Re: Is my two domain setup correct?

---

• From: "Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 27 Nov 2005 05:01:02 -0800

---

Hi,

Thanks for the article.

I have only just taken over the domain administration and therfore unsure
how this was setup origionally. I am trying to get my head round the setup.

If this was setup like the article suggests and having read the article is
does appear to be the way it was done, would the DNS servers in the child
domain only have a secondary copy of the root domain?

If the answer to my question is yes then would the secondary copies of the
root zone not be stored as a text file and not within AD!

Surely if the root domain zone is AD intergrated and the child domain is
also AD intergrated it would make more sense if the zones were transfered
during AD replication and stored inside AD giving more security.

Or am I just plain confused and missing the point altogether.

I keep thinking AD intergrated is the way forward and with it you do not
have to consider any seperate replication worries and all DC's are multi
master and can update each others zone records.

Am I correct in assuming with AD intergrated I can open DNS on a child DC
and enter a record in the root domain zone giving me a single point of
administration?

I know there are quite a few questions I am asking the answers of but if
someone could please answer some of these then the penny will soon drop.

Thanks in advance to assistance offered.

"SIME U via WinServerKB.com" wrote:

> Hi
>
> Have you delegated the child name space to the child DC's? The way a certain
> KB art describes to do this is
>
> Delegate the child zone to the child DC's and the forward from the child back
> to the parent. disable recursion on the child DC's which forward to the
> parent
>
> Enjoy http://support.microsoft.com/default.aspx?scid=kb;en-us;255248
>
>
> Regards
>
> Simon
>
> Paul wrote:
> >I am unsure of my DNS setup. I have just started a new job having come from a
> >single Domain setup. I am seeing lots of error messages in both event viewer
> >and also when I ran a DCDIAG /DNS:TEST. All the errors name the DNS server in
> >the root domain.
> >
> >Here is the setup:
> >
> >Windows 2003 active directory. It is a single forest, two domain contiguous
> >name setup. Root domain (mydomain.local) and a child sub domain
> >(subdomain.mydomain.local).
> >
> >The root domain has one single DC running DNS, (mydomain.local).
> >
> >The child domain has two DC’s both running DNS, (subdomain.mydomain.com).
> >
> >When I log onto the DNS server in the root domain and view the properties of
> >the forward lookup zone (mydomain.local) it shows that it is Active-Directory
> >Integrated – and dynamic secure only. This is just how I want it to be. When
> >I view the same properties of the root domain zone (mydomain.local) from a
> >the DNS server in the child domain it shows it is a secondary zone and the
> >Active-Directory Integrated bit is all greyed out.
> >
> >Is this normal?
> >
> >The two DNS servers in the child domain (subdomain.mydomain.com) are both
> >Active-Directory Integrated and replicate with each other without any
> >complaints.
> >
> >When I look at the zone transfers tab on the root domain (mydomain.local) it
> >says to allow zone transfers from the two domain DNS servers in the child
> >domain (subdomain.mydomain.com).
> >
> >I thought that if you choose Active-Directory Integrated then all DNS
> >servers are multi master and therefore no primary/secondary setup. I also
> >thought if you choose Active-Directory Integrated then there are no zone
> >transfers to be considered, this would all be taken care of by the normal AD
> >replication.
> >
> >Any help is much appreciated
> >
> >Paul
> >
> >
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200511/1
>
.

---

• References:
  • Re: Is my two domain setup correct?
    • From: SIME U via WinServerKB.com

• Prev by Date: Re: DNS Documentation
• Next by Date: Re: Cannot contact the DNS server, 2003 server
• Previous by thread: Re: Is my two domain setup correct?
• Next by thread: Re: Is my two domain setup correct?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Child DNS replication scope error - "Name limit for the local. ... This behavior occurs when the dns zone exists in more than one location in Active Directory, or has been marked to deletion, but that deletion didn't occour iet. ... I have realized that I was mistaken about the setup of my child ... I get the error listed earlier on both the child DCs. ... (microsoft.public.windows.server.active_directory) Re: Replication errors ... we have a root domain with a child. ... I have setup an additional ... > domains info. ... (microsoft.public.win2000.active_directory) Re: DNS Config? ... DNS conflicts. ... On a DNS in root domain, ... the child zone abc.xyz.com ... when i check a DNS in child doamin abc.xyz.com ... (microsoft.public.windows.server.dns) Re: Is my two domain setup correct? ... Have you delegated the child name space to the child DC's? ... All the errors name the DNS server in ... Root domain and a child sub domain ... >the forward lookup zone it shows that it is Active-Directory ... (microsoft.public.windows.server.dns) Re: Replication errors ... Sites are stored in the configuration partition, ... we have a root domain with a child. ... I have setup an additional ... (microsoft.public.win2000.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.dns  > 2005-11