Discussion in 'DNS Server' started by Tony, Oct 21, 2004.

  1. Tony

    Tony Guest

    I have just installed a new domain to a new tree in
    active directory. The new domain is PH.net and the
    existing one is HF.net. These are in different sites.
    Both are running DNS and are authorative for their
    domain. Both are AD integrated zones. Replication is
    currently not working and i want to have so that clients
    can resolve all names between both domains regardless
    where they are at.

    What do i need to be able to do this? I thought by using
    an AD integrated zone it would aoutmatically replicate to
    all DNS servers?

    Tony, Oct 21, 2004
  2. Tony

    Herb Martin Guest

    So each DNS server set must have a way to resolve the
    OTHER domain DNS server set.
    Not directly relevant.
    All DNS servers for a zone are authoritative for that zone
    (secondary, Primary, AD-integrated are all authoritative.)
    Yes, you need to arrange for cross resolution through one
    of several methods; I will describe below the one you
    intended to enable...
    Not across domains but this can be enabled in Win2003
    (All DNS servers in Forest) but FIRST you must get AD
    replication to work.

    Since AD replication is based on DNS, you cannot depend
    on it UNTIL you first get DNS to replicate (completely)
    and then get AD to replicate fully in the Forest.

    After that, the settings to replicate to all DNS servers in
    the FOREST will work.

    Do this:

    1) Add the "other domain" as a secondary on each current
    DC-DNS server and specify the "other DNS" server as
    the Master.

    2) Do this for the "other Domain" back to the first domain/zone.
    (Cross secondaries on each separate set of DNS servers so that
    each holds BOTH zones.)

    3) Ensure that the secondary from each zone does a zone transfer
    and gets the records.

    4) Make sure AD replicates fully (wait for, or force, replication)
    [and you can check with DCDiag or one of the ReplAdm tools.]

    5) Now (both DNS are working and AD is replicating) you can
    change each of the secondaries to AD-integrated and ensure that
    the settings for each zone are set to replicate to all such DNS-DCs
    throughout the FOREST.
    Herb Martin, Oct 21, 2004
  3. Tony

    Tony Guest

    Thank you very much for your response!

    Will this work for Windows 2000 as well? I had forgotten to include that in
    the original message.



    Tony, Oct 26, 2004
  4. Tony

    Herb Martin Guest

    I don't think there was anything in my original response
    that wouldn't work (give or take) in Win2000.

    Win2003 adds some new DNS features but there are
    generally workarounds for their lack in Win2000.

    New (functionality) features include:

    1) Conditional Forwarding (can be faked with 'cross secondaries'')
    2) Stub zones (another way to deal with #1)
    3) More replication choices for AD-integration (only AD-DNS in
    same domain or entire forest, application partitions etc.)
    4) more logging
    5) ???

    Herb Martin

    Herb Martin, Nov 4, 2004
