Archived from groups: microsoft.public.win2000.dns (
More info?)
"Dustin K" <dustin@impark.com> wrote in message
news:#MUETm#gEHA.644@tk2msftngp13.phx.gbl...
> Thanks for the insights,
>
> I didn't know that 2K3 had conditional forwarding. The root server will
most
> likely be 2K3 along with any other server purchases. Some servers will be
2K
> though. Sorry to post a confusing question, 2K and 2K3 look similar to me.
I
> didn't think that the network was that complex. It's based off a Mainframe
> with terminals (still going) and Netware servers were added in the late
80's
> or early 90's (still running).
You probably should only have ONE domain -- at most a few.
> There is also an NT domain running in a few
> cities with NT4 and 3.51. Some offices use Linux servers. My goal is to
> replace all of it with an AD structure (mama hates a coward!).
These should be consolidate -- either initially or ASAP.
> The design is using child domains and separate trees to 1) try and reduce
> replication (56k frame relay), and
That's what Sites are normally used to control.
> 2) separate business entities.
That's more what domains are far.
> All I really want to do is to stop child domains from using the parent DNS
> servers for external queries to the internet.
That's completely separate from Domain design. You can stop
that just by using the conditional forwarding but must use Win2003
for conditional forwarding or one of the other methods.
> So if I read the answer right,
> Windows 2K3 can do this? I assume that 2K3 would need to be at the
branches
> (child level).
One mistake you may be making is in designing all three ideas
at once.
Domain design comes first, then SIMPLE DNS design, then optimize
for efficiency and control.
Mentally separate "resolving for YOUR RESOURCE" from "helping
your clients resolve including the Internet" -- they are really two
different
jobs even though many DNS servers will do both for efficiency.
> Will Windows 2K3 DNS servers with conditional forwarding and sutb zones
> repliacte with Windows 2K DNS servers?
Sure.
> I'm guessing that the 2K DNS server will just ignore any info that it
can't
> handle,
Win2K and Win2003 support the same records so it isn't an issue.
The Win2003 DNS servers have more (operational) features.
> so any branch office setup with 2K DNS servers would still forward
> all queries to the parent?
It could but that's not the default or built-in to ANY DNS server -- you
would do that with conditional forwarding or cross secondaries or stubs.
> <---- If that's true, than a Win2K server could
> be used at the top parent level? (probably not going to happen, just
> curious).
I can make it work with any of them -- it's much easier with Win2003.
> Thanks again for reading!
>
> PS. I do like the single domain model better. Oh well.
Or a few -- how many really separate companies do you really have?
(but still in the same resource sharing environment)
How many security account policies (password, lockout, or kerberos)?
How many political issues where the admins INSIST on owning their
own resources but still want to be part of the forest/truth relationship?
It's those last three questions that determine ALMOST EVERY domain
boundary.
You can call me if you wish to talk it through -- might clear some stuff
up faster -- phone number is on my web site: LearnQuick.Com
--
Herb Martin
>
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23GShQP%23gEHA.2908@TK2MSFTNGP10.phx.gbl...
> > "Dustin K" <dustin@impark.com> wrote in message
> > news:#FKjY$9gEHA.2764@TK2MSFTNGP11.phx.gbl...
> > > Hi all,
> > >
> > > I am working on an AD design and am having trouble determining the
best
> > DNS
> > > design.
> > >
> > > It has been decided that the AD forest will have 5 trees with one of
the
> > > trees having 6 child domains. [example.com, hq.example.com,
> > > branch1.example.com, etc]. Each bramch id hooked directly to the root
> > domain
> > > by 56k frame relay as well as hooked directly to the internet by DSL.
> >
> > That is an amazingly complex domain structure -- and without details
> > sounds suspiciously like a good part of your real problem.
> >
> > Also odd is a company with such complexity who would not be using
> > Win2003.
> >
> > The general DNS solution for such a forest is a true "root" in the
> internal
> > namespace that can delegate all top level domains (the way the Internet
> > does) and thus allow all DNS servers to use root hints/cache-file to
find
> > every other zone.
> >
> > This DOES however cause a problem if you must also resolve the Internet.
> >
> > > Is it possible to set up a branches DNS server to resolve names for
the
> > > branch, forward requests for *.example.com to a root DNS server and
> > forward
> > > all other requests to the branches DSL DNS servers?
> >
> > Sounds like "conditional forwarding" which first appears in Win2003 DNS.
> >
> > You should almost certainly be using Win2003 -- it offers conditional
> > forwarding,
> > and another (partial) solution to your problem: Stub zones.
> >
> > The Win2000 solution is usually to hold "cross secondaries" for all
other
> > zones -- but that quickly becomes unmanagable with a large number of
> > zones/domains as you intend to create (again, rething THAT decision).
> >
> >
> > > This way DNS requests at
> > > the root would be only for internal traffic and the frame wouldn't be
> used
> > > for traffic destined to the internet.
> > >
> >
> > Why do you need to many trees and domains?
> >
> > --
> > Herb Martin
> >
> >
> > > Thanks for reading!!
> > >
> > > Dustin
> > >
> > >
> >
> >
>
>
Facebook
Twitter
Instagram