DNS Policies allow you to control how a DNS Server handles queries/responses based on various parameters such as client IP subnet, the IP address of the network interface which received the DNS request, or even the time of day. One use-case for a DNS Policy is the ability to provide clients geographically-appropriate resources for a given name, based on the client’s IP address. Another common configuration for many customers is some sort of “split-brain” DNS where the same DNS domain name (i.e. CONTOSO.COM) is used both on the Internet and on the internal corporate network but the name may resolve to different internal/external IP addresses. With DNS Policies, this configuration…

Dougga here – PFE (or “poofy” as one of my customers likes to call us). The DNS scavenging topic never dies – bear with me and I will reveal a not so obvious configuration to control which servers can scavenge a zone. Let’s go with a simple multi-domain forest named Contoso.com that has 3 child domains and AD integrated DNS configured to replicate as shown in the table below and try to not have more than 1 or 2 scavenging severs per DNS zone. Domain DNS Scavenging server Contoso.com Domain replicated in contoso ContosoDC1 _msdcs.contoso.com Forest replicated ContosoDC1 Child1.contoso.com Domain replicated in child1 Child1DC1 Child2.contoso.com Domain replicated in child2 Child2DC1…

Hello, my name is Pierre Ricca, and I am a Premier Field Engineer focused on Active Directory and PowerShell scripting. I started working at Microsoft France as PFE in November 2010. An important part of my job consists of delivering health checks, risk assessments, and knowledge transfer around those technologies for our Premier customers in France. Introduction From the field, I have been asked many times by our customers to provide advices and best practices on how to optimize their DNS resolution. Even if each customers DNS topology is unique, we have some common recommendations. You are probably aware that hosting DNS zones on the Active Directory instance is possible…

As a quick follow on to our recent post about DNS deletion auditing, here’s an ounce of prevention for you – well actually about 3 tons worth – courtesy of Brent Whitlow, Bryan Zink and your blogger-de jure, Hilde. Our co-workers, peers and others ‘out there’ have covered this but we wanted to get our own ‘variation on a theme’ post out as a logical follow up (or some might say prequel) to the DNS auditing post. Here are the links to two of the other great posts: AskDS Post – http://blogs.technet.com/b/askds/archive/2013/06/04/two-lines-that-can-save-your-ad-from-a-crisis.aspx Eric Jansen’s Post – http://cbfive.com/blog/protecting-dns-zones-from-accidental-deletion/   Let’s roll … **** EDIT **** As with any changes, folks should always exercise caution…

Hey y’all, Mark here again. When visiting a customer PFEs tend to get a bunch of questions that have been “saved up” over time. One of my frequent customers always has a massive list for me when I get there. If they are reading this, they know who they are. Many of these questions are the types where it isn’t causing a production issue where they’d call in for support to determine root cause but just little annoyances they’d like to get figured out. If you have those feel free to use the contact us button, it might turn into a blog post. This is a perfect example. All clients…

Introduction With the introduction of Windows 2003 and the new DNS application partitions, I have helped numerous customers resolve the issue of having multiple copies of the same DNS zone. So, today we’re going to cover the following:         1.) What exactly does this mean?         2.) What are the symptoms?         3.) How does this scenario occur?         4.) How to resolve the problem? What Does this Mean? Quick history lesson…With the introduction of Windows 2003, Microsoft created two new DNS-related application partitions. Let’s quickly discuss why Microsoft did this. To do this, we’ll have to take a look at how Windows 2000 implemented DNS. With Windows 2000, when…