Sign in with
Sign up | Sign in
Your question

Active Directory Integrated DNS across multiple domains

Last response: in Windows 2000/NT
Share
Anonymous
March 2, 2005 6:41:41 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I have a Windows 2000/2003 server forest with three domains. The root
domain, it's child, and a second top level domain.

The root domain has 4 domain controllers and DNS records for all of the
domains, including several other domains that don't have anything to do with
Active directory. The DNS zones for all of the domains are active directory
integrated.

This works for all 4 domain controllers within the root domain, they all
have DNS running and working and synchronized through the active directory.

However the child domain and the other primary do not have the DNS zones
replicated to them, I assume this is because they are in another domain.
Now this doesn't cause any problems network wise, because I just point all
of the machines to one of the DNS's in the root domain anyway. However, it
dawned on me that this may not be best practice and so I wanted some advice
or second opinion. Especially since the domain controllers from the child
and second primary domain must point to the root domain controllers for
their DNS... I have a feeling that may not be the best scenario.

If more information is needed, please let me know.

--
Alan Coleman
Network Administrator
St. Joseph's Villa
Anonymous
March 2, 2005 6:41:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:o r0Spg2HFHA.3760@TK2MSFTNGP12.phx.gbl,
Alan Coleman <technology@sjvmail.net> commented
Then Kevin replied below:
> I have a Windows 2000/2003 server forest with three
> domains. The root domain, it's child, and a second top
> level domain.
>
> The root domain has 4 domain controllers and DNS records
> for all of the domains, including several other domains
> that don't have anything to do with Active directory.
> The DNS zones for all of the domains are active directory
> integrated.
>
> This works for all 4 domain controllers within the root
> domain, they all have DNS running and working and
> synchronized through the active directory.
>
> However the child domain and the other primary do not
> have the DNS zones replicated to them, I assume this is
> because they are in another domain. Now this doesn't
> cause any problems network wise, because I just point all
> of the machines to one of the DNS's in the root domain
> anyway. However, it dawned on me that this may not be
> best practice and so I wanted some advice or second
> opinion. Especially since the domain controllers from
> the child and second primary domain must point to the
> root domain controllers for their DNS... I have a feeling
> that may not be the best scenario.
>
> If more information is needed, please let me know.

The best practice will depend on the OS of the DC/DNS servers.
It would be best to go ahead an delegate the child names in the parent zone,
regardless of OS.
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;255248&sd=RMVP

But Win2k3 has the added option of conditional forwarders, that is
forwarding based on the domain name.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
March 2, 2005 7:53:53 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

My one concern with that, is that in both the child domain and the second
top level domain there is only one domain control (and therefore one DNS
server), I suppose though that this does not matter considering if the
domain control does go down, it will not matter if DNS is available or
unavailable... thank you for your input.

--
Alan Coleman
Network Administrator
St. Joseph's Villa
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ui$Er82HFHA.3868@TK2MSFTNGP10.phx.gbl...
> In news:o r0Spg2HFHA.3760@TK2MSFTNGP12.phx.gbl,
> Alan Coleman <technology@sjvmail.net> commented
> Then Kevin replied below:
> > I have a Windows 2000/2003 server forest with three
> > domains. The root domain, it's child, and a second top
> > level domain.
> >
> > The root domain has 4 domain controllers and DNS records
> > for all of the domains, including several other domains
> > that don't have anything to do with Active directory.
> > The DNS zones for all of the domains are active directory
> > integrated.
> >
> > This works for all 4 domain controllers within the root
> > domain, they all have DNS running and working and
> > synchronized through the active directory.
> >
> > However the child domain and the other primary do not
> > have the DNS zones replicated to them, I assume this is
> > because they are in another domain. Now this doesn't
> > cause any problems network wise, because I just point all
> > of the machines to one of the DNS's in the root domain
> > anyway. However, it dawned on me that this may not be
> > best practice and so I wanted some advice or second
> > opinion. Especially since the domain controllers from
> > the child and second primary domain must point to the
> > root domain controllers for their DNS... I have a feeling
> > that may not be the best scenario.
> >
> > If more information is needed, please let me know.
>
> The best practice will depend on the OS of the DC/DNS servers.
> It would be best to go ahead an delegate the child names in the parent
zone,
> regardless of OS.
> 255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
> DNS Namespace to the Child Domain
> http://support.microsoft.com/default.aspx?scid=kb;en-us;255248&sd=RMVP
>
> But Win2k3 has the added option of conditional forwarders, that is
> forwarding based on the domain name.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Related resources
Anonymous
March 3, 2005 11:25:08 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Best practices always recommend a minimum of two DCs per AD site. This covers
not just DNS but a host of other functions (e.g. authentication, load
balancing, availability, etc.) - the list goes on.

DNS is integral and crucial to AD operations; without it, it is like driving
a car without wheels.

Hope this info is helpful. Do let us know. Thanks!


"Alan Coleman" wrote:

> My one concern with that, is that in both the child domain and the second
> top level domain there is only one domain control (and therefore one DNS
> server), I suppose though that this does not matter considering if the
> domain control does go down, it will not matter if DNS is available or
> unavailable... thank you for your input.
>
> --
> Alan Coleman
> Network Administrator
> St. Joseph's Villa
Anonymous
March 5, 2005 2:17:04 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

If you really want DNS in your child domain, I would recommend you put one
(or two) 2003 DC's in the child domain, this will allow you to integrate the
Domain Zone into Forest Wide replication (new only to 2003). This will allow
the entire zone to replication to all DNS servers within the forest, not just
the domain. Beware however, if you do this and you have a 2000 DNS server, it
wil no longer receive a copy of the zone.

Delegation of the child zone would work too, but given limited size
networks, that might be alot of overhead for something so simple. Just make
sure you have at least 2 DNS servers for your domain/forest.




"Desmond Lee" wrote:

> Best practices always recommend a minimum of two DCs per AD site. This covers
> not just DNS but a host of other functions (e.g. authentication, load
> balancing, availability, etc.) - the list goes on.
>
> DNS is integral and crucial to AD operations; without it, it is like driving
> a car without wheels.
>
> Hope this info is helpful. Do let us know. Thanks!
>
>
> "Alan Coleman" wrote:
>
> > My one concern with that, is that in both the child domain and the second
> > top level domain there is only one domain control (and therefore one DNS
> > server), I suppose though that this does not matter considering if the
> > domain control does go down, it will not matter if DNS is available or
> > unavailable... thank you for your input.
> >
> > --
> > Alan Coleman
> > Network Administrator
> > St. Joseph's Villa
>
!