Herb Martin wrote:
[Quoted Text] > You can only use Delegation DOWN to a child domain.
>
> Stubs work both down and "across" to unrelated or sister DNS zones.
>
> "Tony Dawson" <noone[ at ]nowhere.org> wrote in message
> news:462792A8.1010403[ at ]nowhere.org...
>> My bosses have asked me to take a look at getting name resolution working
>> between the domains in our enterprise. The domains are in separate
>> locations with VPN's between each location which allow DNS queries across
>> them. Each domain is completely unaware of the other domains in DNS.
>>
>> The structure is :-
>> example.com DNS servers are two W2K3 DC's and two W2K DC's.
>> subdom1.example.com DNS Server are four W2K DC's.
>> subdom2.example.com DNS Servers are two W2K3 DC's.
>>
>> othdom.exampletwo.com DNS servers are two W2K3 DC's and two W2K DC's.
>>
>> What would be the best practice way of doing this ?. I have looked at
>> Conditional Forwarders, Stub zones and Delegation. I have figured that
>> Conditional Forwarders are not appropriate
>
> Why?
>
>> but am unsure of which would be best out of Stub or Delegation.
>
> In most cases these are all roughly equivalent -- the differences are very
> subtle and only matter in certainl large networks usually. Even using
> entire Secondaries on the "other DNS" servers are usually fine in reasonable
> size domains -- and the only real choice besides Delegation for Child zones
> when using Win2000.
>
> Secondaries -- always work, even in Win2000 for non-child zones but MAY
> require copying a lot of records which will never be needed.
> Stubs -- like secondaries but do NOT copy all of the records; mostly this
> is useful for large zones/domains
> Conditional forwarding -- directs to specific servers for resolving other
> zones
> Similar to Stubs BUT allows *YOU*, the admin, to pick which DNS
> servers are most efficient to use, rather than stubs which keep the
> DNS server being used up to date automatically but do NOT allow
> you to pick for efficiency
>
> Also, if you are in a single forest and have ALL Win2003 DNS-DCs then
> you can use:
>
> Forest-wide Replication scope for AD Integrated DNS
>
> This is my favorite for most forests.
>
>
Thanks for the response. Very helpful. The reason that I did not
consider Conditional Forwarding appropriate was that I received an error
when I tried adding a forwarder for subdomn.example.com to the
example.com Windows 2003 dns servers. The error was "The server
forwarders cannot be updated. A zone configuration problem occurred". I
am guessing that it is because the example.com domain has a mix of
Windows 2000 and Windows 2003 DNS servers (we are running in Windows
2000 native mode). I suspected that there should be no Windows 2000 DNS
servers in the example.com domain for conditional forwarding to work and
enable the subdomains to be resolved.
|