Re: Windows 2003 DNS Setup for Sub-Domain off of Root
From: Mike Graves (MikeGraves_at_discussions.microsoft.com)
Date: 01/28/05
- Next message: Todd J Heron: "Re: Duplicate records"
- Previous message: Alvaro Noreņa: "Re: service principal name for the VMRC server could not be regist"
- In reply to: Roger Abell: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Next in thread: Herb Martin: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Reply: Herb Martin: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Reply: Roger Abell: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 27 Jan 2005 18:35:02 -0800
Roger;
That is correct; I do not want the admins in each domain to be able to alter
dns in any other zone than the one that is assigned to them. I plan on
delegating each sub-domains zone from the root domain. I then will create
the primary zones in the sub-domains.
Questions:
-Since I have the delegation of the sub-domains on the root zone, I do not
need secondary zones of the sub-domains on the root server. Would it make
sense to put secondary zones of the sub-domain zones on the root server for
fault tolerance?
-I noticed that I could add host records to the replicated _msdcs zone from
the root zone from the sub-domains dns server. It there any issues with
this? I just want to make sure that this is correct that they should be able
to add records.
-When I type the fqdn and ip address in the delegation wizard, do I just add
or delete the entries if I ever move the dns server to another server. I am
just wondering if there are any gottcha's about moving zones to another dns
server when using delegated zones.
-I also have a question that pertains to my domain upgrade process. I plan
on installing a new bdc into the domain. I will then promote it to the pdc.
Windows 2003 setup will be ran and the server will have dcpromo ran. Since I
will not keep the upgraded 2003 server, I would like to have DNS for the
upgraded domain on a member server in this domain that will be upgraded to a
permanent dc. The question that I am struggling with is what should the dns
server setup on the member server be. When I test this setup in my test lab,
dcpromo give me a ldap error.
Thanks in advance for any information.
Mike
"Roger Abell" wrote:
> The operative requirement in your case was stated at the end
> > I would like to have a DNS zone on each of the sub-domains
> > that will be administered by remote administrators.
> This implies that you also do not want them to be able to
> alter the DNS support of the other domains.
> In this case, you will need to have the zone supporting their
> domain configured so that their DNS server(s) is(are) primary
> for their domain but not for the others.
> This in turns means that the root doman will need to have
> proper delegations for the subdomains to their server(s).
> Next, this means you will not be able to use enlistment of
> the DNS on the child domain DCs into the forestroot DNS
> application partition, but instead will either need to have
> these all forward to the DNS servers of the forest root, or
> will need to place secondary copies of the forest root DNS
> zone on these child DNS/DCs. Placement of secondary
> copies of other child domain zones in the different child
> domain DNS/DCs is optional as these could be located by
> the delegations that will be available from the root zone.
> Just what you do place there would be governed by the
> connectivity between the domains (full-time or not), etc..
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Mike Graves" <MikeGraves@discussions.microsoft.com> wrote in message
> news:AB832612-AEA7-4391-A75D-F3E795FA401F@microsoft.com...
> > All;
> >
> > I am working on a migration of several NT Domain into a 2003 AD Forest. I
> > am going to be migrating the current NT domain into subdomains of my new
> > Forest. The question that I have pertains to the proper procedures for
> > setting up DNS for the sub-domains. I currently have ADI DNS setup on the
> > root domain. I need to know that proper way to have dns setup on the
> > subdomains.
> >
> > Example
> > Root.net
> > Sub1.Root.net
> > Sub2.Root.net
> >
> > I would like to have a DNS zone on each of the sub-domains that will be
> > administered by remote administrators.
> >
> > Thanks in advance for any info.
> >
> >
> >
> >
> >
>
>
>
- Next message: Todd J Heron: "Re: Duplicate records"
- Previous message: Alvaro Noreņa: "Re: service principal name for the VMRC server could not be regist"
- In reply to: Roger Abell: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Next in thread: Herb Martin: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Reply: Herb Martin: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Reply: Roger Abell: "Re: Windows 2003 DNS Setup for Sub-Domain off of Root"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
