Single forward lookup zone for single AD domain with multi..

ws

Distinguished
Apr 9, 2004
25
0
18,530
Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Everyone,

We have a single AD domain spanning multiple sites, each of which uses a
separate subnet (192.168.0.0/24 and 192.168.1.0/24).

For the DNS setup, we have a single company.local AD-Integrated forward
lookup zone that contains host records for both the 192.168.0.0/24 and
192.168.1.0/24 subnets listed above. For reverse lookup, we have two reverse
AD-Integrated zones for each subnet.

Is this the correct setup for the scenario?

Thanks :eek:)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23eMxxwMvFHA.2132@TK2MSFTNGP15.phx.gbl,
WS <me@myplace.com> made this post, which I then commented about below:
> Hi Everyone,
>
> We have a single AD domain spanning multiple sites, each of which
> uses a separate subnet (192.168.0.0/24 and 192.168.1.0/24).
>
> For the DNS setup, we have a single company.local AD-Integrated
> forward lookup zone that contains host records for both the
> 192.168.0.0/24 and 192.168.1.0/24 subnets listed above. For reverse
> lookup, we have two reverse AD-Integrated zones for each subnet.
>
> Is this the correct setup for the scenario?
>
> Thanks :eek:)

Sounds like it. Even if you have two locations, as you've pointed out, you
only have one domain, hence why the company.local zone has records for both
locations. The zone is based on AD's DNS Domain name.

I would suggest to have two DC/DNS servers at each location. Have the users
in their respective locations point to the DNS server in that location
first, and the other DNS as their second entry. Reminder not to use an ISP's
DNS address on any client or DC. Configure a forwarder for efficient
Internet resolution.

As for the IP addresses subnets, I would suggest to use something else other
than 192.168.0.0/24 or 192.168.1.0/24. The reason why is many folks who've
purchased a Linksys, DLink, etc, Cable/DSL router have those addresses in
use. If a use attempts to VPN in from their home, and the IP subnets are
identical, things will just not work.

I hope that helps.

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 

ws

Distinguished
Apr 9, 2004
25
0
18,530
Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eBZtnhNvFHA.2348@TK2MSFTNGP15.phx.gbl...
> In news:%23eMxxwMvFHA.2132@TK2MSFTNGP15.phx.gbl,
> WS <me@myplace.com> made this post, which I then commented about below:
>> Hi Everyone,
>>
>> We have a single AD domain spanning multiple sites, each of which
>> uses a separate subnet (192.168.0.0/24 and 192.168.1.0/24).
>>
>> For the DNS setup, we have a single company.local AD-Integrated
>> forward lookup zone that contains host records for both the
>> 192.168.0.0/24 and 192.168.1.0/24 subnets listed above. For reverse
>> lookup, we have two reverse AD-Integrated zones for each subnet.
>>
>> Is this the correct setup for the scenario?
>>
>> Thanks :eek:)
>
> Sounds like it. Even if you have two locations, as you've pointed out, you
> only have one domain, hence why the company.local zone has records for
> both locations. The zone is based on AD's DNS Domain name.
>
> I would suggest to have two DC/DNS servers at each location. Have the
> users in their respective locations point to the DNS server in that
> location first, and the other DNS as their second entry. Reminder not to
> use an ISP's DNS address on any client or DC. Configure a forwarder for
> efficient Internet resolution.
>
> As for the IP addresses subnets, I would suggest to use something else
> other than 192.168.0.0/24 or 192.168.1.0/24. The reason why is many folks
> who've purchased a Linksys, DLink, etc, Cable/DSL router have those
> addresses in use. If a use attempts to VPN in from their home, and the IP
> subnets are identical, things will just not work.
>
> I hope that helps.
>
> --
> Regards,
> Ace
>
> If this post is viewed at a non-Microsoft community website, and you were
> to respond to it through that community's website, I may not see your
> reply. Therefore, please direct all replies ONLY to the Microsoft public
> newsgroup this thread originated in so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.

Some very good points in there, thanks ACE.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:ufERLvWvFHA.1168@TK2MSFTNGP10.phx.gbl,
WS <me@myplace.com> made this post, which I then commented about below:
> Some very good points in there, thanks ACE.

You are welcome.

One thing. I mentioned two DC/DNS servers at each location. I actually meant
to have one at each location, but depending on the number of users, it may
warrant two.

Ace