Remove From My Forums

Proactive Steps for DNS Monitoring

질문
0

로그인하여 투표
Hi,

I have two DC with Active Directory Integrated DNS.

In my Organisation DNS is very important. I can't afford any downtime for my DNS or any error on DNS server which can create a problem for the user.

As a proactive Steps, what you do so that the DNS should work 100% perfect in the organization.

Do you use some tool? to monitor.

Server OS:- Window Server 2008 Standard R2 edition

Please guide.

Thanks & Regards,

Param

Thanks & Regards,
Param
www.paramgupta.blogspot.com
- 편집됨 Param022012 2012년 4월 21일 토요일 오전 11:39
- 이동됨 Elytis Cheng 2012년 4월 23일 월요일 오전 8:05 (From:Security)
2012년 4월 21일 토요일 오전 11:39

답변

0

로그인하여 투표
Hi,

Do you use some tool to monitor.

>> please refer the following link to monitor

DNS Tools
http://technet.microsoft.com/en-us/library/cc753579.aspx

Auditing a DNS Zone
http://blogs.technet.com/b/yuridiogenes/archive/2008/03/06/auditing-a-dns-zone.aspx

When you deploy Domain Name System (DNS) servers with AD DS, consider the following:

DNS is required for locating domain controllers.

The Net Logon service uses DNS server support to provide registration of domain controllers in your DNS domain namespace.

DNS servers running Windows Server 2003 or Windows Server 2008 can use AD DS for storing and replicating your zones.

By integrating your zones with AD DS, you can take advantage of DNS features, such as AD DS replication, secure dynamic updates, and record aging and scavenging.

In addition, I'd like to suggest to use Replmon.exe to monitor the AD Replication:

Replmon Overview
http://technet.microsoft.com/en-us/library/cc772954(v=ws.10).aspx

Hope this helps!

Best Regards
Elytis Cheng
Elytis Cheng

TechNet Community Support
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:05
0

로그인하여 투표
Hello,

First of all, I would recommend having at least two DC / DNS / GC servers in your AD domain. This will ensure the high-availability of AD / DNS services and minimize the risks of losing your AD domain.

Since your zones are AD-integrated, all DNS servers in your AD domain will receive a copy of these AD-Integrated zones (If it is set for domain wide replication then each DC in your domain will receive a copy. If it is set for forest wide replication then each DC in your forest will receive a copy).

So, from the servers side, you will be able to have multiple copies of your DNS zones which can be all primary ones.

From client side, I would recommend making them pointing to all internal DNS servers as primary and secondary DNS servers so that, if a server is down, another one will be used for DNS resolution. For flexibility in management, I would recommend using DHCP for that.

To reduce the size the DNS database and so that you delete obsolete DNS records automatically, I would recommend enabling aging and scavenging. More here: http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Note that static records should be deleted manually.

For monitoring, I would recommend using Microsoft SCOM to do it.

This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:28
0

로그인하여 투표
Hello,

important is that you use at least 2 DC/DNS servers and configure the clients to use them on the NIC only. If DNS is that important then you may also install a secondary DNS server.

You can monitor/configure DNS with dnscmd, DNSLint and also use the dcdiag /test:dns . Additional use the DNS server event viewer and you should of course enable the logging options on the DNS server properties for all events.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:53
0

로그인하여 투표
Hi

Configure on Secondary DNS, at the situation where you’re primary DNS fail is.you can promote secondary DNS as primary dns.

Refer the below given URL to monitor the DNS.

https://www.site24x7.com/dns-monitoring.html

http://technet.microsoft.com/en-us/library/cc783848(v=ws.10).aspx

http://www.menandmice.com/solutions/dns-analyzing-and-monitoring/default.aspx

Ajay Sharma.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 10:40
0

로그인하여 투표
Do you have any monitoring tool in your organization like SCOM(System Center Operations manager). You can refer below counter to monitor to maintain up time for the DNS. Also, its wise to have real time monitoring tool to be deployed to get real time alerts. It is better to have multiple DNS server running followed by regular backup. You can't maintain consistent up time if you are running single DNS server, you need at least two DNS server in the domain and make both the DNS server as AD-Integrated.

http://technet.microsoft.com/en-us/library/cc778608%28v=ws.10%29.aspx

http://www.tech-faq.com/monitoring-and-troubleshooting-dns.html

You can also make use of Event subscription service to get notification of the critical alert on the server.

http://blogs.technet.com/b/yungchou/archive/2008/05/06/windows-server-2008-event-subscription-with-task-scheduling.aspx

Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 11:05

모든 응답

0

로그인하여 투표

How should i move this post in DNS Section, i mistakenly posted in Security section
Thanks & Regards,
Param
www.paramgupta.blogspot.com

2012년 4월 21일 토요일 오전 11:40
0

로그인하여 투표
Hi,

Do you use some tool to monitor.

>> please refer the following link to monitor

DNS Tools
http://technet.microsoft.com/en-us/library/cc753579.aspx

Auditing a DNS Zone
http://blogs.technet.com/b/yuridiogenes/archive/2008/03/06/auditing-a-dns-zone.aspx

When you deploy Domain Name System (DNS) servers with AD DS, consider the following:

DNS is required for locating domain controllers.

The Net Logon service uses DNS server support to provide registration of domain controllers in your DNS domain namespace.

DNS servers running Windows Server 2003 or Windows Server 2008 can use AD DS for storing and replicating your zones.

By integrating your zones with AD DS, you can take advantage of DNS features, such as AD DS replication, secure dynamic updates, and record aging and scavenging.

In addition, I'd like to suggest to use Replmon.exe to monitor the AD Replication:

Replmon Overview
http://technet.microsoft.com/en-us/library/cc772954(v=ws.10).aspx

Hope this helps!

Best Regards
Elytis Cheng
Elytis Cheng

TechNet Community Support
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:05
0

로그인하여 투표
Hello,

First of all, I would recommend having at least two DC / DNS / GC servers in your AD domain. This will ensure the high-availability of AD / DNS services and minimize the risks of losing your AD domain.

Since your zones are AD-integrated, all DNS servers in your AD domain will receive a copy of these AD-Integrated zones (If it is set for domain wide replication then each DC in your domain will receive a copy. If it is set for forest wide replication then each DC in your forest will receive a copy).

So, from the servers side, you will be able to have multiple copies of your DNS zones which can be all primary ones.

From client side, I would recommend making them pointing to all internal DNS servers as primary and secondary DNS servers so that, if a server is down, another one will be used for DNS resolution. For flexibility in management, I would recommend using DHCP for that.

To reduce the size the DNS database and so that you delete obsolete DNS records automatically, I would recommend enabling aging and scavenging. More here: http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Note that static records should be deleted manually.

For monitoring, I would recommend using Microsoft SCOM to do it.

This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:28
0

로그인하여 투표
Hello,

important is that you use at least 2 DC/DNS servers and configure the clients to use them on the NIC only. If DNS is that important then you may also install a secondary DNS server.

You can monitor/configure DNS with dnscmd, DNSLint and also use the dcdiag /test:dns . Additional use the DNS server event viewer and you should of course enable the logging options on the DNS server properties for all events.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 8:53
0

로그인하여 투표
Hi

Configure on Secondary DNS, at the situation where you’re primary DNS fail is.you can promote secondary DNS as primary dns.

Refer the below given URL to monitor the DNS.

https://www.site24x7.com/dns-monitoring.html

http://technet.microsoft.com/en-us/library/cc783848(v=ws.10).aspx

http://www.menandmice.com/solutions/dns-analyzing-and-monitoring/default.aspx

Ajay Sharma.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 10:40
0

로그인하여 투표
Do you have any monitoring tool in your organization like SCOM(System Center Operations manager). You can refer below counter to monitor to maintain up time for the DNS. Also, its wise to have real time monitoring tool to be deployed to get real time alerts. It is better to have multiple DNS server running followed by regular backup. You can't maintain consistent up time if you are running single DNS server, you need at least two DNS server in the domain and make both the DNS server as AD-Integrated.

http://technet.microsoft.com/en-us/library/cc778608%28v=ws.10%29.aspx

http://www.tech-faq.com/monitoring-and-troubleshooting-dns.html

You can also make use of Event subscription service to get notification of the critical alert on the server.

http://blogs.technet.com/b/yungchou/archive/2008/05/06/windows-server-2008-event-subscription-with-task-scheduling.aspx

Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- 답변으로 표시됨 Elytis Cheng 2012년 5월 4일 금요일 오전 6:02
2012년 4월 23일 월요일 오전 11:05
0

로그인하여 투표

Hi,

We found something similar for DHCP on the following blog https://zeglory.com/monitoring-dhcp-using-elk/ is something similar available for DNS? You are enlisting tools to monitor DNS, where Operations Manager does the work for us. But we would really appreciate if you could guide us to a similar solution for DNS as it is described for dhcp in the blog above. Thanks
Rao

2020년 7월 6일 월요일 오전 6:38

최고의 답변자

Proactive Steps for DNS Monitoring

질문

답변

모든 응답