DNS Configuration in Active Directory

[c4p0ne]

The question has to be, is there any way to re-direct "DNS Misses" to another address?

Basically I want to do some sort of DNS acceleration and the machine that will be doing it probably will not be running Windows. I personally don't like the idea but its something that may be forced upon me by non-Windows users who may not realize the consequences of f*cking with an already [not so] smooth-running Active Directory. Is there anyway to "optimize/accelerate DNS" right on the PDC/BDC without having to do this? AD (Server 2003) is running "decent" and I don't want to change that potentially causing elevated blood-pressure levels for the duration of countless hours I may have to spend fixing a f*ck-up.

Is anyone running a setup like the one I might have to configure? What do you seasoned AD guys recommend?

[YeOldeStonecat]

Well, if you have active directory, the mainstream traditional approach is to have DNS running on your DCs, and client servers and workstations pointing to that. Because AD runs integrated with DNS. Having an outside DNS service used for DNS will cause AD to break.

Now if you're having performance issues (which I'm thinking is perhaps what's making you ask this question since you're asking about something that accelerates DNS)...the answer is to step back and look at your setup. Is your DC too overloaded..in that you seem to have very slow name resolution for your LAN, or resolution for external sites? Specifically what is your issue?

Smaller networks usually start out with one server..and people start by running everything off of that one server. Eventually as your network grows...a heavier load starts getting placed on that server, you'll have that one server doing AD/infrastructure..DNS/DHCP etc, and file and print sharing, and perhaps hosting an application or two, and perhaps Exchange e-mail, and..and.. It becomes desirable to start breaking up your server roles into different servers. I like to start having a separate server for each major role. Have 1x server be your DC/infrastructure server...doing nothing but that. Have 1x server be your file/print sharing server. Having another server host your applications. Having another server run your Exchange.

Do I mean separate physical servers? No, not necessarily, you can still keep this economically affordable to the bean counters by taking the virtual approach. One or two physical servers..each running a hypervisor and hosting a couple of virtual servers in there. With the cost of physical serveres being very low now, you can build a danged potent 2U server with a couple of 4 core Xeons in there and 24 or 36 or more gigs of RAM, get a fiber SAN attached to it and slap a bunch of 15k rpm drives in there ..spread the RAID arrays in there, spread the load of your virtual servers across those, and you can do this quite economically. You can spread out a migration to this over time also...I'm ready to take my biggest client to another step in this process that I started a couple of years ago.

Another approach that some places seem to take, those that like *nix in the mix, is have DNS run on a *nix box and tie in with their AD using "DNS Bind". I've not done this, so I have no input on that subject.