Recommended DNS zone replication scope for single domain environment

Similar Messages

• Implementing Sites for a new Single Domain Environment and effects on Exchange

  Copied from the Active Directory forums as the suggestion of replies.
  I didn't find exactly what I was looking for so decided to create my own question to get some direct feedback.
  Currently we have a single domain environment with two domain controllers located at two separate sites. When the domain was first set up, no configuration was done in the Sites and Services module for Active Directory. The two domain controllers we have are
  currently located in the Default-First-Site-Name container. We do not have any subnets configured with the Sites and Services module.
  These two domain controllers are located at two different sites with different IP schemes and the sites are connected with a high speed site-to-site VPN. We also have 2 satellite offices with their own IP schemes as well with more offices to come. In the future
  domain controllers will be placed at these satellite offices which are connected with a slower site-to-site VPN to the main offices.
  All replication and network functions are working well now, but I would like to know what the effects would be and what to watch out for if I create sites for our environment. I am particularly concerned about our Exchange 2010 server and need to make sure
  that the change will not disrupt communications between it and the domain controllers.
  I would like to create a site for each of our locations and link the subnet to that site now so that when we install the domain controllers the configuration is ready.
  Any suggestions or input is highly appreciated thank you in advance.

  Exchange will be an issue only if your Exchange servers span sites when your new Windows sites are created.  If you have Exchange servers all in a single location, adding sites to your Windows forest will cause no issues.  However, if you have
  Exchange servers in both locations, as soon as a new site is defined for an Exchange server in a separate location from your other Exchange servers, you will start having issues.  Let me give some examples so you can see what problems might occur:
  Two datacenters, one Windows site, Exchange mailbox servers in both locations (primary and DR), but hub and CAS roles only in the primary datacenter:
  In this situation, as soon as your second site is defined, the server in the DR datacenter will no longer be receiving mail - there is no hub to deliver it - and users will no longer be able to access their mailboxes - there is no CAS to support them. 
  Solution:  Add hub and CAS to second datacenter and all is well with the world.
   Two datacenters, one Windows site, Exchange multirole servers in both locations (primary and DR), but CAS Array defined:
  Now we have a little bit better setup, since we have all roles in both locations.  However, the CAS array in the primary site isn't going to be able to support your client connections in the DR site - so users will be connecting directly to the CAS
  servers in the DR site (not optimum).  Solution:  Define a second CAS array for the DR site, with its own load balancer and configure the databases in your DR location to use that CAS array as the RPC Client Access Server.
  There are other oddities, but as you can see, there will definitely be issues if your Exchange servers aren't all in the same location and you start defining Windows sites ...

• Active Directory Integrated DNS Zones, replicate only to specific domain controllers

  I have a customer with a fairly large Active Directory forest with many domains that they are trying to consolidate into a single domain which likely take 18 to 24 months according to their timeline.  During this time, they would like all DNS zones
  to be serviced directly from the new domain controllers, meaning, domain A would have replicas of domain B, C, D, E, etc.  Because the environment is complex and some domain controllers in domains other than A are in a very sad state and replication problems
  abound, they would like to avoid replicating all zones forest wide.  
  I've never done this before, or even considered it necessary, is it even possible?  I don't have a ton of time for trial and error, but based on this there seems to be some hope:
  https://technet.microsoft.com/en-us/library/cc753801.aspx?f=255&MSPPError=-2147217396
  Is this telling me how to do what I want to do?
  Thanks
  J
  Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Impact of wrong DNS in DHCP scope for CCM

  We recently deployed some phones at a new site  which were displaying  error messages on the screen
  The initial issue was that Option 150 as not set up - resolved-
  Phone now seemed to register to CCM (8.6) - IP address located to phone but CCM was showing rejected  on the phone page 
  Phone displayed error  messages "Db config." and "Security"  
  Db Config looked like it was that no phone was configured/MAC address, phone type etc  - incorrect double checked all ok
  Other could be replication between Cluster but again all ok
  Security error - Led me to look at the security trust list and delete it and as normally this solves the problem
  The actual issue/resolution  was incorrect DNS name in the Option 15 of the scope - e.g xxxx.net instead of xxx.com 
  Why would this lead to the above issues, I thought the main requirement was the 150 for the TFTP 
  Any thoughts, answers
  Many thanks

  The issue was that there was an incorrect DNS option 15 given out e.g mycompany.com  instead of the correct one of mycompany.com, Option 150 was an IP as normal 
  I think the issue was as follows
  Our CCM`s have host names such XXX-CMSUB1, XXX-CMSUB2 etc instead of IP address- before I joined. If my thinking is correct the phone received its TFTP as normal and was provided with the CM Group but in our case the group contained Host names instead of IP address. The Host names were then added to the Option 15 DNS    and so the phones tried to look for CCM`s at XXX-CMSUB1.mycompnaya.net and XXX-CMSUB2.mycompanya.net which failed since DNS has the CCM`s as XXX-CMSUB1.mycompnaya.com and XXX-CMSUB2.mycompanya.com
  Does this make sense , if so why the Security and db config issue unless these are standard error messages?

• Multiple destination hosts in route.cfg for single domain

  GW 8.0.2
  We have route.cfg set up to send mail for some destination domains direct instead of through the default relay.
  One of the destination domains we want to add to route.cfg has multiple MX hosts they can receive mail on.
  Is it possible to add multiple host IP addresses for a single destination domain in route.cfg?
  for example:
  abc.com has mail receivers with MX records:
  abc.com 3600 IN MX 9 10.0.0.25
  abc.com 3600 IN MX 2 10.0.1.25
  abc.com 3600 IN MX 2 10.0.2.25
  abc.com 3600 IN MX 9 10.0.3.25
  - is there a way to put all those into route.cfg for abc.com for resilience?
  As I've read that route.cfg works in a similar manner to the hosts file, would a space separted list of IP addresses work?
  Anthony

  On 8/5/2013 10:06 AM, laurabuckley wrote:
  >
  > Thanks Anthony.
  >
  > Please do post back your findings as even I am curious now. I,
  > unfortunately, am not in a position to actually test this for you :(
  >
  > Cheers,
  >
  >
  unless it has been changed, no
  You get to list one and only one entry. No load balancing, no failover.

• List DNS zones on a NTDS.DIT file is it possible?

  Hi guys,
  is it possible that after mounting an active directory database NTDS.DIT file to list the DNS zones that existed in that domain controller active directory integrated zones?
  I have mounted successfully the AD database using
  dsamain.exe -dbpath “C:\path\to\ntds.dit” -ldapport 5532 -allownonadminaccess -allowupgrade
  and now i can see it on dsa.msc console. But since the DNS folder on that drive didn't had the DNS zone files i assume this are embedded on the database as they were AD integrated.
  Thanks in advance for any information.

  Simply use ldp.exe and you then you can go under:
  CN=MicrosoftDNS,DC=DomainDnsZones,DC=Domain,DC=COM
  CN=MicrosoftDNS,DC=ForestDnsZones,DC=Domain,DC=COM
  This is an example of article about how you can use ldp.exe: https://ramazancan.wordpress.com/2009/12/11/dsamain-%E2%80%93-active-directory-database-mounting-tool/
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to setup multiple DNS zones in a single domain

  We have a small charter school running a Mac Open Directory network on a single subnet with a single registered FQDN for its internal domain. We are about to open a second school within a wing of the same building which will also be on a Mac Open Directory domain, but since it is legally a separate school (just administered by the same staff) it needs to be on it's own subnet and have its own LDAP directory.
  Is there a way to program DNS between the two schools so that DNS traffic can be routed between them without breaking the DNS and Open Directory/Kerberos realms of either? Both schools will share the same internal domain name. Is it as simple as creating two primary DNS zones on each other's nameservers, both using the same domain name but each having its own designated nameserver for that particular subnet?
  For instance, the existing school is running DNS on server1.example.com within the 10.39.54.0/23 subnet. The second school will be running DNS on server2.example.com within the 10.39.56.0/23 subnet. Would I then simply create two primary zones within each subnet, one referring to its own with itself as the nameserver and one within the neighbor subnet referencing that subnet's server as the designated nameserver.
  Or would I do this with each schools DNS servers searching through its own subnet as its primary zone with the neighbor zone being added as a secondary zone?
  Thanks!

  You have two options.
  Use a DNS server with a single internal domain example.com and have (as you said) server1.example.com
  If the two subnets are on separate networks either via a router or VLAN, then you could run a separate DHCP server on each and advertise the appropriate DNS server for that subnet.
  Otherwise you could have a single DNS server and either single DHCP advertising that single DNS server and have both server1 and server2 in the single DNS zone, or a DHCP server in each subnet but still pointing to the same single DNS server.
  Each of these two servers would be an Open Directory Master
  Note: in DNS terminology a DNS 'zone' is the same thing as a Domain Name.
  The second option which if you want to keep the two 'schools' completely separate is to do the following
  Use a DNS server per subnet
  Use a DHCP server per subnet
  Use a different domain name per school e.g. school1.com and school2.com
  Create a server record on each as appropriate e.g. server1.school1.com and server2.school2.com
  You cannot have a single DNS server have two identical zones e.g. example.com and example.com as they are of course the same thing.
  If the two schools will merge officially at some point it might be better to use the same domain name, if they are going to fully split then definiately it is going to be better to use two different domain names.

• Port required for DNS Integrated Zone replication

  Hi All,
  A segment of the network is secured through a firewall, inside this segment I have a Windows 2012R2 DNS Server that hosts also Active Directory integrated zones, what ports should I allow so that the DNS server can replicate the DNS zone from and to the
  main network?
  I read this https://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx?f=255&MSPPError=-2147217396
  but I would like to limit the port to the minimum

  Hello,
  you wrote "inside this segment I have a Windows 2012 R2 DNS Server that also hosts AD integrated zones"
  So this server is a domain controller.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Help Setup KMS on single domain and active for multiple domain another

  Hi all,
  I have a problem about configure DNS for KMS host. My company use a single domain "abc.com". But I must mange more than 10 company different and they use another domain and dns running independently, they have a one lease line connect them together.
  My challenge is how to active all client on more than 10 company. Any ideas is very appreciate.
  Please help.
  Thanks,

  That's a good article suggested by Meinolf, but it's a little outdated.
  For an updated guide for this:
  https://technet.microsoft.com/en-us/library/ff793409.aspx
  Publishing to Multiple DNS Domains
  By default, the KMS host is registered only in the DNS domain to which the host belongs. If the network environment has only one DNS domain, no further action is required.
  If there is more than one DNS domain name, you can create a list of DNS domains for a KMS host to use when publishing its SRV RR. Setting this registry value suspends the KMS host’s default behavior of publishing only in the domain specified as the Primary
  DNS Suffix.
  Optionally, add priority and weight parameters to the
  DnsDomainPublishList registry value for KMS. This feature enables you to establish KMS host priority groupings and weighting within each group to define which KMS host to try first and balance traffic among multiple KMS hosts.
  Note   DNS changes might not be reflected until all DNS servers have been replicated. Changes made too frequently (time < replication time) can leave older records if the change is performed on a server that has not been
  replicated.
  To automatically publish KMS in multiple DNS domains, add each DNS domain suffix to whichever KMS should publish to the multi-string registry value
  DnsDomainPublishList in registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform. After changing the value , restart the Software Licensing Service to create the SRV RRs.
  Note   This key has changed from the Windows Vista location of
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL.
  After configuring a KMS host to publish to multiple domains, export the registry subkey, and then import it in to the registry on additional KMS hosts. To verify that this procedure was successful, check the Application event log on each KMS host. Event
  ID 12294 indicates that the KMS host successfully created the SRV RRs. Event ID 12293 indicates that the attempt to create the SRV RRs was unsuccessful. For a complete list of error codes, see the
  Volume Activation 2.0 Operations Guide at
  http://technet.microsoft.com/en-us/library/cc303695.aspx.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• DNS for Multiple Domains

  I am trying to figure out the proper configuration for DNS that will support multiple domains. I have DSN working now for just one domain.
  My XServe has a static IP connected directly to cable modem and is the master nameserver. I also have an Ubuntu server with static IP connected directly to cable modem that is the secondary (slave) nameserver.
  On the XServe, I currently have a primary zone created for domain1.com. with:
  * an A record for domain.com. (Fully Qualified) and the same static IP as the XServe
  * an A record for ns1 (not fully qualified) and the same static IP as the XServe
  * Aliases for ftp, www and mail (not fully qualified) mapped to destination ns1.domain1.com. (Fully Qualified)
  Nameservers under the Primary Zone is ns1.domain1.com. and Mail Exchangers is ns1.domain1.com. with a priority of 10.
  The reverse zone is getting created appropriately for me as far as I can tell. I am able to access www.domain1.com just fine as well as mail and ftp.
  Now I want to add a new domain2.com to this master nameserver. I know that I will need a new Primary Zone for domain2.com. to be recognized and to setup it's aliases?
  Can I use the same static IP or do I have to have a unique static IP?
  Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
  Does domain2.com have it's own A records?
  Does the mail exchangers need to be different for domain2.com?
  It seems like all the documentation and information that I can find are just for configuring one domain and not so much for multiple domains. Any help would be greatly appreciated.
  Spotted Dog

  Don't think of subsequent domains as being any different from the first domain.
  For every domain you need to provide certain information, including a list of the hostnames within that domain. There is no relationship between 'www' in domain1.com and 'www' in domain2.com (unless you point them to the same address, but that's a different issue).
  Any host record in the zone can either be an A record (where you specify an IP address) or a CNAME (where you specify another hostname that it maps to).
  In the case of your web server handling both domains you could set 'www.domain2.com' as an A record with the appropriate IP address, or you could set it as a CNAME with a value of 'www.domain1.com.' (essentially saying 'www.domain2.com has the same IP address of www.domain1.com, so go find that address').
  It's also possible to use cross-domain records for things like name servers and mail servers - in other words you can set your MX record for domain2.com to mail.domain1.com (essentially saying that domain2.com's email is handled by mail.domain1.com).
  Can I use the same static IP or do I have to have a unique static IP?
  That's not a question for DNS. What you're defining are the hostnames in that domain. If you have one server (e.g. a web server) that can handle multiple domains (e.g. one apache server handling web traffic for both domain1.com and domain2.com) then, sure, you can use the same IP address for both.
  If, on the other hand, you have specific services that cannot be multi-hosted (e.g. HTTPS) then you will need different IP addresses.
  Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
  Sure, it's entirely possible to use domain1.com's name servers for domain2.com.
  Does domain2.com have it's own A records?
  It can do, or not, as you choose. If you're running www.domain2.com on the same server as www.domain1.com then you could use a CNAME record to point www.domain2.com to www.domain1.com.,or you could set an A record with the same IP address.
  The result would be the same, but the CNAME has the advantage that if your IP address changes you only need to change your DNS in one place (www.domain1.com) and all the other addresses would automatically follow.
  Does the mail exchangers need to be different for domain2.com?
  Not at all, if your mail server is configured to handle mail for both domains it's entirely possible to specify mail.domain1.com as the MX record for domain2.com.

• DNS record is not dynamically created in DNS Zone, when joining to DNS domain

  hi
  in my test lab i have deployed two virtual machines (both are windows server 2008 R2 enterprise).
  on vm1 i have installed just DNS role (without Active directory) and created a primary non-ADintegrated zone.
  on this DNS zone, i have enabled dynamic update set to
  non-secure & secure .
  now in my vm2 (as a DNS client) , i set the ip address of this DNS server as preferred DNS server and then in system properties, on the primary DNS suffix field, i entered the name of my DNS domain (mydomain.lab)& rebooted VM2, but the a record of this
  client (vm2) is not registered (created ) in mydomain.lab zone.
  i respect the record be created like the situations which we join a client to AD domain 

  Hi  John ,
  When registering DNS record ,client will send a SOA query to find the primary server of the zone .Then send register message to the server .
  We can use nslookup to find the problem :
  Open Command Prompt
  type nslookup
  type set type=soa
  type zone name
      1. If there is positive response ,check the name of
  primary name server and the IP address of the server .
  Its name should be vm1.mydomain.lab .If not ,edit the SOA record in the zone .
  If no IP address ,edit NS record in the zone .
      2. If there is no response ,check the SOA record in the zone .
  We can manually delete and recreate the records to ensure there are right SOA and NS records .
  Here is the guide for using nslookup :
  Nslookup :
  https://technet.microsoft.com/en-us/library/cc940085.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi Leo, thanks for reply.
  i did all steps you mentioned but still no result.
  i put an screenshot of my desktop here , everything is shown here:

• Lion Server DNS service not working for locally created zones. Caching working fine.

  OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
  Surely someone actually tested that DNS still worked on Lion?

  I upgraded from Snow Leopard Server to Lion Server on day 01.  I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
  I finally took a few minutes to figure out what was wrong.  After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
  The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain).  I never messed with it because it worked, but generally I would have put all of them in the same zone.
  My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv.  I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel.  This was fine in Snow Leopard.  This was failing the zone load in the updated bind for Lion Server, though.  The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
  My fix:
  1. In Server Admin, add the server to the zone "mydomain.priv".  I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
  2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
  3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server.  In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'.  Your in-addr.arpa zone name will change based on whatever your server IP address was.  My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
  4. Once the specialized zones for just the server were removed, I started the DNS up again.  Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones.  And, now, it is resolving my local machines for the mydomain.priv zone.
  YMMV.  I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
  Hope that helps.  That's been the only hiccup I've noticed updating to OS X Lion Server thus far.

• Adding a new DNS zone to OD master for use as mail server

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

• Different SBA DNS SRV entry for the same dns zone?

  Hello,
  I got here a testlab with one enterprise pool and one sba deployed. The Branch Site got also an DNS Server installed. Both are using the same dns zone "test.com".
  Of course now i got different server for the same SRV Record _sipinternaltls._tcp.test.com - one for autodiscovery in the enterprise pool and one for the sba. Also I want to add the second one as failover srv + the DNS Server in the Enterprise Pool should
  be used as a Forwarder.
  Now I got some issues how to deploy several entries on two different dns server for the same zone.
  1.) If I add manually the same zone + DNS SRV entries on the SBA the dns is somehow not resolving/forwarding the entries on the other dns server in ee to other servers which are not on my SBA dns.
  2.) If I only pinpoint the SRV entries for _sipinternaltls._tcp.test.com (one for sba and failover for ee site) the dns won't resolve the second a record to the enterprise pool.
  What is the Best Practise for DNS SBA? Always point to the enterprise pool and, therefore, no other configuration is needed?
  Regards DrWho

  I played a little bit around. Problem was that I can not add the pinpoint dns srv entries via gui. Aditionally the tutorials did not work as my DNS server for SBA is not on a domain controller. In the end I did this:
  sbafe -> fqdn of my sba
  eefe -> fqdn of my frontend of enterprise pool
  dnscmd . /zoneadd _sipinternaltls._tcp.test.com. /primary /file _sipinternaltls._tcp.test.com.dns
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 0 0 5061 sbafe.test.com.
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 10 0 5061 eefe.test.com.
  dnscmd . /zoneadd sbafe.test.com. /primary /file sbafe.test.com.dns
  dnscmd . /recordadd sip.sbafe.test.com. @ A 192.168.10.220
  dnscmd . /zoneadd eefe.test.com. /primary /file eefe.test.com.dns
  dnscmd . /recordadd sip.eefe.test.com. @ A 192.168.0.40
  Question is if that is a good best proctise or should the dns server within a zone contain the same records (Primary/Backup). The Client will then always hit the FE of the EE Pool first.
  Also its quite a lot of work to setup.

• DNS Zone for Mail

  Following on from my first question which the nice Mr Camelot answered for me
  I have a server which has a DNS zone of companyname.net.
  Internal mail has been setup using Mail Exchanger set to mail.companyname.net.
  I have checked changeip -checkhostname and there are no issues.
  The public DNS records have been set to make mail.companyname.com the MX record, and an A record for mail.companyname.com has been setup pointing to the static IP.
  As I see it I have two options I can move forward with (3 actually if I wipe the server and start again )
  1. Try and rename the DNS zone to companyname.com and then reset the mail settings to match.
  2. Setup a CNAME on the server internal DNS to point mail.companyname.com to mail.companyname.net and leave the mail settings as they are.
  I am in the process of installing SL Server on a VM to test the first option to see if it is viable, but my question is are there any options I have missed, and what would you suggest I do in this circumstance?
  TIA.

  So you have a zone for a host mail.example.net within your network, and valid external DNS services with an A record and MX at mail.example.com within your external DNS services, and you're wondering about rebuilding this all?
  It'd be far easier to just enable mail.companyname.com as a virtual host within the mail server configuration.
  Personally, I'd look to remove the use of the internal example.net MX for the mail server, and use the external path.  You can set up the MX for the internal network to resolve to mail.example.com, for instance.  With that (and with a firewall that knows how to reflect" outbound traffic for the WAN IP address, or - somewhat uglier - adding a DNS A record for the mail.example.com within your internal zone), the configuration is the same for all hosts, whether internal desktops or mobile devices.
  Note that the companyname.com and companyname.net domains are real and registered domains.   The domains example.com, example.net and example.org are RFC-reserved for documentation and for these sorts of postings.