Thanks for the info Rick. Regards Mylo
----- Original Message ----- From: "Rick Kingslan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 16, 2002 7:03 AM Subject: RE: [ActiveDir] Forest-wide DNS records > See inline below..... > > (I'm cutting out a bunch of the setup iinfo) > > At TechEd 2001, I sat in a DNS Deployment session that cleared this > whole topic up for me. The talk was by Levon Esibov of Microsoft. If > you'd like, I can send the slide set to you, Tom. Honestly, it has only > 3 slides on this topic. > > Note to list: I'm not making this an open offer.... :-) > > > > The Problem > > In Chapter 2 of Structural Planning for Branch Office > > Environments (a Microsoft White Paper), the question of how > > to deal with Forwarding to the root domain for Forest-wide > > record lookups in a branch-office environment is mentioned > > but it doesn't quite make sense to me. It says: > > > It is vital > > And, yes it IS vital! Especially in sites in child domains! > > > that forest-wide locator records be available to every DNS > > server in every site. If the DNS servers have persistent fast > > connections to the DNS servers authoritative for the > > _msdcs.<DNS forest-name> domain, then no special > > configuration is needed. If not, you have two options. > > 1. You can create a separate zone for _msdcs.<DNS > > forest-name> DNS domain, and replicate it to all DNS servers > > in the enterprise using standard zone transfer or 2. You can > > create a separate zone called _msdcs.<DNS forest-name> , and > > replicate that zone to every DNS server. > > > > -- Not sure I see any difference between these two > > approaches. > > I don't see the big difference between the two either. > > > The paper continues: If you are using Active > > Directory integrated DNS, you can place the primary copy of > > this zone in the forest root domain along with the > > <DNS-forest-name> zone. You can then replicate the zone to > > secondary DNS servers outside the domain using standard DNS > > replication. The domain controllers or DNS servers in > > non-root domains will host read-only copies of the source zone. > > > > -- How do you do that? > > > How do you take a sub-zone of an > > AD-Integrated zone and turn it into a Standard DNS zone? > > Allow the AD-integrated ACT AS the primary zone and create a secondary > standard DNS server that will have delegate to it the _msdcs zone. > Create the domain as _msdcs.<forest name> > > > Recall that the _msdcs zone is a sub-zone. Am I mis-reading > > this? This is what we could use some help with. Does this all > > boil down to the fact that if we want copies of the > > Forest-wide DNS records in other domains we just simply need > > to transform those root domain AD-DNS servers into > > traditional DNS servers and then do a standard transfer of > > the records to secondary zones? > > Don't (lack of a better term) 'downgrade' your AD domains to Standard > domains. Just create a secondary zone on the DNS server (let's make no > mistake - a Windows 2000 DNS server can host a primary, secondary AND an > AD domain - all concurrently!) and allow the zone to be hosted as a > secondary, set up the notify, etc. and let it work. > > BTW, I don't remember if the Branch Office Deployment Guide tells you > WHY you should do this. If the remotes in the other domains should > become cut off from the forest DNS, then it makes it kind of hard for > the locals to locate the GC and, in some cases, other DC replication > partners. > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > > Thank you, > > Tom Kasmir > > (I have a Visio drawing of our network.) > > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
