We could do that. In fact, in the long run that might be a good idea because of the amount of traffic that we have between these two domains.
But one thing I have been noticing is that site DNS server in domain 1 can't obtain any authortive responses from domain 2 even though the DC DNS servers in domain 1 can obtain the authorative responses. I'm getting more confused as I look into this issue. -----Original Message----- From: Phil Renouf [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:11 AM To: [email protected] Subject: Re: [ActiveDir] DNS Issue In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues and I > was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our domains > are divided for divisions who all operate individually (with the exception > of the root of course.) We have shared resources in each others domains > that we all need to and some of our DNS isn't work and some of it is. I > know why things aren't working but at times I'm not sure why it is. Very > confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has a > number of zones configured including the _msdcs.rootdomain.com zone (for > forwarding forest traffic lookup and they forward all other traffic to their > internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers and > they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with forwards > to rootdomain.com with the IP address of the rootdomain DNS servers and then > all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they are > using the dns2.domain1.rootdomain.com server they are unable to find all of > the servers in the domain2.rootdomain.com domain. Although I think the > approach of domain1 isn't what I would consider optimal because I prefer AD > integrated DNS, I would still think that with the extra hop these server > should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com > PC queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com > dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, cannot > find it, it forwards to rootdomain.com > rootdomain.com then forwards request to dc.domain2.rootdomain.com, which > returns the IP address of srv2.domain2.rootdomain.com > > Maybe this is too confusing to put in an e-mail or maybe I didn't word it > right. But if I did, does this sound correct. > > I do know that when I have the PCs at that site1 change their DNS servers > from the dns1.domain1.rootdomain.com to dc.domain1.rootdomain.com and try to > query they are able to get to my servers. I'm wondering if we just need to > add a few more forward lookup for the rootdomain.com or add the > _msdcs.rootdomain.com to that servers DNS? > > Wow, I'm long winded today. > > Charlie > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
