Re: DNS lookup error at root domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

> So, what is the way to enable root domain to resolve all the host name for
> hosts at child domain?


It's a minor distinction but you are PROBABLY really trying to
enable the DNS server holding the "parent zone" to resolve
computers to resolve the zone for the child domain.

Although a minor technical distinction it is an extremely important
mental distinction that helps keep our thinking straight about DNS.

Likely you set your computers to use the DNS server in the parent
domain, which holds the zone for the parent domain, but technically
DNS servers can hold multiple domains and technically those
computers do not have to point to any particular DNS server.

BUT (and here's the mental trap we all fall into) since we almost
always do it as above, we tend to THINK of that as the "parent
Domain" or "parent Domain DNS."

Ok, to the answers,

Historical and normal method: Delegate the child zone from the
parent zone. Always works; few issues.

Hold a secondary for the child on the parent -- this breaks our
mental concept of the "parent DNS servers" but it is perfectly
legal in DNS. Advantage: You get more redundancy for the
child zone, in exchange for copying (zone transfer) the entire
zone to the "parent DNS" server -- not a big negative unless
the child zone is huge.

Another method (Win2003 only, not Win2000 DNS): use a stub
on the parent to EFFECTIVELY perform the delegation (not
technically deleagation but it does the job).. Advantage: you can
add and remove "real" (read Authoritative) child DNS servers
to the child zone without having to update the parent 'delegation'.
(And you don't have to hold the entire zone on the parent DNS -
only relevant if the zone is very large.)

Also you could Conditionally forward from the "parent DNS" to
the child DNS zone servers. Advantages: Similar to stub BUT
you CAN hide child DNS servers and thereby CHOOSE the most
efficient child zone DNS servers to use, but in exchange you must
manually update the delegation if the child zone DNS servers
change (the ones you specify that is.)


I would choose simple delegation in most cases.

Unless I could identify a reason for one of the other methods being
markedly better.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"kevin via WinServerKB.com" <forum@xxxxxxxxxxxxxxx> wrote in message
news:5133ADB61C5A0@xxxxxxxxxxxxxxxxxx
> Hi Martin,
>
>
> Thanks.
>
>
> Herb Martin wrote:
> >> Hi,
> >>
> >> I have two DC, one in root domain A, and the other in child domain B.
Both
> >> DNS are using Active Directory Integrated for entire forest and zone
transfer
> >> has been enabled.
> >
> >Zone transfers are irrelevant if you have no secondary DNS
> >servers (and not consoles where you wish to do something
> >likst NSLookup - List commands.)
> >
> >Do you see both zones in BOTH DCs DNS console?
> >If not first make sure you have full replication (try DCDiag on
> >each DC) then create the zones as AD Integrated where they
> >are missing.
> >
> >> Forwarder in child domain B has been set to DNS in root
> >> domain A.
> >
> >Why? If both DNS servers hold both zones there may not be
> >any reason to forward from child to parent...
> >
> >> Both DC are global catalog servers.
> >
> >Not relevant to DNS and Ok if you have a SMALL forest with
> >every DC a GC. (Large forests probably should not do this.)
> >
> >> When I performed nslookup in
> >> child domain B, I could find host in child domain B and root domain A.
> >> However, when i performed nslookup in root domain A, I could only find
host
> >> in root domain A, but couldn't find host in child domain B. Any idea?
> >
> >Yes, you don't have the child zone created in DNS on the parent DNS
> >servers.
> >
> >Just because the data is there (in AD) doesn't always mean the zones
> >have been created (as AD-Integrated) to actually serve the data through
> >DNS....
> >
> >> Thanks.
>
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200507/1


.

Relevant Pages

  • Re: set up first child DC in a remote site
    ... has not set its IP and DNS in the creation of ... delegation can the parent DC see the child DC-to-be? ... and child zone created as the Conditional forwarding configured pointing to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Child domain and DNS
    ... Connection-specific DNS Suffix. ... Acording to the KB i have setup a forwarder on the Child. ... on the parent and only showing the child DNS server name and ip. ... What replication scope is the linakorg.local zone set to on the parent ...
    (microsoft.public.windows.server.dns)
  • Re: DNS
    ... DNS was pointing to the the DC at Site A which already had a AD ... DNS zone replicating from the DNS server in site A and everything was ... Assuming you created a child zone at B, apparently the zone for B is a child zone under A. Assuming zone A's default replication scope is still set to "All DNS Servers in teh Domain," B's servers will never see the zone becaues they aer in a different domain. ... You would also need to create a forwarder from your DNS servers to the parent zone's DNS servers, which we will assume are Forwarded out to the ISP. ...
    (microsoft.public.windows.server.dns)
  • Re: set up first child DC in a remote site
    ... Since step 3 is done before installing the DNS on it, ... necessary to put the DNS server pointing to the parent domain. ... DC on the Child doamin and it's IP Address, at the moment that you create ...
    (microsoft.public.windows.server.active_directory)
  • Re: cant log into child domain
    ... DNS in the forest is all AD integrated. ... corp.mydomain.com and the zone for this domain is AD integrated. ... I do not understand what you mean by "is the domain delegated the child ... The parent and child zone replication are forest wide when I ...
    (microsoft.public.windows.server.active_directory)