2.7 DNS Server Placement

The first domain controller in the tree hosts the DNS server by default. For other DSfW installations, such as child and additional domain controllers, the DNS server is optional and is not enabled by default.

You can plan to introduce additional DNS servers in the Domain for the following situations:

  • To achieve fault tolerance.

  • To restrict DNS traffic in a remote office where an additional domain controller or a sub-domain is planned.

  • If you need a complete delegated model of administration and you want every component to be local.

Follow the guidelines and recommendations given below:

  • Configure at least two DNS servers hosting the DNS zones for DSfW. Both DNS servers should be configured during DSfW configuration.

  • If the workstations need to use other DNS servers, add secondary zones of the DSfW DNS zones in these servers.

  • Since it is difficult to post install and post configure DNS on a DSfW server, Novell recommends you to install and configure DNS on all domain controllers. It is not essential to use DNS service installed and configured on other OES servers and they can be deactivated on servers where it is not required.

  • There can be only one designated primary DNS server for a specific DNS zone, and it must be running on one of the domain controllers for a domain. The forward lookup zone and all reverse lookup zones of clients that need to be dynamically updated in DNS must be hosted as a designated primary zone on the DSfW server. The dynamic updates are always sent from the clients to the DNS server that is hosting the designated primary zone.

2.7.1 DNS Zone Resolution

For most DNS deployments, you must have two central DNS servers that host every DNS Zone in the eDirectory tree. All remote DNS servers host zones for their location (forward and reverse) and forward the unresolved queries to the two central DNS servers. The DSfW DNS servers that are introduced at child domains must have forward list set to at least two trusted forest root domain DSfW DNS Servers.

The forest root domain DSfW DNS servers must be made authoritative (primary) for all the reverse lookup zones and for all the forward zones if a delegate zone approach is not possible. Ensure that you create the necessary reverse zones for all of the subnets used in your environment, using the DNS/DHCP Management Console.

The designated primary for a zone (forward or reverse) that is under the DSfW domain must be the server that handles the dynamic updates. This must either be the domain controller or the server that communicates with the DHCP server.

For information about DNS and DSfW integration, see DNS-DSfW Integration.