secondary DNS updating

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

How can I stop a secondary DNS zone from updating. I would like to create a
secondary DNS zone so all the SRV records are pulled over to the remote DNS
server. But since I am using NAT, I would like to delete all the A records
and add only the ones that need to be added (ie Servers) and add them with
the outside address. Is there a way to make sure the secondary DNS zone is
not updated at ALL?

Thanks
Dev

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
> How can I stop a secondary DNS zone from updating. I would like to create
a
> secondary DNS zone so all the SRV records are pulled over to the remote
DNS
> server.

Make it a Primary.

That answers your question, but I am not
sure if it will accomplish your real goal.

> But since I am using NAT, I would like to delete all the A records
> and add only the ones that need to be added (ie Servers) and add them with
> the outside address. Is there a way to make sure the secondary DNS zone is
> not updated at ALL?

It's not a secondary unless it does zone transfer
from a master -- Primaries don't do that so you
can use a secondary to "prime" a (shadow) zone
initially and then make it a Primary to break the
replication.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

As Herb mentions, this really isn't a secondary. Usually, in cases like
these, a different server is used for external zones and the A records are
added manually with the external addresses. They can have the same DNS
Domain names but never be aware of one another.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
> How can I stop a secondary DNS zone from updating. I would like to create
> a
> secondary DNS zone so all the SRV records are pulled over to the remote
> DNS
> server. But since I am using NAT, I would like to delete all the A records
> and add only the ones that need to be added (ie Servers) and add them with
> the outside address. Is there a way to make sure the secondary DNS zone is
> not updated at ALL?
>
> Thanks
> Dev

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Since I need the SRVs to help with establishing a trust. Can I create a
secondary zone on the DNS server in the remote domain. Then convert it to a
primary with SOA being the DNS server of the remote domain so there are no
updates from my domain? Once that is done, I can remove all the IP addresses
and re-populate with the correct IPs?

Thanks
Dev

"Ryan Hanisco" wrote:

> As Herb mentions, this really isn't a secondary. Usually, in cases like
> these, a different server is used for external zones and the A records are
> added manually with the external addresses. They can have the same DNS
> Domain names but never be aware of one another.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
> Chicago, IL
>
> "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
> > How can I stop a secondary DNS zone from updating. I would like to create
> > a
> > secondary DNS zone so all the SRV records are pulled over to the remote
> > DNS
> > server. But since I am using NAT, I would like to delete all the A records
> > and add only the ones that need to be added (ie Servers) and add them with
> > the outside address. Is there a way to make sure the secondary DNS zone is
> > not updated at ALL?
> >
> > Thanks
> > Dev
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:47D4BAE3-413C-4833-B122-FCCFA8639353@microsoft.com...
> Since I need the SRVs to help with establishing a trust. Can I create a
> secondary zone on the DNS server in the remote domain. Then convert it to
a
> primary with SOA being the DNS server of the remote domain so there are no
> updates from my domain? Once that is done, I can remove all the IP
addresses
> and re-populate with the correct IPs?

Yes, you CAN.

If may not do what you (really) wish to accomplish
but the principle is valid.

I frequently setup new AD domains this way, by
initially basing them on the CURRENT DNS that
was in use before AD was (to be) installed.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thank Herb..

My main problem is I am trying to trust two different domains in two
different forests. I am going through a firewall that is NATing one side.
When I try and create the trust it can not find the domain, yet I can ping
the remote DCs and I can do a NET SEND to the domain with success. So if you
have any ideas on what I can try, I would greatly appreciate it.

Thanks
Dev

"Herb Martin" wrote:

> "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> news:47D4BAE3-413C-4833-B122-FCCFA8639353@microsoft.com...
> > Since I need the SRVs to help with establishing a trust. Can I create a
> > secondary zone on the DNS server in the remote domain. Then convert it to
> a
> > primary with SOA being the DNS server of the remote domain so there are no
> > updates from my domain? Once that is done, I can remove all the IP
> addresses
> > and re-populate with the correct IPs?
>
> Yes, you CAN.
>
> If may not do what you (really) wish to accomplish
> but the principle is valid.
>
> I frequently setup new AD domains this way, by
> initially basing them on the CURRENT DNS that
> was in use before AD was (to be) installed.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:F5C8BF33-88DB-4A27-A9FF-16A3EBCA1097@microsoft.com...
> Thank Herb..
>
> My main problem is I am trying to trust two different domains in two
> different forests.

That has nothing to do with such DNS schemes.
(really)

Trusts between domains from different forests actually
require NetBIOS name resolution which pratically means
that you need WINS Server(s) if you have more than one
subnet (as you do.)

> I am going through a firewall that is NATing one side.

What does this have to do with wishing to split your DNS
for the domains?

All internal DNS servers (i.e., internal to your networks)
should provide the SAME answers.

The only "split" (or Shadow) DNS in most cases should
be between what you show on the Internet and what you
show to your domain computers.

> When I try and create the trust it can not find the domain, yet I can ping
> the remote DCs and I can do a NET SEND to the domain with success. So if
you
> have any ideas on what I can try, I would greatly appreciate it.

That is a NetBIOS issue.

Have ALL of the DCs in all (involved) domains register
with the same WINS database.