How to configure DNS in a forest

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi

We have a Windows 2000 installation configured as a forest with a root
domain (ROOT.INT) and two sub-domains (A.ROOT.INT & B.ROOT.INT).
In one site, we have two DCs for the ROOT.INT domain, two DCs for A.ROOT.INT
and one DC for B.ROOT.INT.

In that site, all client computers are member of A.ROOT.INT domain.

How should DNS be configured for the clients to be able to resolve IP
address for DNS name records in ROOT.INT AND B.ROOT.INT?
On my A.ROOT.INT servers, do I have to add the ROOT.INT DCs and the
B.ROOT.INT DCs as DNS root hints or should the A.ROOT.INT DCs automatically
forward any unknown requests to ROOT.INT or B.ROOT.INT DCs?

I assume that I should publish the A.ROOT.INT servers as DNS servers for
clients?

Are there any best practice documents from Microsoft that describes this
scenario?

Some help is appreciated.

Thanks.

/Thomas O

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Kevin

Thanks for your reply.

We do like you suggest today, but we think it is kind of messy and not as
streamlined as we would like it to be.
Since we already have 2 DCs for domain A, 1 DC for domain B and 2 DCs for
domain ROOT in one site, we hoped that it was possible to utilize each of
the DCs DNS better without using zone transfer.

So setting up root hints on domain A for domains B and ROOT is not possible?

Thanks.

/Thomas O

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news3E3dVVVFHA.2796@TK2MSFTNGP09.phx.gbl...
> Thomas Olsen wrote:
>> Hi
>>
>> We have a Windows 2000 installation configured as a forest with a root
>> domain (ROOT.INT) and two sub-domains (A.ROOT.INT & B.ROOT.INT).
>> In one site, we have two DCs for the ROOT.INT domain, two DCs for
>> A.ROOT.INT and one DC for B.ROOT.INT.
>>
>> In that site, all client computers are member of A.ROOT.INT domain.
>>
>> How should DNS be configured for the clients to be able to resolve IP
>> address for DNS name records in ROOT.INT AND B.ROOT.INT?
>> On my A.ROOT.INT servers, do I have to add the ROOT.INT DCs and the
>> B.ROOT.INT DCs as DNS root hints or should the A.ROOT.INT DCs
>> automatically forward any unknown requests to ROOT.INT or B.ROOT.INT
>> DCs?
>>
>> I assume that I should publish the A.ROOT.INT servers as DNS servers
>> for clients?
>>
>> Are there any best practice documents from Microsoft that describes
>> this scenario?
>
> Under Win2k the way to resolve this is to use Secondary zones on the DNS
> servers for the other domain. (A on B and B on A)
>
>
> --?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Kevin

I got another tip as well.

On DCs in A.ROOT.INT, set up forwarding to ROOT.INT DCs. By doing this, you
will be able to resolve DNS records in both ROOT.INT and B.ROOT.INT
(B.ROOT.INT DNS is delegated from ROOT.INT) as well as B.ROOT.INT.

The only issues we see is that if we have none-AD integrated zones in
B.ROOT.INT, it has to be transferred to ROOT.INT, since the delegation is
only for the B.ROOT.INT AD integrated zone.

Any comments to this setup?

Thanks.

/Thomas O

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
newsC9A1oVVFHA.1376@TK2MSFTNGP10.phx.gbl...
> Thomas Olsen wrote:
>> Hi Kevin
>>
>> Thanks for your reply.
>>
>> We do like you suggest today, but we think it is kind of messy and
>> not as streamlined as we would like it to be.
>> Since we already have 2 DCs for domain A, 1 DC for domain B and 2 DCs
>> for domain ROOT in one site, we hoped that it was possible to utilize
>> each of the DCs DNS better without using zone transfer.
>>
>> So setting up root hints on domain A for domains B and ROOT is not
>> possible?
>
> No, it is not possible, since DNS will only ask for referrals from the
> Root
> servers which are authoritative over the "." root domain.
> Win2k3 makes it easier through the use of conditional forwarders or stub
> zones, neither of these are supported by Win2k.
> If you add these DNS servers to the Root hints it just messes up all
> resolution since they aren't root servers.
>
>
>
> --?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Archived from groups: microsoft.public.win2000.dns (More info?)

Could or will it be a problem if I don't check the "Do not use recursion"
box on the child domain DCs and make them also use root hints?

Regarding none-AD integrated zones, I may have not been clear enough.
What I meant was as follows:

We have a couple of standard secondary zones from a completely different
domain on our B.ROOT.INT DCs. Even if I configure forwarders from A.ROOT.INT
to either ROOT.INT or B.ROOT.INT, I am not able to resolve any names in
those standard secondary zones from a computer in A.ROOT.INT domain.
ROOT.INT has delegated B.ROOT.INT but not the other standard secondary
zones.

I did a test, and it works if I also transfer those standard secondary zones
to ROOT.INT DCs.

/Thomas O

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eP84l1sVFHA.3544@TK2MSFTNGP12.phx.gbl...
> Thomas Olsen wrote:
>> Hi Kevin
>>
>> I got another tip as well.
>>
>> On DCs in A.ROOT.INT, set up forwarding to ROOT.INT DCs. By doing
>> this, you will be able to resolve DNS records in both ROOT.INT and
>> B.ROOT.INT (B.ROOT.INT DNS is delegated from ROOT.INT) as well as
>> B.ROOT.INT.
> I see, I missed the Root.int domain in the original post. This does make a
> difference, what you do is forward both the A.ROOT.INT and the B.ROOT.INT
> to
> the ROOT.INT DNS. Then delegate both A and B in the ROOT.INT zone. You
> will
> also need to check the box "Do not use recursion" on the A and B.ROOT.INT
> DNS servers to prevent them from using root hints. In this case, only the
> ROOT.INT DNS servers should forward to the ISP and be able to use Root
> Hints.
>
>> The only issues we see is that if we have none-AD integrated zones in
>> B.ROOT.INT, it has to be transferred to ROOT.INT, since the
>> delegation is only for the B.ROOT.INT AD integrated zone.
>
> Whether B.ROOT.INT is AD integrated or not has no relevance for the
> delegation.
>
>
>
>
>
> --?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>