DNS questions. Forwardings and stb zones. Per-Torben 4/25/2007 1:08:01 PM Hello, I have a couple of questions here The Enterprise has 4 forests. For easiness sake let’s call them Domain1.local Domain2.local Domain3.local Domain4.local In addition, domain1.local is an empty root with 3 subdomains Sub1.domain1.local Sub2.domain1.local Sub3.domain1.local 1. Currently the DNS in domain1.local has stub-zones from domain2, domain3 and domain 4. Wouldn’t a conditional forwarding be more appropriate? 2. The DNS zone domain1.local is spread through domain1.local and its 3 child domains, having dns-servers for the zone domain1.local in all 4 domains (the root and the three child-domains that is). Shouldn’t the child domains be delegated to their respective domain controllers? 3. On a DNS server on domain1.local. If I delete the stub zone for domain4.local and create a cond.forwarding to domain4’s DNS servers. Will the stub-zone be deleted forest-wide? And it won’t delete the primary zone in domain4.local? Thanks for any replies :) -- regards Per-Torben Sørensen

Re: DNS questions. Forwardings and stb zones. "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 4/25/2007 8:29:57 PM Read inline please. In news:50851248-AE11-4362-915E-88201E9362AB[ at ]microsoft.com, Per-Torben <PerTorben[ at ]discussions.microsoft.com> typed: [Quoted Text] > Hello, I have a couple of questions here > > The Enterprise has 4 forests. For easiness sake let's call them > Domain1.local > Domain2.local > Domain3.local > Domain4.local > > In addition, domain1.local is an empty root with 3 subdomains > Sub1.domain1.local > Sub2.domain1.local > Sub3.domain1.local > > 1. Currently the DNS in domain1.local has stub-zones from domain2, > domain3 and domain 4. Wouldn't a conditional forwarding be more > appropriate? Not really, it works basically the same, but a Stub zone automatically updates the NS records and A records for the NS records (Glue) when DNS servers are added (or removed). Conditional forwarders have to manually updated if the DNS servers that hold the full zones change. > > 2. The DNS zone domain1.local is spread through domain1.local and its > 3 child domains, having dns-servers for the zone domain1.local in all > 4 domains (the root and the three child-domains that is). Shouldn't > the child domains be delegated to their respective domain controllers? Actually, the child domains should be delegated to all DNS servers that hold the full child zone. In Win2k3, it is possible to have the Full child DNS zone in the ForestDNSZones replication partition, which would mean the delegation would point to every domain controller in the Forest running DNS. > > 3. On a DNS server on domain1.local. If I delete the stub zone for > domain4.local and create a cond.forwarding to domain4's DNS servers. > Will the stub-zone be deleted forest-wide? And it won't delete the > primary zone in domain4.local? Once again it comes to this point, if you use a conditional forwarder, you would have to create the conditional forwarder on all DNS servers. If you use ADI stub, it replicates to all DC/DNS servers in the replication scope. If you use an ADI Stub don't use conditional forwarders on any DNS the stub replicates to. From what you are saying, I believe Stub zones are your best solution for the inter-forest resolution. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps Send IM: http://www.icq.com/people/webmsg.php?to=296095728 =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: DNS questions. Forwardings and stb zones. Per-Torben 4/26/2007 5:56:01 AM Thank you very much, really appriciate this :) Another thing I'd like to have confirmed: The dns-island situation (a dns using itself as pri dns server becoming isolated) is afaik resolved. Now what is the recommended way of setting primary and secondary dns server on DC/dns servers? -- regards Per-Torben Sørensen "Kevin D. Goodknecht Sr. [MVP]" wrote: [Quoted Text] > Read inline please. > > In news:50851248-AE11-4362-915E-88201E9362AB[ at ]microsoft.com, > Per-Torben <PerTorben[ at ]discussions.microsoft.com> typed: > > Hello, I have a couple of questions here > > > > The Enterprise has 4 forests. For easiness sake let's call them > > Domain1.local > > Domain2.local > > Domain3.local > > Domain4.local > > > > In addition, domain1.local is an empty root with 3 subdomains > > Sub1.domain1.local > > Sub2.domain1.local > > Sub3.domain1.local > > > > 1. Currently the DNS in domain1.local has stub-zones from domain2, > > domain3 and domain 4. Wouldn't a conditional forwarding be more > > appropriate? > > Not really, it works basically the same, but a Stub zone automatically > updates the NS records and A records for the NS records (Glue) when DNS > servers are added (or removed). Conditional forwarders have to manually > updated if the DNS servers that hold the full zones change. > > > > > 2. The DNS zone domain1.local is spread through domain1.local and its > > 3 child domains, having dns-servers for the zone domain1.local in all > > 4 domains (the root and the three child-domains that is). Shouldn't > > the child domains be delegated to their respective domain controllers? > > Actually, the child domains should be delegated to all DNS servers that hold > the full child zone. In Win2k3, it is possible to have the Full child DNS > zone in the ForestDNSZones replication partition, which would mean the > delegation would point to every domain controller in the Forest running DNS. > > > > > 3. On a DNS server on domain1.local. If I delete the stub zone for > > domain4.local and create a cond.forwarding to domain4's DNS servers. > > Will the stub-zone be deleted forest-wide? And it won't delete the > > primary zone in domain4.local? > > Once again it comes to this point, if you use a conditional forwarder, you > would have to create the conditional forwarder on all DNS servers. If you > use ADI stub, it replicates to all DC/DNS servers in the replication scope. > If you use an ADI Stub don't use conditional forwarders on any DNS the stub > replicates to. > > From what you are saying, I believe Stub zones are your best solution for > the inter-forest resolution. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728 > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx > =================================== > > >

Re: DNS questions. Forwardings and stb zones. "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 4/26/2007 9:16:23 AM Read inline please. In news:99801642-8749-4265-8437-8B53C39B84AC[ at ]microsoft.com, Per-Torben <PerTorben[ at ]discussions.microsoft.com> typed: [Quoted Text] > Thank you very much, really appriciate this :) > > Another thing I'd like to have confirmed: > > The dns-island situation (a dns using itself as pri dns server > becoming isolated) is afaik resolved. Now what is the recommended way > of setting primary and secondary dns server on DC/dns servers? The answer is a matter of opinion rather than a correct or incorrect setting, that is as long as all DNS servers used in TCP/IP support the AD Domain. I prefer using another DC as the preferred DNS and itself as an Alternate. The reasoning I use is that the Preferred DNS should be one of the DCs that is already up and running to prevent startup errors and speed startup. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps Send IM: http://www.icq.com/people/webmsg.php?to=296095728 =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: DNS questions. Forwardings and stb zones. Per-Torben 4/26/2007 9:24:02 AM Never thought about that, that's a very good point. -- regards Per-Torben Sørensen "Kevin D. Goodknecht Sr. [MVP]" wrote: [Quoted Text] > Read inline please. > > In news:99801642-8749-4265-8437-8B53C39B84AC[ at ]microsoft.com, > Per-Torben <PerTorben[ at ]discussions.microsoft.com> typed: > > Thank you very much, really appriciate this :) > > > > Another thing I'd like to have confirmed: > > > > The dns-island situation (a dns using itself as pri dns server > > becoming isolated) is afaik resolved. Now what is the recommended way > > of setting primary and secondary dns server on DC/dns servers? > > The answer is a matter of opinion rather than a correct or incorrect > setting, that is as long as all DNS servers used in TCP/IP support the AD > Domain. I prefer using another DC as the preferred DNS and itself as an > Alternate. The reasoning I use is that the Preferred DNS should be one of > the DCs that is already up and running to prevent startup errors and speed > startup. > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728 > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx > =================================== > > >