Inline <snipped> ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com
1. If I configure the baz.foo.com child domain, but make no changes to my DNS structure, then clients in the baz.foo.com domain will still point to the nameserver in foo.com. (Assuming that we're not all pointing out to an ISP DNS or something silly, obviously.) [DEAN] - I'm guessing you well know this but your wording confused me a little so ... a client's DNS will point to where _you_ point it to according to whether it leases a name server address or you statically assign one (or more). Pointing to an ISP's name server will cause your clients to fail in many aspects of their domain memberships but I'm guessing you knew that to (even if the ISP name server is listed as the Alternate Resolver). 2. If I want baz.foo.com to be responsible for its own DNS, I'll install a DNS server somewhere in the baz.foo.com domain, create a zone for baz.foo.com on the baz.foo.com NS, and create a delegation on the foo.com NS. At which point I can direct the baz.foo.com clients to the local NS for name resolution. [DEAN] - Yes ... also note that the name server doesn't _have_ to run on a machine in that domain though there are good reasons for it do so. In addition, don't forget that the child name servers must be able to resolve their parent namespace. 3. I need to configure some way for baz.foo.com to resolve queries for the rest of the world, either using a stub zone or some type of forwarding. [DEAN] - Not just the rest of the world, as I mentioned above ... it must also be able to resolve its parent domain. Using a stub zone (or a conditional forwarder or a secondary zone [hmmm]) that provides resolution of the parent would suffice since the default root hints provided in the cache.dns will allow the name server to service all public resolution requests assuming the path to the Internet is not obstructed in any way. 4. Stub/zones conditional forwarding will prevent the name resolution stupidity of a baz.foo.com client needing to go all the way out to the Internet and back just to locate a resource in foo.com. [DEAN] - Unlikely it would ever find it since you really, really shouldn't register or provide public access to your AD's name servers/zones. Hmmm, now try this one on for size: If I install DNS on the first DC for baz.foo.com, does the baz.foo.com zone get created locally automagically? Or do I still need to manually do the stuff in item 2 above? [DEAN] - Still need to do it manually, the only automagic stuff that occurs is zone population through dynamic update, zone replication when AD integrated or the zone creation during the initial forest install on the first DC. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
