Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Best Setup For DNS Between 3 Domains

1 view
Skip to first unread message

Andrew Hayes

unread,
Jun 20, 2006, 9:51:38 PM6/20/06
to
Hi All,

I have three W2K3 domains on seperate subnets... master.mycompany.com
(192.168.0.x), resource1.mycompany.com (192.168.1.x), and
resource2.mycompany.com (192.168.2.x). There are two domain controllers with
DHCP and AD-Integrated DNS for each domain, while the DC's in master also
have WINS installed.

The reason for this was that it wasn't possible for users in master to
access resources in resource1 and resource2 using names as the master DNS
didn't have any records for those systems, so I had all systems point to the
WINS servers in master, and enabled WINS lookup for DNS name resolution.

I think though that what I really need is to setup the DNS properly.

Two ways that I can see are to remove the DNS from the two resource domains
and point their systems at the DNS in master, or to configure the DNS
servers in the resource domains to be secondary zones, getting their
contents from the primary zones in master. Essentially, the master DNS holds
all the records for all three domains, but that could make it complicated
and slow.

Is there another way I should do this? Any suggestions?


Kevin D. Goodknecht Sr. [MVP]

unread,
Jun 21, 2006, 8:31:14 AM6/21/06
to

Are these three domains within the same forest?

If they are, you can configure the zones to replicate to all DNS servers in
the forest, and not have to remove DNS from the other DCs. If they are not
in the same forest you can use stub zones or secondary zones for DNS
resolution.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


HbooGz

unread,
Jun 21, 2006, 4:45:47 PM6/21/06
to
How would you handle internet access ? setup forwardes one the primary
dns server and have all other dns servers forward here ?

or setup forwarders to the isp dns on each of the dns servers at each
of the sites ?

Andrew Hayes

unread,
Jun 21, 2006, 9:25:57 PM6/21/06
to
> Are these three domains within the same forest?

OK. You asked a question that I'm not 100% sure of the answer. All 3 domains
were created independently, so even though they share the same
".mycompany.com" I don't believe there is any communication between the
active directories. Maybe I need to fix this first?

>
> If they are, you can configure the zones to replicate to all DNS servers
> in
> the forest, and not have to remove DNS from the other DCs. If they are not
> in the same forest you can use stub zones or secondary zones for DNS
> resolution.

So it might be that my ideas are appropriate, but that all depends on AD.
Hmm. We're intending to add an Exchange 2003 server in the near future, and
I've read that AD has to be very stable before you try anything like that,
else the adprep processes cause all sorts of problems.


Kevin D. Goodknecht Sr. [MVP]

unread,
Jun 21, 2006, 9:56:06 PM6/21/06
to

If you are planning on adding exchange you need to verify whether these are
in the same forest or not, I don't believe Exchange supports cross forest
topology. You'll need to ask someone more in tune with Exchange for this
answer.

Andrew Hayes

unread,
Jun 22, 2006, 9:16:15 PM6/22/06
to
Exhange is only needed in the master domain. The resource domains only
contain servers that do not require email.

As it is, everything seems to be OK so far. The forestprep and domainprep
steps for preparing the AD for adding an exchange server completed
successfully with no errors. There are no errors in the event logs for any
of the master DC's.

The only problem we have is with developers who also need to access the
resource domains. Their computer accounts are in the master domain and they
pick up the DHCP settings from the master domain, which points to the DNS
servers in the master domain.

If they try to access a server in one of the resource domains using the
server name they get the usual "Could not find host xyz". This was why I
setup WINS, where all the systems (including those from the resource
domains) are configured to use the WINS servers in the master domain. And I
set the DNS servers to use WINS for names not in the DNS.

But what I would like to do is drop WINS entirely, once the Exchange 5.5 to
2003 migration is done, but that would mean pointing the developers at the
DNS servers for the resource domains as well, and since I need to keep
redundancy, I would have to add 6 DNS servers to their TCP/IP settings.

Is there a better way?


Kevin D. Goodknecht Sr. [MVP]

unread,
Jun 22, 2006, 11:00:23 PM6/22/06
to

You can use the master domain for DNS, apparently there is a trust set up
between these domains, for all I know so far these domains may all be in the
same forest in different domain trees. That why I asked, if they were in the
same forest, because you can replicate the zone across the forest and all DC
would get the zones.

If they are in different forests, you can easily create secondary zones or
Stub zones.

As for getting of WINS, it is unlikely you can do that because these domains
are on different subnets. Different subnets means you need WINS to populate
the different subnets in Network Places.

0 new messages