Never posted online before, but saw alot of good help coming out of this forum so figured I'd give it a shot.
Here is my situation:
Our parent organization (HQ.company.com) using Win2k3 AD/DNS has a smaller organization within it that requires their own sub-domain (org.hq.company.com). The smaller organization is protected by a firewall (no NATing) and utilizes a split DNS configuration, with Win2K DNS/DC’s on the inside, and an Adonis DNS appliance on the outside in a DMZ that is the SOA for the org.hq.company.com domain. All internal queries are handled by the Win2K DC’s of course, and any other queries are forwarded thru the firewall to the external DNS appliance. Assuming we have the org.hq.company.com sub-domain delegated correctly from the parent hq.company.com DNS server, we are running into issues with creating a domain trust (one way, external, non transitive) to access resources in the hq.company.com domain from the sub-domain org.hq.company.com. Prior to the external DNS Adonis appliance being implemented, we had this functioning as the DC's between the two domains could communicate, implying that we had our firewall rules configured correctly. I assume we are missing something on the external DNS appliances in the way of SRV records, or in the way the HQ DNS is delegating the domain, or ….. My question is what records (SRV) or configurations are required on the org’s external DNS appliance to enable the domain trust traffic to pass/resolve and function correctly?
And while I’m at it, what is the “correct” way to actually set up the delegation from the HQ side? I believe in the past they have had a stub zone for org.hq.company.com, and Forgive me if I’ve mis-stated any terms, or confused any issues, as this is a learning experience for us all here as we inherit this architecture. And thank you for any help.
|
Similar Threads
Linear Mode
