-----Original Message-----
From: Tom Meunier [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 09, 2002 6:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS over multiple AD domainsI've got a similar situation - child domains all over the place, 2 DNS servers in the root domain. I just make the child domains slave servers for the primary zone, and point their local clients to them for resolution. When the client sends a request to update DDNS to their local slave server, it will tell the zone master that info, and the zone master will update just fine.
Note that I don't care that each child domain has full zone info for each other child domain. Within our organization this is not seen as a security issue for us.
So if you do this, the DNS server in ma.xyz.com will have full zone info for all of xyz.com. You don't have to point clients to the root DC's DNS server over the WAN - their local secondary will handle that for them.
I don't know if this is a "best practice" for you. It fits in with our needs, and doesn't break any of our security models.-----Original Message-----
From: Lancaster, Lin [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 09, 2002 2:35 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] DNS over multiple AD domains
I've read the DNS archives but I'm still confused. In my situation I have a empty root domain xyz.corp setup. Both DCs in this root domain are running DNS service fine. Now I want to add two additional domains - hq.xyz.corp and ma.xyz.corp. The domain hq.xyz.corp will be in the same physical location as the root domain. The domain ma.xyz.corp will be in a different physical location over a WAN link. I'm trying to decide which machines I should load DNS services on and what the DNS servers the domain controllers for the new domains should point at. It seems like when I create ma.xyz.corp if I don't have the DC for that domain pointing at the DC for the root domain it won't be able to find the SRV records for the root domain. But if I do that then it probably isn't going to populate the DNS service on the ma.xyz.corp DC with the DNS records for that domain and I'll have to point clients to the DNS server on the root DC over the WAN. I've thought about adding a root hint for the .corp domain to all the DNS servers. Sorry to ramble. Anyone have any suggestions on a best practice for this situation?
Title: Message
So you
set the DNS on the root DCs to AD integrated and the DNS on the child domain DCs
to secondary?
- [ActiveDir] DNS over multiple AD domains Lancaster, Lin
- RE: [ActiveDir] DNS over multiple AD domains Tom Meunier
- RE: [ActiveDir] DNS over multiple AD domains Lancaster, Lin
- RE: [ActiveDir] DNS over multiple AD domains Tom Meunier
