You should have the secondary zones and vice versa. There have been some good posts here about that. I'd like to point you to an excellent article that Mark Minasi wrote last fall in Windows It Pro
http://www.windowsitpro.com/Windows/Article/ArticleID/43582/43582.html I can't say it better than Mark so I'll let you digest his article. Thanks Mike On 4/26/05, Creamer, Mark <[EMAIL PROTECTED]> wrote: > Excellent explanation. Thanks again!! > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Grillenmeier, Guido > Sent: Tuesday, April 26, 2005 4:37 PM > To: [email protected] > Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest > > Mark, that depends more on the usage scenarios of your domains. If you > have many cross-domain shared resources, e.g. where users working on > computer in sub1.domain.com often need to access servers in the > sub2.domain.com domain, a secondary could cause less traffic and would > be more independend on the availability of a DC/DNS server of sub2. > > If it is the exception, then I wouldn't bother creating those > secondaries (however, you may still want to add secondaries to the root > of the domain saving another hop to get those names resolved) > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark > Sent: Dienstag, 26. April 2005 20:36 > To: [email protected] > Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest > > One more question on this - is it a good idea to have secondary zones > for the other PEER domains on > each subdomain's DCs? > > In other words, domain.com is root. Sub1.domain.com and sub2.domain.com > are subdomains, and peers of > each other. Should the DCs for sub1 all have secondary zones for sub2 > and vice-versa? > > Thanks again! > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Grillenmeier, Guido > Sent: Tuesday, April 26, 2005 1:31 AM > To: [email protected] > Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest > > ah - that changes the picture > > option 3 is still valid for child DCs (DCs point to themselves + another > DC of the same domain), but you should either add a secondary of _msdcs > subzone of the root (i.e make this it's own zone) or - if the root zone > itself is not too large - add a secondary of the root itself to the > child DCs. > > for the root DCs, ensure that they use a different root DC as their > primary DNS server, then either another root DC (if you have three) or > themselves for the secondary DNS server. I you have three, then I'd add > themselves as a third DNS server. > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark > Sent: Montag, 25. April 2005 22:07 > To: [email protected] > Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest > > Oops, sorry. I did forget. It's all Win2K. We're probably a while away > from 2003 Guido. What's the > recommendation in that case? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Grillenmeier, Guido > Sent: Monday, April 25, 2005 4:00 PM > To: [email protected] > Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest > > you don't mention OS version - I'm assuming you will or have implemented > Win2k3. In this case the "island-problem" (which used to be an issue in > a Win2k AD's root domain) is no longer an issue and you're fine to go > ahead with your option 3. > > I would also recommend to setup the _msdcs subzone of the root as a > forest wide app-partition, so that all DCs receive a copy (in this case > DNS queries for GCs and DC GUIDs would still work in the even that no > root DC is available to answer any forwarding queries). > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark > Sent: Montag, 25. April 2005 19:11 > To: [email protected] > Subject: [ActiveDir] Recommended DNS settings in 3 domain forest > > I'd like to solicit a little advice on our AD design with respect to > DNS. We have an "empty" forest > root domain, and two subdomains. Each domain has at least 3 DCs, two in > the main subnet at our > corporate office, and one in a remote office. All DCs have DNS > installed, all AD-integrated. Each DC's > DNS has a copy of its own zone, and has forwarders set up to the root > domain. That domain has > forwarders to our "external" DNS servers. > > My question is, on each of the DCs, how should their own DNS settings be > set? That is, what DNS > server(s) should a particular DC use for its DNS queries? > > I've tried a few different approaches, and I think I understand the > concept of islanding, but I'm not > totally clear on that. My goal is simply to make sure all DNS queries > from the users (who all exist in > the two sub-domains) run smoothly, and that replication is reliable. > > Different ideas I've tried: > > 1. Each DC has itself as a primary DNS, and a forest root DC as > secondary > 2. Each DC has a partner DC in the same domain as a primary, and a > forest root DC as secondary > 3. Each DC has itself as primary, and a partner DC in the same domain as > secondary; no root DC defined > > I'd like to just do whatever best practice would be and then leave it > alone. Thanks as always for your > advice! > > Mark > > This e-mail transmission contains information that is intended to be > confidential and privileged. If you receive this e-mail and you are not > a named addressee you are hereby notified that you are not authorized to > read, print, retain, copy or disseminate this communication without the > consent of the sender and that doing so is prohibited and may be > unlawful. Please reply to the message immediately by informing the > sender that the message was misdirected. After replying, please delete > and otherwise erase it and any attachments from your computer system. > Your assistance in correcting this error is appreciated. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail transmission contains information that is intended to be > confidential and privileged. If you receive this e-mail and you are not > a named addressee you are hereby notified that you are not authorized to > read, print, retain, copy or disseminate this communication without the > consent of the sender and that doing so is prohibited and may be > unlawful. Please reply to the message immediately by informing the > sender that the message was misdirected. After replying, please delete > and otherwise erase it and any attachments from your computer system. > Your assistance in correcting this error is appreciated. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail transmission contains information that is intended to be > confidential and privileged. If you receive this e-mail and you are not > a named addressee you are hereby notified that you are not authorized to > read, print, retain, copy or disseminate this communication without the > consent of the sender and that doing so is prohibited and may be > unlawful. Please reply to the message immediately by informing the > sender that the message was misdirected. After replying, please delete > and otherwise erase it and any attachments from your computer system. > Your assistance in correcting this error is appreciated. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail transmission contains information that is intended to be > confidential and privileged. If you receive this e-mail and you are not a > named addressee you are hereby notified that you are not authorized to read, > print, retain, copy or disseminate this communication without the consent of > the sender and that doing so is prohibited and may be unlawful. Please reply > to the message immediately by informing the sender that the message was > misdirected. After replying, please delete and otherwise erase it and any > attachments from your computer system. Your assistance in correcting this > error is appreciated. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
