DNS with 2 domains

Toggle sidebar Toggle sidebar
A

Andrew

Distinguished
Mar 31, 2004
2,439
0
19,780
Archived from groups: microsoft.public.win2000.dns (More info?)

Just joined 2 networks via vpn. One network has domain1.com, the new one
has domain2.com, we have dns setup so that domain1.com uses its own dns
servers for name resolution, so does domain2's. We would like some of
domain1's server be accessible by name from domain2 and vice versa. How can
I get domain1 to access a server on domain2 (I believe I can add a dns
record?), I can do this via a hosts file on a client, but would rather
manage it from a central location.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:eokMj3VJFHA.2784@TK2MSFTNGP09.phx.gbl,
Andrew <noone@nowhere.com> commented
Then Kevin replied below:
> Just joined 2 networks via vpn. One network has
> domain1.com, the new one has domain2.com, we have dns
> setup so that domain1.com uses its own dns servers for
> name resolution, so does domain2's. We would like some
> of domain1's server be accessible by name from domain2
> and vice versa. How can I get domain1 to access a server
> on domain2 (I believe I can add a dns record?), I can do
> this via a hosts file on a client, but would rather
> manage it from a central location.

Not by just adding a record. You need to add a zone. On each primary, allow
zone transfers to the other DNS server IP. Then, create a secondary zone for
the other domain on each DNS server.
Then you can set up trust between these two domains so you can share
resources to the other domain's users through explicit permissions.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
A

Ade

Distinguished
May 5, 2004
81
0
18,630
Archived from groups: microsoft.public.win2000.dns (More info?)

Thankyou,

What if the zones are AD integrated kevin, should they be changed to
primary?


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eiPf24WJFHA.576@TK2MSFTNGP15.phx.gbl...
> In news:eokMj3VJFHA.2784@TK2MSFTNGP09.phx.gbl,
> Andrew <noone@nowhere.com> commented
> Then Kevin replied below:
> > Just joined 2 networks via vpn. One network has
> > domain1.com, the new one has domain2.com, we have dns
> > setup so that domain1.com uses its own dns servers for
> > name resolution, so does domain2's. We would like some
> > of domain1's server be accessible by name from domain2
> > and vice versa. How can I get domain1 to access a server
> > on domain2 (I believe I can add a dns record?), I can do
> > this via a hosts file on a client, but would rather
> > manage it from a central location.
>
> Not by just adding a record. You need to add a zone. On each primary,
allow
> zone transfers to the other DNS server IP. Then, create a secondary zone
for
> the other domain on each DNS server.
> Then you can set up trust between these two domains so you can share
> resources to the other domain's users through explicit permissions.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Oa8hlAXJFHA.4012@TK2MSFTNGP09.phx.gbl,
ade <somewhere@nowhere.com> commented
Then Kevin replied below:
> Thankyou,
>
> What if the zones are AD integrated kevin, should they be
> changed to primary?

No, but you will notice events logged due to the continual incremental zone
transfers. This is due to the dynamic registrations and not the type of
zone. You should ignore these events and be glad you are getting them to
remind you that dynamic registration is working.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
A

Ade

Distinguished
May 5, 2004
81
0
18,630
Archived from groups: microsoft.public.win2000.dns (More info?)

Kevin,

Just got the below working a treat with zone transfers, thankyou. How can I
go about having machines from one domain actually resolving the names in the
other domain though? The macines from one domain seem to only resolve names
from their own domain.

I have got the clients pointing towards their own dc only, but the dc has
both dns zones running? I'm a little comfused?

Thanks


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:uChbPNXJFHA.1172@TK2MSFTNGP12.phx.gbl...
> In news:Oa8hlAXJFHA.4012@TK2MSFTNGP09.phx.gbl,
> ade <somewhere@nowhere.com> commented
> Then Kevin replied below:
> > Thankyou,
> >
> > What if the zones are AD integrated kevin, should they be
> > changed to primary?
>
> No, but you will notice events logged due to the continual incremental
zone
> transfers. This is due to the dynamic registrations and not the type of
> zone. You should ignore these events and be glad you are getting them to
> remind you that dynamic registration is working.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uQNiVdKKFHA.3652@TK2MSFTNGP10.phx.gbl,
ade <somewhere@nowhere.com> commented
Then Kevin replied below:
> Kevin,
>
> Just got the below working a treat with zone transfers,
> thankyou. How can I go about having machines from one
> domain actually resolving the names in the other domain
> though? The macines from one domain seem to only resolve
> names from their own domain.
>
> I have got the clients pointing towards their own dc
> only, but the dc has both dns zones running? I'm a
> little comfused?

If you created a secondary for the other domain's zone on each DNS they can,
if you have the correct DNS address in the clients. The clients must use
their own local DNS server for the domain, only.
If you want the machines from each domain to resolve the other machines by
host name only, instead of FQDN you will have to add the other domain to the
DNS suffix search list or use WINS.
There are two ways to add the DNS suffix search list, one is manually add it
to each machine, the other is add the other domain to the connection DNS
suffix through DHCP option 015 or by manually adding it to the DNS tab on
Win2k and later in the field DNS suffix for this connection. The DNS client
automatically adds both the Primary and Connection specific DNS suffixes to
the DNS suffix search list. The latter can be a problem if you have legacy
clients being registered in DNS by DHCP, which uses option 015 for DNS
registration.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
A

Ade

Distinguished
May 5, 2004
81
0
18,630
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks again Kevin,

When I ping a host in the other domain, it comes nack with unkown host. Is
there a way to add a dns suffix en mass? If I modify the dns suffixes, can
this cause any issues? I'd ideally like all clients using one dns server
that can contact both domains to resolve names as we are practicing a domain
migration.

Thanks again for your help

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OxyEKoKKFHA.1500@TK2MSFTNGP09.phx.gbl...
> In news:uQNiVdKKFHA.3652@TK2MSFTNGP10.phx.gbl,
> ade <somewhere@nowhere.com> commented
> Then Kevin replied below:
> > Kevin,
> >
> > Just got the below working a treat with zone transfers,
> > thankyou. How can I go about having machines from one
> > domain actually resolving the names in the other domain
> > though? The macines from one domain seem to only resolve
> > names from their own domain.
> >
> > I have got the clients pointing towards their own dc
> > only, but the dc has both dns zones running? I'm a
> > little comfused?
>
> If you created a secondary for the other domain's zone on each DNS they
can,
> if you have the correct DNS address in the clients. The clients must use
> their own local DNS server for the domain, only.
> If you want the machines from each domain to resolve the other machines
by
> host name only, instead of FQDN you will have to add the other domain to
the
> DNS suffix search list or use WINS.
> There are two ways to add the DNS suffix search list, one is manually add
it
> to each machine, the other is add the other domain to the connection DNS
> suffix through DHCP option 015 or by manually adding it to the DNS tab on
> Win2k and later in the field DNS suffix for this connection. The DNS
client
> automatically adds both the Primary and Connection specific DNS suffixes
to
> the DNS suffix search list. The latter can be a problem if you have legacy
> clients being registered in DNS by DHCP, which uses option 015 for DNS
> registration.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23dsWt7KKFHA.3512@TK2MSFTNGP15.phx.gbl,
ade <somewhere@nowhere.com> commented
Then Kevin replied below:
> Thanks again Kevin,
>
> When I ping a host in the other domain, it comes nack
> with unkown host. Is there a way to add a dns suffix en
> mass? If I modify the dns suffixes, can this cause any
> issues? I'd ideally like all clients using one dns
> server that can contact both domains to resolve names as
> we are practicing a domain migration.

DHCP has no option for adding the DNS suffix search list, it can only add a
connection specific DNS suffix with option 015, which will add the DNS
suffix search. I would *not* recommend this because this will cause your
local DDNS clients will use this suffix to register in the other domain.

You can create a script to add the DNS suffix search list.
How to Configure a Domain Suffix Search List on the Domain Name System
Clients:
http://support.microsoft.com/default.aspx?scid=kb;en-us;275553

Win2k3 added this in a GPO, but the GPO only works on WinXP & Win2k3
clients.
New Group Policies for DNS in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
A

Ade

Distinguished
May 5, 2004
81
0
18,630
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks again Kevin, so, you would leave Option 15 in dhcp blank, and just
use the script?

Which domain would you set to be the first in suffix list, the one they are
a memeber of? the one they are to be migrated to? or change the suffix once
migrated?

Sorry to rattle on a bit, i just want to know all the facts and get things
right.

Thanks in advance.

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%23BdskMLKFHA.2772@TK2MSFTNGP14.phx.gbl...
> In news:%23dsWt7KKFHA.3512@TK2MSFTNGP15.phx.gbl,
> ade <somewhere@nowhere.com> commented
> Then Kevin replied below:
> > Thanks again Kevin,
> >
> > When I ping a host in the other domain, it comes nack
> > with unkown host. Is there a way to add a dns suffix en
> > mass? If I modify the dns suffixes, can this cause any
> > issues? I'd ideally like all clients using one dns
> > server that can contact both domains to resolve names as
> > we are practicing a domain migration.
>
> DHCP has no option for adding the DNS suffix search list, it can only add
a
> connection specific DNS suffix with option 015, which will add the DNS
> suffix search. I would *not* recommend this because this will cause your
> local DDNS clients will use this suffix to register in the other domain.
>
> You can create a script to add the DNS suffix search list.
> How to Configure a Domain Suffix Search List on the Domain Name System
> Clients:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;275553
>
> Win2k3 added this in a GPO, but the GPO only works on WinXP & Win2k3
> clients.
> New Group Policies for DNS in Windows Server 2003:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;294785
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uVB5MAUKFHA.3332@TK2MSFTNGP15.phx.gbl,
ade <somewhere@nowhere.com> commented
Then Kevin replied below:
> Thanks again Kevin, so, you would leave Option 15 in dhcp
> blank, and just use the script?
>
> Which domain would you set to be the first in suffix
> list, the one they are a memeber of? the one they are to
> be migrated to? or change the suffix once migrated?


I would set the local suffix first, but IMO, I don't think it makes that
much difference.
Is this going to be a migration?
Or are you just setting up a trust between these domains?



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Both really,

I would ike to test all name resolution before any objects are migrated so
will establish a trust first. I've just built 2 test domains to try all the
ideas/suggestions I read here on first, and name resolution is one part I
really really want to get my head around and get right.

Thanks again for your help.

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ufGuNVYKFHA.2880@TK2MSFTNGP09.phx.gbl...
> In news:uVB5MAUKFHA.3332@TK2MSFTNGP15.phx.gbl,
> ade <somewhere@nowhere.com> commented
> Then Kevin replied below:
>> Thanks again Kevin, so, you would leave Option 15 in dhcp
>> blank, and just use the script?
>>
>> Which domain would you set to be the first in suffix
>> list, the one they are a memeber of? the one they are to
>> be migrated to? or change the suffix once migrated?
>
>
> I would set the local suffix first, but IMO, I don't think it makes that
> much difference.
> Is this going to be a migration?
> Or are you just setting up a trust between these domains?
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom