Re: Seperate namespace

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 03/22/04 

Date: Sun, 21 Mar 2004 22:33:17 -0500

In news:114bb01c40fb4$486476d0$a101280a@phx.gbl,
the confused <anonymous@discussions.microsoft.com> posted their thoughts,
then I offered mine
> Dave, could you elaborate on the following paragragp?
>
>> The root of your AD DNS can be configured as a "root" DNS or as a
>> forwarder to your external namespace, or to another namespace you
>> choose - such as your ISP ... All internal computers must then
>> "point" to the internal DNS servers.
>

If Dave doesn't mind me jumping in here, I think I can comment on this.

If you configure your (Forest) Root domain's DNS server as a "Root" server,
then all resolution would stop there. Using this scenario would probably
mean you have a Proxy or ISA server controlling Internet access, so
therefore no forwarding out the door is required and we would keep the Root
zone on the Forest Root DNS. Forwarding out does not apply here.

Or choose to forward from the Forest Root domain's DNS server to your
external namesspace, such as with either a conditional forwarder (in W2k3)
or just forward all other queries to your ISP (no conditions on forwarding).

But all in all, ALL internal members of an AD infrastructure MUST only point
to your internal DNS servers for proper AD resolution. If you have
delegation to child domains, they would be forwarded to the Root DNS. Then
at the Forest Root domain (parent) DNS, you choose between a Root or
forwading.

Make sense? 

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
-- 
=================================

Relevant Pages

  • Re: DNS doesnt work with neither forwardes nor root servers
    ... forwarders/ root servers for some reason. ... Assuming you mean that your DNS server can neither forward nor ... Disabling Recursion (and forwarding) in the ADVANCED tab ... DNS OR from doing the actual recursion itself. ...
    (microsoft.public.windows.server.dns)
  • Re: Forwarders versus root hints
    ... > There was some confusion on my part about the benfits forwarding offers ... DNS server on the firewall/gateway (e.g., ... very imporant server from visiting the Internet) it just adds ... And it will not work on a TRUE DNS 'root', ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Forwarders to ISP Is it necessary?
    ... you are telling your DNS server to TRUST the data supplied ... by the DNS server you are forwarding to. ... I personally think that it will be easier to compromise an ISP DNS server ... than it'd be to compromise the root servers. ...
    (microsoft.public.windows.server.dns)
  • Re: Internic Question
    ... InterNIC servers, which I think you are really talking about the Root ... If you are actually talking about forwarding, ... DNS server, they can also slow your DNS server down, because your DNS server ...
    (microsoft.public.win2000.dns)
  • Re: Event ID 7062 in DNS logs
    ... you advice me to let the default Internet root ... > hints in place and to use forwarders from the child DNS (DNS server in ... > the root DNS (DNS server on the forest root domain hosting the ... > AD-integrated forestroot.com zone). ...
    (microsoft.public.windows.server.dns)