Re: Is my two domain setup correct?

Hi Kevin,

Thanks for the fix but can I just confirm my setup and what it is you are
asking me to delete?

This is a new job and I don't wish to delete a zone then get the sack.

The root domain has a forward lookup zone with the child domain zone greyed
out. There are no records in the greyed out zone which I am going to guess is
correct because the name space is controlled by the child domains DNS serves.

The root domain zone is active directory intergrated with replication option:

To all servers in AD domain mydomain.local

The name server tab only has the DNS server in mydomin.local.

When I log onto a DNS server in the child domain and view the forward lookup
zone I see two zones.

The root domain myzone.local along with the greyed out child domain zone
child.myzone.local. The only record in the greyed out child domain is a NS
record for one the DNS servers from the child domain.

There is a second forward lookup zone called child.myzone.local this is
where all the child domain records are A, CNAME etc. This is active directory
intergrated and replication is set to all servers in AD domain
child.mydomain.local.

Should I delete the root domain on the child domain servers then select the
option to replicate to all servers in the forest from the root domain server.
This then will put myzone.local back in but this time it will be active
directory intergrated?

Should I also change the replication on the child.myzone.local to all
servers in the forest and if so will these records then show up in the greyed
out child zone or will it create a seperate forward lookup zone as it is
currently in the child.myzone.local domain?

All the books I read on the subject just cover the basics of DNS and not
this replication and setup configuration.

Thanks




"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Paul <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > I am unsure of my DNS setup. I have just started a new job having
> > come from a single Domain setup. I am seeing lots of error messages
> > in both event viewer and also when I ran a DCDIAG /DNS:TEST. All the
> > errors name the DNS server in the root domain.
> >
> > Here is the setup:
> >
> > Windows 2003 active directory. It is a single forest, two domain
> > contiguous name setup. Root domain (mydomain.local) and a child sub
> > domain (subdomain.mydomain.local).
> >
> > The root domain has one single DC running DNS, (mydomain.local).
> >
> > The child domain has two DC's both running DNS,
> > (subdomain.mydomain.com).
> >
> > When I log onto the DNS server in the root domain and view the
> > properties of the forward lookup zone (mydomain.local) it shows that
> > it is Active-Directory Integrated - and dynamic secure only. This is
> > just how I want it to be. When I view the same properties of the root
> > domain zone (mydomain.local) from a the DNS server in the child
> > domain it shows it is a secondary zone and the Active-Directory
> > Integrated bit is all greyed out.
>
> You should delete the secondary zone on the child DNS, then change the
> replication of the parent zone on the parent DCs to replicate to all DNS
> servers in the AD Forest. (Unless you still have Win2k DNS servers)
> Delete the secondary zone first, so as to not cause a zone conflict. You can
> speed up replication by adding NS records for the child DCs, then force a
> replication. The zone should replicate within 15 minutes.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
.

Relevant Pages

  • Re: DNS Redesign Issue
    ... This is because tbe TLD DNS server is the only ... set the new child domain DNS server as primary for the domain controllers? ... -Using DNS console you can right-click the zone and export to a File, ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Redesign Issue
    ... set the new child domain DNS server as primary for the domain controllers? ... -If you are going to create a new AD Integrated Zone in each child domain, ...
    (microsoft.public.windows.server.dns)
  • Re: problem with AD dns auto registration and subdomain
    ... > I am trying to setup 2 dc's for a child domain, ... The 2nd dc was setup off site at the child domain ... > DNS server '192.168.0.1' failed. ... > I have tried removing and re-creating the zone on the dns server. ...
    (microsoft.public.win2000.dns)
  • Re: Delegated zones - question for an MCSE or MCSA..
    ... After you delegate a zone to a child domain the dns servers ... parent DNS server for the child DNS server. ... 255248 How to Create a Child Domain in Active Directory and Delegate the DNS ...
    (microsoft.public.cert.exam.mcse)
  • Re: Any reason for this DNS setup?
    ... If a delegation was in place, the secondary wouldn't have been needed. ... a delegation is made under the parent zone for the child zone to ... DC/DNS servers configure a forwarder back to the parent. ... But, everytime, I reboot the child domain controllers, the zone ...
    (microsoft.public.windows.server.dns)
Loading