Re: AD SRV records not shown in delegated child domain

From: Kevin D. Goodknecht [MVP] (admin_at_nospam.LSAOL.COM)
Date: 02/13/04 

Date: Fri, 13 Feb 2004 13:05:34 -0600

In news:c0j5ls$16rfis$1@ID-198833.news.uni-berlin.de,
Paul Landregan <plandregan@hotmail.com> posted a question
Then Kevin replied below:
: "Kevin D. Goodknecht [MVP]" <admin@nospam.LSAOL.COM> wrote in message
: news:u1MC7Ak8DHA.2736@TK2MSFTNGP10.phx.gbl...
:: In news:c0hvtp$1775td$1@ID-198833.news.uni-berlin.de,
:: Paul Landregan <plandregan@hotmail.com> posted a question
:: Then Kevin replied below:
::
:: You have totally misunderstood how recursion works, read on I'll
:: give you a picture and then explain how this works.
::
:: Whether you have internet access or not, does not matter. I am not
:: sure if this is why the SRV records are not getting created. Your
:: idea of how the Root hints work is totally incorrect. If the Parent
:: DNS is not set up with a root zone using it as a root hint is
:: totally incorrect and will not work unless the parent DNS has a root
:: zone.
:: You can use it as the only root hint on the child DCs but you must
:: properly set up the Parent DNS.
:: That means the parent DNS must have a root zone, that is a "." (dot)
:: then all of your Zones and delegations MUST be set up in it. For you
:: to correctly use it as a root hints you need the parent set up this
:: way:
:
: My PDC Emulator in the top level domain does have a . zone.
:
:: .<--------The root zone, this is the zone that is looked for by the
:: root hint, then in that you need a sub domain named com. In the com
:: sub domain you need a subdomain named domain.
:
: This is all set up.
:
: This is where the Parent will create its
:: SRV records. Then in that subdomain you need Delegations named a, b,
:: c, and so on for each child domain pointing to the child DNS for
:: each child domain.
::
:
: Yes this is what we have.
:
:: Say DNS b wants to resolve a name in domain a, like
:: machine.a.domain.com. First it makes a simple query to it self for
:: "machine.a.domain.com. It does not have the answer so it checks its
:: forwarders, It has no forwarders so it says use recursion starting
:: at the Root ( the "." ) it does not have a root zone so it says I
:: need a hint where the Root (the ".") is. So it looks at its hints,
:: it says that DC.domain.com at IP 172.20.0.1 has the root zone, so it
:: asks dc.domain.com do you know the root it answers Yes. Then it asks
:: do you know com. it answers yes. Then it asks do you know
:: domain.com., it answers yes. Then it asks do you know a.domain.com.
:: it answers go ask dc.a.domain.com. at IP 172.20.0.2. So it goes to
:: IP 172.20.0..2 and asks, do you know machine.a.domain.com? It
:: answers machine.a.domain.com is IP 172.20.0.3.
:
: Yes this is how I understood it less the forwarders was checked
: before root hints.
: If I dodnt explain too well I apologise.
::
:: I hope this explains how recursion works I don't know if your parent
:: is set up this way but it should be. the Child DNS servers do not
:: need delegations for the other children, this would only mess up
:: recursion and slow down resolution. The parent needs the delegations
:: so that it can find the children.
:
: In the top level domain I have 2 DCs. One has a dot zone and is the
: PDC Emulator (ie 1st one created)
: Listed in this DNS zone are all the hosts living in the top level
: domain.com, a few workstations and the 2 DCs.
: Also listed in this zone are all the delegations to all 12 domains in
: the next level down.
: Each of these contains theirs own hosts allong with the SRV records
: that AD requires.
: They all have a root hint to the top level server containing the .
: zone. Populated automatically not entered by me.
: None have forwarders set as of yet. But may do at a later stage when
: I kill the . zone so we can set up a forwader on the old root server
: to the ISPs DNS server. But thats further down the road. I have some
: security issues to address first. Like puesuading the powers at be
: the internet really isnt all that bad providing you take the
: necessary precautions.
:
:
: Also I have now discovered my error of my oroginal post, it was
: indeed a typo of sorts. In the child domain I had called the zone
: "child" instead of "child.domain.com"
:
: Once I recreated the zone with the FQDN it instantly had all the SRV
: records. Boy did I look a plonker this morning. But Hey it is Friday
: 13th after all.
:
:

Well good deal, I'm glad you got it worked out.

I was afraid you had the rot zone configured wrong but it sounds like you
have it all worked out. I know it was a lot of work configuring the Root
zone like this, it would be kind of a waste to let all this good work go by
deleting the zone. One thing about it you could use the zone to delegate
some sites like windowsupdate so the computers can be updated. We had a
poster in here a few weeks back doing just that, you think he didn't have a
chore in front of him with all the CNAMES Microsoft uses. 

-- 
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
-- 
When responding to posts, please "Reply to Group"  via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
 http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
 http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
 http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Relevant Pages

  • Re: Event ID 7062 in DNS logs
    ... you advice me to let the default Internet root ... > hints in place and to use forwarders from the child DNS (DNS server in ... > the root DNS (DNS server on the forest root domain hosting the ... > AD-integrated forestroot.com zone). ...
    (microsoft.public.windows.server.dns)
  • Re: Windows 2003 DNS Setup for Sub-Domain off of Root
    ... > dns in any other zone than the one that is assigned to them. ... > delegating each sub-domains zone from the root domain. ... they are not needed on the root domain DNS servers as the actual ... > the root zone from the sub-domains dns server. ...
    (microsoft.public.windows.server.dns)
  • Re: 2 Questions...
    ... In one post you asked about the value of the empty root. ... With a multi-domain forest one has a few choices for DNS ... One could use standard zone transfer to these, ... as already stated or by having the DNS servers of corp forward to ...
    (microsoft.public.windows.server.dns)
  • Re: AD SRV records not shown in delegated child domain
    ... >> DNS is not set up with a root zone using it as a root hint is ... >> totally incorrect and will not work unless the parent DNS has a root ... >> You can use it as the only root hint on the child DCs but you must ...
    (microsoft.public.win2000.dns)
  • Re: AD SRV records not shown in delegated child domain
    ... > Root hints work is totally incorrect. ... > unless the parent DNS has a root zone. ... > so on for each child domain pointing to the child DNS for each child ...
    (microsoft.public.win2000.dns)