Re: Zone Transfer and Trust
From: Herb Martin (news_at_LearnQuick.com)
Date: 02/17/05
- Next message: DHauser: "Re: website dns not resolving"
- Previous message: eng-soft05: "Re: Joining New Domain DNS error"
- In reply to: Neil: "Re: Zone Transfer and Trust"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Feb 2005 17:16:35 -0600
"Neil" <Neil@discussions.microsoft.com> wrote in message
news:B54C9390-5B46-448A-9C35-880D9C89A210@microsoft.com...
> Thanks Herb,
> That was very useful.
Good to hear.
> ... Now, we have the scenario as I showed. And the servers
> are in a local internal subnet and are being Natted through a Firewall
with
> an External IP Address. The customer location has similar internal subnet
and
> are Natted through a Firewall with an external IP Address.
You aren't going to get through TWO NATs unless you
map the ports or addresses.
You will also have to map not just UDP 53 (most client
requests) but also TCP 53 (some client requests and all
zone transfers.)
> There is a DNS server inbetween these two Natted Range. Should the DNS
zone
> transfer take place at this server or should the zone transfer take place
in
> local AD Integrated DNS servers at both locations?
I cannot decipher the above paragraph.
BUT the zone transfer will take place from the Secondary
(an Secondary for that zone) to it's own specified MASTER
which may be a Secondary, a (Classic) Primary, or an AD
Integrated DNS server.
The Master must ALLOW that transfer and the pulling secondary
must be able to ROUTE it's request to the Master.
> If so, then how can this be done? I am not a DNS guy.
This sounds more like a routing/firewall thing than a pure
DNS issue.
Do you understand how to make a secondary if it WERE
in the same network/subnet? If so you do the same thing
IF the request can be routed and IF it can pass through
all intervening NATs or Firewalls.
-- Herb Martin > > thanks, > > "Herb Martin" wrote: > > > "Neil" <Neil@discussions.microsoft.com> wrote in message > > news:C898FB58-DBC2-452E-8225-FDB5B265792B@microsoft.com... > > > Hi, > > > > > > Do we need to do Zone transfers from one DNS to another DNS to establish a > > > trust between two domains. > > > > No. External trusts (outside the forest - you must be doing > > this since trusts inside the forest are automatic) require NetBIOS > > resolution. > > > > This (pratically) means WINS Server if you have more than > > one subnet. > > > > ALL machines must be WINS servers clients, especially DCs. > > > > > Scenario > > > > > > Remote Customer Location has > > > > > > Win2000 ADS > > > IntegratedDNS > > > Has Internal IP Address and is Natted to outside world through Firewall > > > > > > Our Location > > > > > > Windows 2003 ADS > > > Integrated DNS > > > Has Internal IP Address and is Natted to outside world through Firewall > > > > > > Why do we need Zone transfer to take place? Also, can't a one way trust be > > > established? > > > > Zone transfers need to take place to all DNS secondary > > servers for THAT same zone. (That is what it means to > > BE a secondary.) > > > > -- > > Herb Martin > > > > > > > >
- Next message: DHauser: "Re: website dns not resolving"
- Previous message: eng-soft05: "Re: Joining New Domain DNS error"
- In reply to: Neil: "Re: Zone Transfer and Trust"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
