Re: AD SRV records not shown in delegated child domain
From: Paul Landregan (plandregan_at_hotmail.com)
Date: 02/13/04
- Next message: Kevin D. Goodknecht [MVP]: "Re: WinXP -> Win2K server DNS issue"
- Previous message: Allison Wright: "Going to AD Integrated DNS"
- In reply to: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Next in thread: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Reply: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Reply: Ace Fekay [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Feb 2004 18:39:56 -0000
"Kevin D. Goodknecht [MVP]" <admin@nospam.LSAOL.COM> wrote in message
news:u1MC7Ak8DHA.2736@TK2MSFTNGP10.phx.gbl...
> In news:c0hvtp$1775td$1@ID-198833.news.uni-berlin.de,
> Paul Landregan <plandregan@hotmail.com> posted a question
> Then Kevin replied below:
>
> You have totally misunderstood how recursion works, read on I'll give you
a
> picture and then explain how this works.
>
> Whether you have internet access or not, does not matter. I am not sure if
> this is why the SRV records are not getting created. Your idea of how the
> Root hints work is totally incorrect. If the Parent DNS is not set up with
a
> root zone using it as a root hint is totally incorrect and will not work
> unless the parent DNS has a root zone.
> You can use it as the only root hint on the child DCs but you must
properly
> set up the Parent DNS.
> That means the parent DNS must have a root zone, that is a "." (dot) then
> all of your Zones and delegations MUST be set up in it. For you to
correctly
> use it as a root hints you need the parent set up this way:
My PDC Emulator in the top level domain does have a . zone.
> .<--------The root zone, this is the zone that is looked for by the root
> hint, then in that you need a sub domain named com. In the com sub domain
> you need a subdomain named domain.
This is all set up.
This is where the Parent will create its
> SRV records. Then in that subdomain you need Delegations named a, b, c,
and
> so on for each child domain pointing to the child DNS for each child
domain.
>
Yes this is what we have.
> Say DNS b wants to resolve a name in domain a, like machine.a.domain.com.
> First it makes a simple query to it self for "machine.a.domain.com. It
does
> not have the answer so it checks its forwarders, It has no forwarders so
it
> says use recursion starting at the Root ( the "." ) it does not have a
root
> zone so it says I need a hint where the Root (the ".") is. So it looks at
> its hints, it says that DC.domain.com at IP 172.20.0.1 has the root zone,
so
> it asks dc.domain.com do you know the root it answers Yes. Then it asks do
> you know com. it answers yes. Then it asks do you know domain.com., it
> answers yes. Then it asks do you know a.domain.com. it answers go ask
> dc.a.domain.com. at IP 172.20.0.2. So it goes to IP 172.20.0..2 and asks,
do
> you know machine.a.domain.com? It answers machine.a.domain.com is IP
> 172.20.0.3.
Yes this is how I understood it less the forwarders was checked before root
hints.
If I dodnt explain too well I apologise.
>
> I hope this explains how recursion works I don't know if your parent is
set
> up this way but it should be. the Child DNS servers do not need
delegations
> for the other children, this would only mess up recursion and slow down
> resolution. The parent needs the delegations so that it can find the
> children.
In the top level domain I have 2 DCs. One has a dot zone and is the PDC
Emulator (ie 1st one created)
Listed in this DNS zone are all the hosts living in the top level
domain.com, a few workstations and the 2 DCs.
Also listed in this zone are all the delegations to all 12 domains in the
next level down.
Each of these contains theirs own hosts allong with the SRV records that AD
requires.
They all have a root hint to the top level server containing the . zone.
Populated automatically not entered by me.
None have forwarders set as of yet. But may do at a later stage when I kill
the . zone so we can set up a forwader on the old root server to the ISPs
DNS server. But thats further down the road. I have some security issues to
address first. Like puesuading the powers at be the internet really isnt all
that bad providing you take the necessary precautions.
Also I have now discovered my error of my oroginal post, it was indeed a
typo of sorts. In the child domain I had called the zone "child" instead of
"child.domain.com"
Once I recreated the zone with the FQDN it instantly had all the SRV
records. Boy did I look a plonker this morning. But Hey it is Friday 13th
after all.
Thanks to all who have helped.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your issue.
> To respond directly to me remove the nospam. from my email.
> ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
- Next message: Kevin D. Goodknecht [MVP]: "Re: WinXP -> Win2K server DNS issue"
- Previous message: Allison Wright: "Going to AD Integrated DNS"
- In reply to: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Next in thread: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Reply: Kevin D. Goodknecht [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Reply: Ace Fekay [MVP]: "Re: AD SRV records not shown in delegated child domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
