referring to the former as opposed to the latter. Apologies for the
misinterpretation. :-)
Laura
--
One man's mundane and boring existence is another man's Technicolor.
-Tick, Strange Days
| |
| Norbert Pitters 2002-06-24, 7:25 am |
| this is by design:
take a look at:
http://support.microsoft.com/search...b;en-us;Q229840
A DNS server behaves as a root server if there is a zone named "." on the
server. The "." zone indicates that the server is a top-level root server.
Because a root server is at the top of the DNS hierarchy, it cannot be
configured to forward and does not require root hints.
When you run the Active Directory Installation Wizard (Dcpromo.exe), you can
configure a DNS server on the local computer and configure the forward
lookup zones. The wizard examines the TCP/IP configuration on the computer
and determines whether the computer is configured to use any DNS servers. If
so, the Active Directory Installation Wizard queries for the root servers.
If the computer is not configured to use any DNS servers, the wizard queries
the root servers listed in the Cache.dns file (the Internet root servers).
If the wizard cannot contact any root servers, it configures the local
computer as a root server and creates the "." zone.
"Nick" <look@yourself.com> schrieb im Newsbeitrag
news:10cfd01c21849$ae87cd90$3b
ef2ecf@TKMSFTNGXA10...
> Why are there two forward look up zones when you do a
> straight active directory set up. There is one folder with
> a . next to it which is standard primary and a folder with
> my domain name next to it and active directory int which
> I've set up. I set up everything as active directory not
> standard primary. Whats the . forward lookup zone for?
> Maybe I missed soemthing here. Naive domain, Win 2000
> clients (obviously)
>
> Thanks for any info. Its not causing a problem, just
> curious!
|
|
|
|
|