Linton explains one way to do this, I'll explain another way, that we use here with great success.
Forest is 2 domains, empty root and a production domain. In our case, we're using a non-contiguous namespace (dom.net and dom.com, respectively), however this would work for a contiguous namespace as well. For the empty root (dom.net), the DCs host only the dom.net domain. On the DCs for the production domain (dom.com), they host dom.com, and pull a standard secondary of dom.net. Therefore, they have full knowledge of the forest root. After bringing up the production domain (dom.com), the dom.net DNS servers are set with forwarders to their local dom.com DC/DNS boxes - which makes them fully aware of all dom.com. Clients all resolve off the dom.com (our production domain, with all user and machine accounts) DNS servers. We also host about 10 legacy domains, as well as a few internal splits of our public facing domains, all on the dom.com DCs. Either way - set the second domain controller up, create the zone for its domain (and enable updates), and either have it pull a secondary of or forward to the root zone. Then run DCPromo. Roger ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 04, 2002 11:48 AM > To: ActiveDir (E-mail) > Subject: [ActiveDir] DNS in a domain tree model. > > > What is the best way to configure DNS in a domain tree model? > > If I have a parent domain running AD Integrated DNS and I go > to DC Promo a > child domain to make it a new child domain of an existing > tree, the DNS must > reference the Parent DNS so that DC Promo can find the forest > root. After > the DC Promo is done, even though the new domain controller > in the child > domain is a DNS Server with itself listed as an alternate, it > did not have a > DNS zone created, because AD Integrated do not replicate over domain > boundaries. Therefore how do I make it so that DNS works > correctly and the > local administrators can update DNS via DHCP or manually and > have those > changes also in the root. > > I have a test environment called TESTLAB.LOCAL > My child domain is called CHILD.TESTLAB.LOCAL > > My DNS in the root has a zone for TESTLAB.LOCAL > After I ran DC Promo I had another folder in TESTLAB.LOCAL > called CHILD > > What did I do wrong? > > > Justin A. Salandra, MCSE > Senior Network Engineer > Catholic Healthcare System > 914.681.8117 office > 646.483.3325 cell > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
