Simple Windows Server DNS question. "fern" <nomail[ at ]44332343nomail.com> 6/28/2007 2:26:46 PM Scenario... I have a windows DNS server "A" in a windows AD environment. I have non windows DNS server "B" in a remote location. Other then able to communicate on the WAN both servers have no relationship/trust. Both DNS servers need to add each other as forwarders for DNS queries. So I believe I need to grant/add "B" servers access to "A" somehow to allow resolutions. So to my knowledge I probably have to add "B"'s IP to "A" in order to accept DNS queries from "B" To my knowledge I need this for the "A" windows DNS server will not repsond to systems not part of the domain.

Re: Simple Windows Server DNS question. "Herb Martin" <news[ at ]learnquick.com> 6/28/2007 2:39:55 PM "fern" <nomail[ at ]44332343nomail.com> wrote in message news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > Scenario... > > I have a windows DNS server "A" in a windows AD environment. > I have non windows DNS server "B" in a remote location. > Other then able to communicate on the WAN both servers have no > relationship/trust. > Both DNS servers need to add each other as forwarders for DNS queries. You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. You can conditionally forward a Windows 2003 (not 2000) to another DNS server for some specific DNS zone (tree). Chances are if NEITHER of these is otherwise related to each other then you don't want them to generally forward to each other anyway, and each will be using their respective ISP (or some other Internet DNS Server) to resolve Internet DNS names. A non-Windows DNS server MIGHT support (the equivalent of) Conditional Forwarding but you will have to check your non-Windows server for that. If not, then you MAY let the other server hold a "Secondary" copy of your zones so they can resolve your specific zone DNS names. > So I believe I need to grant/add "B" servers access to "A" somehow to > allow resolutions. Not for Conditional Forwarding no "grant" is required. For a Secondary you must enable this in the source (master) DNS Server. (There is a tab labeled "Zone Transfers" on EACH DNS Zone property sheet for the Windows DNS server.) > So to my knowledge I probably have to add "B"'s IP to "A" in order to > accept DNS queries from "B" > > To my knowledge I need this for the "A" windows DNS server will not > repsond to systems not part of the domain. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: Simple Windows Server DNS question. "fern" <nomail[ at ]44332343nomail.com> 6/28/2007 3:21:48 PM "Herb Martin" <news[ at ]learnquick.com> wrote in message news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > > "fern" <nomail[ at ]44332343nomail.com> wrote in message > news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >> Scenario... >> >> I have a windows DNS server "A" in a windows AD environment. >> I have non windows DNS server "B" in a remote location. >> Other then able to communicate on the WAN both servers have no >> relationship/trust. > > >> Both DNS servers need to add each other as forwarders for DNS queries. > > You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. > > You can conditionally forward a Windows 2003 (not 2000) to another > DNS server for some specific DNS zone (tree). > > Chances are if NEITHER of these is otherwise related to each other then > you don't want them to generally forward to each other anyway, and each > will be using their respective ISP (or some other Internet DNS Server) to > resolve Internet DNS names. > Alright Im glad to see you know your stuff and Ill explain myself a little more clearly. Both networks "A" and "B" have Intranets. In order for both networks to properly browswe each others Intranets I believed the solution is to just forward DNS resolutions to each other in order to have their local urls resolved properly. Knowing this, how would you recomend this be done. I do know network "A" is a microsoft domain, and I believe "B" is not. Adding standard secondary zones? I appreciate the help .. > A non-Windows DNS server MIGHT support (the equivalent of) Conditional > Forwarding but you will have to check your non-Windows server for that. > > If not, then you MAY let the other server hold a "Secondary" copy of your > zones so they can resolve your specific zone DNS names. > >> So I believe I need to grant/add "B" servers access to "A" somehow to >> allow resolutions. > > Not for Conditional Forwarding no "grant" is required. > > For a Secondary you must enable this in the source (master) DNS Server. > (There is a tab labeled "Zone Transfers" on EACH DNS Zone property > sheet for the Windows DNS server.) > > >> So to my knowledge I probably have to add "B"'s IP to "A" in order to >> accept DNS queries from "B" >> >> To my knowledge I need this for the "A" windows DNS server will not >> repsond to systems not part of the domain. > > > -- > Herb Martin, MCSE, MVP > http://www.LearnQuick.Com > (phone on web site) >

Re: Simple Windows Server DNS question. "Werner Penz" <Werner-P[ at ]news.postalias> 6/28/2007 4:02:18 PM Network A has a DNS-Server: DNS-A with a Primary Forward-Zone: INTRANET-A.DOM Network B has a DNS-Server: DNS-B with a Primary Forward-Zone: INTRANET-B.DOM So that both Networks can be resolved by all Clients, one Solution is to make: on DNS-A a secondary Zone from INTRANET-B.DOM where the Master is DNS-B and on DNS-B a secondary Zone from INTRANET-B.DOM where the master is DNS-A you just have to make shure, that the Zone-transfer works between both DNS-Servers. This is best done by adding each DNS-Server in each ZONE and ALLOW ZONETRANSFER to all DNS-Servers in ZONE sorry about my English, good look Werner "fern" <nomail[ at ]44332343nomail.com> schrieb im Newsbeitrag news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > "Herb Martin" <news[ at ]learnquick.com> wrote in message > news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >> >> "fern" <nomail[ at ]44332343nomail.com> wrote in message >> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>> Scenario... >>> >>> I have a windows DNS server "A" in a windows AD environment. >>> I have non windows DNS server "B" in a remote location. >>> Other then able to communicate on the WAN both servers have no >>> relationship/trust. >> >> >>> Both DNS servers need to add each other as forwarders for DNS queries. >> >> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >> >> You can conditionally forward a Windows 2003 (not 2000) to another >> DNS server for some specific DNS zone (tree). >> >> Chances are if NEITHER of these is otherwise related to each other then >> you don't want them to generally forward to each other anyway, and each >> will be using their respective ISP (or some other Internet DNS Server) to >> resolve Internet DNS names. >> > Alright Im glad to see you know your stuff and Ill explain myself a little > more clearly. Both networks "A" and "B" have Intranets. In order for > both networks to properly browswe each others Intranets I believed the > solution is to just forward DNS resolutions to each other in order to have > their local urls resolved properly. > > Knowing this, how would you recomend this be done. I do know network "A" > is a microsoft domain, and I believe "B" is not. > > Adding standard secondary zones? > > I appreciate the help .. > > > >> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >> Forwarding but you will have to check your non-Windows server for that. >> >> If not, then you MAY let the other server hold a "Secondary" copy of your >> zones so they can resolve your specific zone DNS names. >> >>> So I believe I need to grant/add "B" servers access to "A" somehow to >>> allow resolutions. >> >> Not for Conditional Forwarding no "grant" is required. >> >> For a Secondary you must enable this in the source (master) DNS Server. >> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >> sheet for the Windows DNS server.) >> >> >>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>> accept DNS queries from "B" >>> >>> To my knowledge I need this for the "A" windows DNS server will not >>> repsond to systems not part of the domain. >> >> >> -- >> Herb Martin, MCSE, MVP >> http://www.LearnQuick.Com >> (phone on web site) >> > >

Re: Simple Windows Server DNS question. "Werner Penz" <Werner-P[ at ]news.postalias> 6/28/2007 4:06:25 PM soory... it must read: on DNS-A a secondary Zone from INTRANET-B.DOM where the Master is DNS-B and on DNS-B a secondary Zone from INTRANET-A.DOM where the master is DNS-A "Werner Penz" <Werner-P[ at ]news.postalias> schrieb im Newsbeitrag news:uUJZd2ZuHHA.4512[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > Network A has a DNS-Server: DNS-A with a Primary Forward-Zone: > INTRANET-A.DOM > Network B has a DNS-Server: DNS-B with a Primary Forward-Zone: > INTRANET-B.DOM > > So that both Networks can be resolved by all Clients, one Solution is to > make: > > on DNS-A a secondary Zone from INTRANET-B.DOM where the Master is DNS-B > and > on DNS-B a secondary Zone from INTRANET-B.DOM where the master is DNS-A > > you just have to make shure, that the Zone-transfer works between both > DNS-Servers. > This is best done by adding each DNS-Server in each ZONE and ALLOW > ZONETRANSFER to all DNS-Servers in ZONE > > sorry about my English, good look > Werner > > > > > "fern" <nomail[ at ]44332343nomail.com> schrieb im Newsbeitrag > news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... >> "Herb Martin" <news[ at ]learnquick.com> wrote in message >> news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >>> >>> "fern" <nomail[ at ]44332343nomail.com> wrote in message >>> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>>> Scenario... >>>> >>>> I have a windows DNS server "A" in a windows AD environment. >>>> I have non windows DNS server "B" in a remote location. >>>> Other then able to communicate on the WAN both servers have no >>>> relationship/trust. >>> >>> >>>> Both DNS servers need to add each other as forwarders for DNS queries. >>> >>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >>> >>> You can conditionally forward a Windows 2003 (not 2000) to another >>> DNS server for some specific DNS zone (tree). >>> >>> Chances are if NEITHER of these is otherwise related to each other then >>> you don't want them to generally forward to each other anyway, and each >>> will be using their respective ISP (or some other Internet DNS Server) >>> to >>> resolve Internet DNS names. >>> >> Alright Im glad to see you know your stuff and Ill explain myself a >> little more clearly. Both networks "A" and "B" have Intranets. In order >> for both networks to properly browswe each others Intranets I believed >> the solution is to just forward DNS resolutions to each other in order to >> have their local urls resolved properly. >> >> Knowing this, how would you recomend this be done. I do know network "A" >> is a microsoft domain, and I believe "B" is not. >> >> Adding standard secondary zones? >> >> I appreciate the help .. >> >> >> >>> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >>> Forwarding but you will have to check your non-Windows server for that. >>> >>> If not, then you MAY let the other server hold a "Secondary" copy of >>> your >>> zones so they can resolve your specific zone DNS names. >>> >>>> So I believe I need to grant/add "B" servers access to "A" somehow to >>>> allow resolutions. >>> >>> Not for Conditional Forwarding no "grant" is required. >>> >>> For a Secondary you must enable this in the source (master) DNS Server. >>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>> sheet for the Windows DNS server.) >>> >>> >>>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>>> accept DNS queries from "B" >>>> >>>> To my knowledge I need this for the "A" windows DNS server will not >>>> repsond to systems not part of the domain. >>> >>> >>> -- >>> Herb Martin, MCSE, MVP >>> http://www.LearnQuick.Com >>> (phone on web site) >>> >> >> > > >

Re: Simple Windows Server DNS question. "Herb Martin" <news[ at ]learnquick.com> 6/28/2007 4:15:18 PM "fern" <nomail[ at ]44332343nomail.com> wrote in message news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > "Herb Martin" <news[ at ]learnquick.com> wrote in message > news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >> >> "fern" <nomail[ at ]44332343nomail.com> wrote in message >> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>> Scenario... >>> >>> I have a windows DNS server "A" in a windows AD environment. >>> I have non windows DNS server "B" in a remote location. >>> Other then able to communicate on the WAN both servers have no >>> relationship/trust. >> >> >>> Both DNS servers need to add each other as forwarders for DNS queries. >> >> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >> >> You can conditionally forward a Windows 2003 (not 2000) to another >> DNS server for some specific DNS zone (tree). >> >> Chances are if NEITHER of these is otherwise related to each other then >> you don't want them to generally forward to each other anyway, and each >> will be using their respective ISP (or some other Internet DNS Server) to >> resolve Internet DNS names. > Alright Im glad to see you know your stuff and Ill explain myself a little > more clearly. Both networks "A" and "B" have Intranets. In order for > both networks to properly browswe each others Intranets I believed the > solution is to just forward DNS resolutions to each other in order to have > their local urls resolved properly. Browsing is a NetBIOS application -- for browsing to work across multiple subnets you need (replicated) WINS Servers, and for every machine (especially DCs and other servers) to be WINS Clients. > Knowing this, how would you recomend this be done. I do know network "A" > is a microsoft domain, and I believe "B" is not. For DNS resolution or PRIVATE DNS names (not available on the Internet) you need to use Conditional Forward A->B for B.zones, and B->A for A.zones OR if Conditional Forwarding is NOT available then B much hold a secondary for A zones and vice versa. You might use Conditition Forwarding in one direction and Secondary for the other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 does NOT, and other DNS servers will depend on their feature set. > Adding standard secondary zones? That will ALWAYS work for DNS resolution -- but browsing is NOT a DNS application. You need NetBIOS for Browsing, and that means a practical need for REPLICATED WINS Servers when you have more than one subnet. > I appreciate the help .. > > > >> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >> Forwarding but you will have to check your non-Windows server for that. >> >> If not, then you MAY let the other server hold a "Secondary" copy of your >> zones so they can resolve your specific zone DNS names. >> >>> So I believe I need to grant/add "B" servers access to "A" somehow to >>> allow resolutions. >> >> Not for Conditional Forwarding no "grant" is required. >> >> For a Secondary you must enable this in the source (master) DNS Server. >> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >> sheet for the Windows DNS server.) >> >> >>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>> accept DNS queries from "B" >>> >>> To my knowledge I need this for the "A" windows DNS server will not >>> repsond to systems not part of the domain. >> >> >> -- >> Herb Martin, MCSE, MVP >> http://www.LearnQuick.Com >> (phone on web site) >> >

Re: Simple Windows Server DNS question. "fern" <nomail[ at ]44332343nomail.com> 6/28/2007 4:29:52 PM "Herb Martin" <news[ at ]learnquick.com> wrote in message news:%23R9PG%23ZuHHA.1188[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > > "fern" <nomail[ at ]44332343nomail.com> wrote in message > news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... >> "Herb Martin" <news[ at ]learnquick.com> wrote in message >> news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >>> >>> "fern" <nomail[ at ]44332343nomail.com> wrote in message >>> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>>> Scenario... >>>> >>>> I have a windows DNS server "A" in a windows AD environment. >>>> I have non windows DNS server "B" in a remote location. >>>> Other then able to communicate on the WAN both servers have no >>>> relationship/trust. >>> >>> >>>> Both DNS servers need to add each other as forwarders for DNS queries. >>> >>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >>> >>> You can conditionally forward a Windows 2003 (not 2000) to another >>> DNS server for some specific DNS zone (tree). >>> >>> Chances are if NEITHER of these is otherwise related to each other then >>> you don't want them to generally forward to each other anyway, and each >>> will be using their respective ISP (or some other Internet DNS Server) >>> to >>> resolve Internet DNS names. > >> Alright Im glad to see you know your stuff and Ill explain myself a >> little more clearly. Both networks "A" and "B" have Intranets. In order >> for both networks to properly browswe each others Intranets I believed >> the solution is to just forward DNS resolutions to each other in order to >> have their local urls resolved properly. Sorry browsing was a poor choice of words... surfing! > > Browsing is a NetBIOS application -- for browsing to work across multiple > subnets you need (replicated) WINS Servers, and for every machine > (especially > DCs and other servers) to be WINS Clients. > >> Knowing this, how would you recomend this be done. I do know network "A" >> is a microsoft domain, and I believe "B" is not. > > For DNS resolution or PRIVATE DNS names (not available on the Internet) > you need to use Conditional Forward A->B for B.zones, and B->A for A.zones > OR if Conditional Forwarding is NOT available then B much hold a > secondary > for A zones and vice versa. > > You might use Conditition Forwarding in one direction and Secondary for > the > other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 > does NOT, and other DNS servers will depend on their feature set. > >> Adding standard secondary zones? > > That will ALWAYS work for DNS resolution -- but browsing is NOT a > DNS application. > > You need NetBIOS for Browsing, and that means a practical need for > REPLICATED WINS Servers when you have more than one subnet. > >> I appreciate the help .. >> >> >> >>> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >>> Forwarding but you will have to check your non-Windows server for that. >>> >>> If not, then you MAY let the other server hold a "Secondary" copy of >>> your >>> zones so they can resolve your specific zone DNS names. >>> >>>> So I believe I need to grant/add "B" servers access to "A" somehow to >>>> allow resolutions. >>> >>> Not for Conditional Forwarding no "grant" is required. >>> >>> For a Secondary you must enable this in the source (master) DNS Server. >>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>> sheet for the Windows DNS server.) >>> >>> >>>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>>> accept DNS queries from "B" >>>> >>>> To my knowledge I need this for the "A" windows DNS server will not >>>> repsond to systems not part of the domain. >>> >>> >>> -- >>> Herb Martin, MCSE, MVP >>> http://www.LearnQuick.Com >>> (phone on web site) >>> >> > >

Re: Simple Windows Server DNS question. "Herb Martin" <news[ at ]learnquick.com> 6/29/2007 3:07:34 AM "fern" <nomail[ at ]44332343nomail.com> wrote in message news:OtXmGGauHHA.1164[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > > "Herb Martin" <news[ at ]learnquick.com> wrote in message > news:%23R9PG%23ZuHHA.1188[ at ]TK2MSFTNGP04.phx.gbl... >> >> "fern" <nomail[ at ]44332343nomail.com> wrote in message >> news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... >>> "Herb Martin" <news[ at ]learnquick.com> wrote in message >>> news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >>>> >>>> "fern" <nomail[ at ]44332343nomail.com> wrote in message >>>> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>>>> Scenario... >>>>> >>>>> I have a windows DNS server "A" in a windows AD environment. >>>>> I have non windows DNS server "B" in a remote location. >>>>> Other then able to communicate on the WAN both servers have no >>>>> relationship/trust. >>>> >>>> >>>>> Both DNS servers need to add each other as forwarders for DNS queries. >>>> >>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >>>> >>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>> DNS server for some specific DNS zone (tree). >>>> >>>> Chances are if NEITHER of these is otherwise related to each other then >>>> you don't want them to generally forward to each other anyway, and each >>>> will be using their respective ISP (or some other Internet DNS Server) >>>> to >>>> resolve Internet DNS names. >> >>> Alright Im glad to see you know your stuff and Ill explain myself a >>> little more clearly. Both networks "A" and "B" have Intranets. In >>> order for both networks to properly browswe each others Intranets I >>> believed the solution is to just forward DNS resolutions to each other >>> in order to have their local urls resolved properly. > > Sorry browsing was a poor choice of words... surfing! No problem that is why I gave both answers anyway. >> Browsing is a NetBIOS application -- for browsing to work across multiple >> subnets you need (replicated) WINS Servers, and for every machine >> (especially >> DCs and other servers) to be WINS Clients. >> >>> Knowing this, how would you recomend this be done. I do know network >>> "A" is a microsoft domain, and I believe "B" is not. >> >> For DNS resolution or PRIVATE DNS names (not available on the Internet) >> you need to use Conditional Forward A->B for B.zones, and B->A for >> A.zones >> OR if Conditional Forwarding is NOT available then B much hold a >> secondary >> for A zones and vice versa. >> >> You might use Conditition Forwarding in one direction and Secondary for >> the >> other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 >> does NOT, and other DNS servers will depend on their feature set. >> >>> Adding standard secondary zones? >> >> That will ALWAYS work for DNS resolution -- but browsing is NOT a >> DNS application. >> >> You need NetBIOS for Browsing, and that means a practical need for >> REPLICATED WINS Servers when you have more than one subnet. >> >>> I appreciate the help .. >>> >>> >>> >>>> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >>>> Forwarding but you will have to check your non-Windows server for that. >>>> >>>> If not, then you MAY let the other server hold a "Secondary" copy of >>>> your >>>> zones so they can resolve your specific zone DNS names. >>>> >>>>> So I believe I need to grant/add "B" servers access to "A" somehow to >>>>> allow resolutions. >>>> >>>> Not for Conditional Forwarding no "grant" is required. >>>> >>>> For a Secondary you must enable this in the source (master) DNS Server. >>>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>>> sheet for the Windows DNS server.) >>>> >>>> >>>>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>>>> accept DNS queries from "B" >>>>> >>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>> repsond to systems not part of the domain. >>>> >>>> >>>> -- >>>> Herb Martin, MCSE, MVP >>>> http://www.LearnQuick.Com >>>> (phone on web site) >>>> >>> >> >> >

Re: Simple Windows Server DNS question. "fern" <nomail[ at ]44332343nomail.com> 6/29/2007 1:14:36 PM "Herb Martin" <news[ at ]learnquick.com> wrote in message news:uWFZlqfuHHA.3388[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > > "fern" <nomail[ at ]44332343nomail.com> wrote in message > news:OtXmGGauHHA.1164[ at ]TK2MSFTNGP02.phx.gbl... >> >> "Herb Martin" <news[ at ]learnquick.com> wrote in message >> news:%23R9PG%23ZuHHA.1188[ at ]TK2MSFTNGP04.phx.gbl... >>> >>> "fern" <nomail[ at ]44332343nomail.com> wrote in message >>> news:%23xfBEgZuHHA.1168[ at ]TK2MSFTNGP02.phx.gbl... >>>> "Herb Martin" <news[ at ]learnquick.com> wrote in message >>>> news:%23Q0GzIZuHHA.3400[ at ]TK2MSFTNGP03.phx.gbl... >>>>> >>>>> "fern" <nomail[ at ]44332343nomail.com> wrote in message >>>>> news:%23fXIUBZuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>>>>> Scenario... >>>>>> >>>>>> I have a windows DNS server "A" in a windows AD environment. >>>>>> I have non windows DNS server "B" in a remote location. >>>>>> Other then able to communicate on the WAN both servers have no >>>>>> relationship/trust. >>>>> >>>>> >>>>>> Both DNS servers need to add each other as forwarders for DNS >>>>>> queries. >>>>> >>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. So in conclusion I guess we all agree that adding each other as forwarders is not a proper solution and highly not recommended. I should setup new zones on both networks and have them be able to transfer to each other. Agreed? >>>>> >>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>> DNS server for some specific DNS zone (tree). >>>>> >>>>> Chances are if NEITHER of these is otherwise related to each other >>>>> then >>>>> you don't want them to generally forward to each other anyway, and >>>>> each >>>>> will be using their respective ISP (or some other Internet DNS Server) >>>>> to >>>>> resolve Internet DNS names. >>> >>>> Alright Im glad to see you know your stuff and Ill explain myself a >>>> little more clearly. Both networks "A" and "B" have Intranets. In >>>> order for both networks to properly browswe each others Intranets I >>>> believed the solution is to just forward DNS resolutions to each other >>>> in order to have their local urls resolved properly. >> >> Sorry browsing was a poor choice of words... surfing! > > No problem that is why I gave both answers anyway. > > >>> Browsing is a NetBIOS application -- for browsing to work across >>> multiple >>> subnets you need (replicated) WINS Servers, and for every machine >>> (especially >>> DCs and other servers) to be WINS Clients. >>> >>>> Knowing this, how would you recomend this be done. I do know network >>>> "A" is a microsoft domain, and I believe "B" is not. >>> >>> For DNS resolution or PRIVATE DNS names (not available on the Internet) >>> you need to use Conditional Forward A->B for B.zones, and B->A for >>> A.zones >>> OR if Conditional Forwarding is NOT available then B much hold a >>> secondary >>> for A zones and vice versa. >>> >>> You might use Conditition Forwarding in one direction and Secondary for >>> the >>> other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 >>> does NOT, and other DNS servers will depend on their feature set. >>> >>>> Adding standard secondary zones? >>> >>> That will ALWAYS work for DNS resolution -- but browsing is NOT a >>> DNS application. >>> >>> You need NetBIOS for Browsing, and that means a practical need for >>> REPLICATED WINS Servers when you have more than one subnet. >>> >>>> I appreciate the help .. >>>> >>>> >>>> >>>>> A non-Windows DNS server MIGHT support (the equivalent of) Conditional >>>>> Forwarding but you will have to check your non-Windows server for >>>>> that. >>>>> >>>>> If not, then you MAY let the other server hold a "Secondary" copy of >>>>> your >>>>> zones so they can resolve your specific zone DNS names. >>>>> >>>>>> So I believe I need to grant/add "B" servers access to "A" somehow to >>>>>> allow resolutions. >>>>> >>>>> Not for Conditional Forwarding no "grant" is required. >>>>> >>>>> For a Secondary you must enable this in the source (master) DNS >>>>> Server. >>>>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>>>> sheet for the Windows DNS server.) >>>>> >>>>> >>>>>> So to my knowledge I probably have to add "B"'s IP to "A" in order to >>>>>> accept DNS queries from "B" >>>>>> >>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>> repsond to systems not part of the domain. >>>>> >>>>> >>>>> -- >>>>> Herb Martin, MCSE, MVP >>>>> http://www.LearnQuick.Com >>>>> (phone on web site) >>>>> >>>> >>> >>> >> > >

Re: Simple Windows Server DNS question. "Herb Martin" <news[ at ]learnquick.com> 6/29/2007 1:55:40 PM "fern" <nomail[ at ]44332343nomail.com> wrote in message news:%23IESo9kuHHA.2360[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > "Herb Martin" <news[ at ]learnquick.com> wrote in message > news:uWFZlqfuHHA.3388[ at ]TK2MSFTNGP04.phx.gbl... >>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. > > So in conclusion I guess we all agree that adding each other as forwarders > is not a proper solution and highly not recommended. I hope we all agree because not only is it "not recommended" it will typically crash BOTH DNS Services. You have created and INFITE LOOP for anything that cannot be resolve on at at least one of the servers A->B->A->B-A->............................................... > I should setup new zones on both networks and have them be able to > transfer to each other. That always works even with older DNS servers. > Agreed? Or you can CONDITIONALLY forward for specific zones from either or both of them IF the DNS Server in question (e.g., Win2003) supports this. Expect older DNS servers to NOT support this -- check newer ones for the feature. >>>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>>> DNS server for some specific DNS zone (tree). >>>>>> >>>>>> Chances are if NEITHER of these is otherwise related to each other >>>>>> then >>>>>> you don't want them to generally forward to each other anyway, and >>>>>> each >>>>>> will be using their respective ISP (or some other Internet DNS >>>>>> Server) to >>>>>> resolve Internet DNS names. >>>> >>>>> Alright Im glad to see you know your stuff and Ill explain myself a >>>>> little more clearly. Both networks "A" and "B" have Intranets. In >>>>> order for both networks to properly browswe each others Intranets I >>>>> believed the solution is to just forward DNS resolutions to each other >>>>> in order to have their local urls resolved properly. >>> >>> Sorry browsing was a poor choice of words... surfing! >> >> No problem that is why I gave both answers anyway. >> >> >>>> Browsing is a NetBIOS application -- for browsing to work across >>>> multiple >>>> subnets you need (replicated) WINS Servers, and for every machine >>>> (especially >>>> DCs and other servers) to be WINS Clients. >>>> >>>>> Knowing this, how would you recomend this be done. I do know network >>>>> "A" is a microsoft domain, and I believe "B" is not. >>>> >>>> For DNS resolution or PRIVATE DNS names (not available on the Internet) >>>> you need to use Conditional Forward A->B for B.zones, and B->A for >>>> A.zones >>>> OR if Conditional Forwarding is NOT available then B much hold a >>>> secondary >>>> for A zones and vice versa. >>>> >>>> You might use Conditition Forwarding in one direction and Secondary for >>>> the >>>> other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 >>>> does NOT, and other DNS servers will depend on their feature set. >>>> >>>>> Adding standard secondary zones? >>>> >>>> That will ALWAYS work for DNS resolution -- but browsing is NOT a >>>> DNS application. >>>> >>>> You need NetBIOS for Browsing, and that means a practical need for >>>> REPLICATED WINS Servers when you have more than one subnet. >>>> >>>>> I appreciate the help .. >>>>> >>>>> >>>>> >>>>>> A non-Windows DNS server MIGHT support (the equivalent of) >>>>>> Conditional >>>>>> Forwarding but you will have to check your non-Windows server for >>>>>> that. >>>>>> >>>>>> If not, then you MAY let the other server hold a "Secondary" copy of >>>>>> your >>>>>> zones so they can resolve your specific zone DNS names. >>>>>> >>>>>>> So I believe I need to grant/add "B" servers access to "A" somehow >>>>>>> to allow resolutions. >>>>>> >>>>>> Not for Conditional Forwarding no "grant" is required. >>>>>> >>>>>> For a Secondary you must enable this in the source (master) DNS >>>>>> Server. >>>>>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>>>>> sheet for the Windows DNS server.) >>>>>> >>>>>> >>>>>>> So to my knowledge I probably have to add "B"'s IP to "A" in order >>>>>>> to accept DNS queries from "B" >>>>>>> >>>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>>> repsond to systems not part of the domain. >>>>>> >>>>>> >>>>>> -- >>>>>> Herb Martin, MCSE, MVP >>>>>> http://www.LearnQuick.Com >>>>>> (phone on web site) >>>>>> >>>>> >>>> >>>> >>> >> >> >

Re: Simple Windows Server DNS question. "fern" <nomail[ at ]44332343nomail.com> 6/29/2007 2:02:06 PM "Herb Martin" <news[ at ]learnquick.com> wrote in message news:O1dfxUluHHA.2272[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > > "fern" <nomail[ at ]44332343nomail.com> wrote in message > news:%23IESo9kuHHA.2360[ at ]TK2MSFTNGP06.phx.gbl... >> "Herb Martin" <news[ at ]learnquick.com> wrote in message >> news:uWFZlqfuHHA.3388[ at ]TK2MSFTNGP04.phx.gbl... > >>>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >> >> So in conclusion I guess we all agree that adding each other as >> forwarders is not a proper solution and highly not recommended. > > I hope we all agree because not only is it "not recommended" it will > typically > crash BOTH DNS Services. > > You have created and INFITE LOOP for anything that cannot be resolve > on at at least one of the servers > > A->B->A->B-A->............................................... > >> I should setup new zones on both networks and have them be able to >> transfer to each other. > > That always works even with older DNS servers. > >> Agreed? > > Or you can CONDITIONALLY forward for specific zones from either or > both of them IF the DNS Server in question (e.g., Win2003) supports this. > > Expect older DNS servers to NOT support this -- check newer ones for the > feature. I agree, unfortunetly my network runs on w2k DNS so zone transfers it is. Now all I have to decide is if I should add this zone as an AD integrated or just a secondary standard. I'm thinking AD for redundancy purposes. Thanks again for your input. > >>>>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>>>> DNS server for some specific DNS zone (tree). >>>>>>> >>>>>>> Chances are if NEITHER of these is otherwise related to each other >>>>>>> then >>>>>>> you don't want them to generally forward to each other anyway, and >>>>>>> each >>>>>>> will be using their respective ISP (or some other Internet DNS >>>>>>> Server) to >>>>>>> resolve Internet DNS names. >>>>> >>>>>> Alright Im glad to see you know your stuff and Ill explain myself a >>>>>> little more clearly. Both networks "A" and "B" have Intranets. In >>>>>> order for both networks to properly browswe each others Intranets I >>>>>> believed the solution is to just forward DNS resolutions to each >>>>>> other in order to have their local urls resolved properly. >>>> >>>> Sorry browsing was a poor choice of words... surfing! >>> >>> No problem that is why I gave both answers anyway. >>> >>> >>>>> Browsing is a NetBIOS application -- for browsing to work across >>>>> multiple >>>>> subnets you need (replicated) WINS Servers, and for every machine >>>>> (especially >>>>> DCs and other servers) to be WINS Clients. >>>>> >>>>>> Knowing this, how would you recomend this be done. I do know network >>>>>> "A" is a microsoft domain, and I believe "B" is not. >>>>> >>>>> For DNS resolution or PRIVATE DNS names (not available on the >>>>> Internet) >>>>> you need to use Conditional Forward A->B for B.zones, and B->A for >>>>> A.zones >>>>> OR if Conditional Forwarding is NOT available then B much hold a >>>>> secondary >>>>> for A zones and vice versa. >>>>> >>>>> You might use Conditition Forwarding in one direction and Secondary >>>>> for the >>>>> other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 >>>>> does NOT, and other DNS servers will depend on their feature set. >>>>> >>>>>> Adding standard secondary zones? >>>>> >>>>> That will ALWAYS work for DNS resolution -- but browsing is NOT a >>>>> DNS application. >>>>> >>>>> You need NetBIOS for Browsing, and that means a practical need for >>>>> REPLICATED WINS Servers when you have more than one subnet. >>>>> >>>>>> I appreciate the help .. >>>>>> >>>>>> >>>>>> >>>>>>> A non-Windows DNS server MIGHT support (the equivalent of) >>>>>>> Conditional >>>>>>> Forwarding but you will have to check your non-Windows server for >>>>>>> that. >>>>>>> >>>>>>> If not, then you MAY let the other server hold a "Secondary" copy of >>>>>>> your >>>>>>> zones so they can resolve your specific zone DNS names. >>>>>>> >>>>>>>> So I believe I need to grant/add "B" servers access to "A" somehow >>>>>>>> to allow resolutions. >>>>>>> >>>>>>> Not for Conditional Forwarding no "grant" is required. >>>>>>> >>>>>>> For a Secondary you must enable this in the source (master) DNS >>>>>>> Server. >>>>>>> (There is a tab labeled "Zone Transfers" on EACH DNS Zone property >>>>>>> sheet for the Windows DNS server.) >>>>>>> >>>>>>> >>>>>>>> So to my knowledge I probably have to add "B"'s IP to "A" in order >>>>>>>> to accept DNS queries from "B" >>>>>>>> >>>>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>>>> repsond to systems not part of the domain. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Herb Martin, MCSE, MVP >>>>>>> http://www.LearnQuick.Com >>>>>>> (phone on web site) >>>>>>> >>>>>> >>>>> >>>>> >>>> >>> >>> >> > >

Re: Simple Windows Server DNS question. "Herb Martin" <news[ at ]learnquick.com> 6/29/2007 3:47:48 PM "fern" <nomail[ at ]44332343nomail.com> wrote in message news:OP3XLYluHHA.2752[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] >>>>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) >>>>>>>> forwarders. >>> >>> So in conclusion I guess we all agree that adding each other as >>> forwarders is not a proper solution and highly not recommended. >> >> I hope we all agree because not only is it "not recommended" it will >> typically >> crash BOTH DNS Services. >> >> You have created and INFITE LOOP for anything that cannot be resolve >> on at at least one of the servers >> >> A->B->A->B-A->............................................... >> >>> I should setup new zones on both networks and have them be able to >>> transfer to each other. >> >> That always works even with older DNS servers. >> >>> Agreed? >> >> Or you can CONDITIONALLY forward for specific zones from either or >> both of them IF the DNS Server in question (e.g., Win2003) supports this. >> >> Expect older DNS servers to NOT support this -- check newer ones for the >> feature. > > I agree, unfortunetly my network runs on w2k DNS so zone transfers it is. Ok. That is secondaries then. > Now all I have to decide is if I should add this zone as an AD integrated > or just a secondary standard. I'm thinking AD for redundancy purposes. No you do not -- you cannot used AD Integrated for someone else's Domain/Forest. They cannot use Integrated for YOUR Domain/Forest AD Integrated DNS You can only be a Secondary to them*, and they can only be a Secondary to you. *You don't have Win2003 which would technically open up Stub zones or AD Integrated across domains but in the SAME FOREST, but you cannot do AD Integrate across multiple domains otherwise. You certainly cannot do AD integrated ACROSS unrelated domains. This doesn't affect YOUR ability to use AD Integrated internally (which is usually the best choice) because these DNS servers/zone can have ordinary Secondaries (doing zone transfers) anyway. > Thanks again for your input. Happy to help. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)