Re: Zone Transfer and Trust

From: Neil (Neil_at_discussions.microsoft.com)
Date: 02/17/05 

Date: Thu, 17 Feb 2005 12:31:05 -0800

Thanks Herb,

That was very useful. Now, we have the scenario as I showed. And the servers
are in a local internal subnet and are being Natted through a Firewall with
an External IP Address. The customer location has similar internal subnet and
are Natted through a Firewall with an external IP Address.

There is a DNS server inbetween these two Natted Range. Should the DNS zone
transfer take place at this server or should the zone transfer take place in
local AD Integrated DNS servers at both locations?

If so, then how can this be done? I am not a DNS guy.

thanks,

"Herb Martin" wrote:

> "Neil" <Neil@discussions.microsoft.com> wrote in message
> news:C898FB58-DBC2-452E-8225-FDB5B265792B@microsoft.com...
> > Hi,
> >
> > Do we need to do Zone transfers from one DNS to another DNS to establish a
> > trust between two domains.
>
> No. External trusts (outside the forest - you must be doing
> this since trusts inside the forest are automatic) require NetBIOS
> resolution.
>
> This (pratically) means WINS Server if you have more than
> one subnet.
>
> ALL machines must be WINS servers clients, especially DCs.
>
> > Scenario
> >
> > Remote Customer Location has
> >
> > Win2000 ADS
> > IntegratedDNS
> > Has Internal IP Address and is Natted to outside world through Firewall
> >
> > Our Location
> >
> > Windows 2003 ADS
> > Integrated DNS
> > Has Internal IP Address and is Natted to outside world through Firewall
> >
> > Why do we need Zone transfer to take place? Also, can't a one way trust be
> > established?
>
> Zone transfers need to take place to all DNS secondary
> servers for THAT same zone. (That is what it means to
> BE a secondary.)
>
> --
> Herb Martin
>
>
>
>

Relevant Pages

  • Re: DNS Replication
    ... We are trying to setup DNS replication between dissimilar domains. ... Both servers are running windows server 2003, and are connected through a VPN tunnel. ... If so, there is no replication possible, that is if you are assuming that the zone is an AD integrated zone, and expecting it to replicate to the other domain. ... In such a scenario, the only option you have is to setup and allow a zone transfer from the one domain, where you pick one of the DNS servers to be a Master, and allow zone transfers, to the other DNS in the other domain, where you configure a Secondary, and specify the Master DNS server's IP address as the Master. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS forwarding question
    ... Is the Zone Transfer a push or pull. ... DNS servers for the other domain and set the name servers for that domain ...
    (microsoft.public.windows.server.dns)
  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ...
    (microsoft.public.windows.server.active_directory)