Re: Adding Separate Domain to Existing DNS server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"cinda" <cinda.lovekamp@xxxxxxxxxxx> wrote in message
news:1124829322.078130.3730@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I have, what I beleive to be, an uncommon situation. We have a DNS
> server for campus and an existing Active Directory. I am setting up an
> additional AD with no relationships to the campus AD.

Perfectly normal, but it's not clear which of two cases you mean:

Same Forest (this is technically an AD relationship) or different
forest with different DNS name.

-- if you use the same forest, then it will just be a new "tree", otherwise
the whole thing will be a (truly) separate forest and the two AD's will
be as technically separate as your current one and my current AD.

In which case you should ignore the other one when configuring the
first and vice versa.

> I am required,
> by campus mandate, to use the campus DNS server. Can anyone tell me
> how I configure DNS on my Domain controller in order to effectively
> accomplish this?

Well, you don't. Since you are "required by campus mandate to use the
campus DNS server" -- unless the campus server is also your DC.

By the way you know this in an incredibly stupid BLANKET requirement.
(It could make sense, probably then only partitially, in some limited
situation but it is just plane STUPID as a blanket recommendation.)


> I have currently set my DC to point to the campus DNS server(s). I can
> ping them and I get no errors when I run dcdiag, but when I do a
> nslookup on either of the DNS server,it returns the correct server name
> and ip, followed by a message saying the first DNS server can't find
> the second DNS server and "non-existent domain".

The "campus" DNS PRIMARY server will need to be set to DYNAMIC
and will have to forego "secure updates only" which is part of the stupidity
of this.

Chances are the campus server hasn't defined the 'new DNS zone' OR has
not set it to DYNAMC, or has set the zone to Dynamic but SECURE ONLY
updates.

Something has to give: Mandate, security, functionality.

> Also, my AD domain name is the same as our registered ARPA domain name

ARPA name? Normally such term is only applied to reverse zones but
I assume you mean your publicly registered DNS name.

> and when we tried to move our web server from the existing workgroup,
> to a new webserver in the new AD (with DNS changes made on both DNS
> servers), we still got a "Page Not Found" error.

You (internal DNS clients) will have to reference the web server using a
PREFIX (e.g., www.Domain.edu) and NOT using the "bare" domain name
without the www or whatever machine prefix label.

Reason: All DCs also register the bare name whether they have a web server
or not.

> Any ideas would be greatly appreciated

Notice: ALL INTERNAL DNS clients must use STRICTLY the DNS servers
which hold (or will find) the "DNS zone which had the AD Name".

And remember "DNS Clients" include you DCs and any other server "in the
domain".

Here are the basic requirements to setup DNS for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


.

Relevant Pages

  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 4515 :another copy of zone has been found
    ... running on the old 2000 server. ... I then installed DNS on ... I seem to remember hearing that if you just delete/remove the zone it ... Container), the Configuration Partition, and the Schema Partition. ...
    (microsoft.public.windows.server.dns)
  • Re: Replication between parent child domains
    ... install dns before i run the dcpromo on the melbourne server. ... DNS server will forward any query it can't answer, Checks zone ...
    (microsoft.public.windows.server.active_directory)
  • Re: Replication between parent child domains
    ... DNS server will forward any query it can't answer, Checks zone ... DNS Servers) all queries will go to tld DNS server (including Internet ... Stub zones: Stub zones contain a read-only copy with specific records ...
    (microsoft.public.windows.server.active_directory)
  • Re: DNS Redesign Issue
    ... -Using DNS console you can right-click the zone and export to a File, ... -To export a Zone and import that Zone in another DNS Server you need to use ... Create a child zone dallas on the DNS server in the child domain ...
    (microsoft.public.windows.server.dns)