Re: Proper way to configure DNS for child domain

Very good , sir.
Good luck with it.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"JoeD" <JoeD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C723463-DFE9-4BB6-AF28-5672316B1127@xxxxxxxxxxxxxxxx
Thanks. Works like a charm.

"Phillip Windell" wrote:

Name Servers Tab:
No,..I never have. Mine only lists the two DCs of my own domain that
contain
that particular Zone
Active Directory Forest Replication already takes care of all that as I
said
in the last post.
The Name Servers Tab only exists as Properties of the Zone itself,...what
good is it to have a DNS listed in there that is not the DNS used for
that
Zone? If you look, each Zone has such a tab,...but the Properties of the
DNS Server itself does not.

Forwarders:
Use the ISP's DNS or some other valid external DNS as the Forwarder,...or
just don't use Forwarders at all and it will *default* to using Root
Hints.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"JoeD" <JoeD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E9AF664B-AB1D-4D2D-97D9-EB491BEE9D9B@xxxxxxxxxxxxxxxx
Okay, do I use forwarders to the parent? Should I have the parent DNS
servers on the Name Servers Tab?

"Phillip Windell" wrote:

They don't point to the parent domain at all,...only to themselves
(1st)
and
each other (2nd).

Active Directory Replication throughout the Forest takes care of the
rest.

Child Domain DC1
Primary server: Child Domain DC1
Secondary server: Child Domain DC2

Child Domain DC2
Primary server: Child Domain DC2
Secondary server: Child Domain DC1


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"JoeD" <JoeD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@xxxxxxxxxxxxxxxx
Hi,

What is the proper and correct way to configure DNS (AD Integrated
zones)
for a child domain? I have two DC's in a child domain, let's call
them
DC1
and DC2. All servers run Windows 2003. Some people say to set them
up
like
this:

DC1
Primary server: DC1
Secondary server: DC2

DC2
Primary server: DC2
Secondary server: DC1

Other people say to set them up pointing to themselves as the
primary
and
use the parent DNS server as a secondary. Which way is the best
practices
way? Also, on the TCP/IP adapter on the DNS server, do I need to
use
"Append
suffixes" radio button and check box? Is this necessary on the DNS
server?

The way I have them set up is :

DC1
Primary: DC1
Secondary: Parent DNS server

DC2
Primary:DC2
Secondary:DC1

This is working okay but I get a few errors, namely event id 2088
and
5781.
Below is a dcdiag from DC1:


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine DC1, is a DC.
* Connecting to directory service on server DC1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 8 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: CHILD\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: CHILD\DC1
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : child
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running enterprise tests on : domain.com
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: DC1.child.domain.com
Domain: child.domain.com


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:0F:1F:66:CF:62
IP address is static
IP address: 192.168.5.6
DNS servers:
Warning: 192.168.5.6 (<name unavailable>)
[Invalid]
192.168.1.20 (<name unavailable>) [Valid]
192.168.5.7 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4
[Invalid
(unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201
[Invalid
(unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12
[Invalid
(unreachable)]
Name: d.root-servers.net. IP: 128.8.10.90
[Invalid
(unreachable)]
Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
Name: DC02.other.domain.com. IP: 192.168.1.10
[Valid]
Name: e.root-servers.net. IP: 192.203.230.10
[Invalid
(unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241
[Invalid
(unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4
[Invalid
(unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53
[Invalid
(unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17
[Invalid
(unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30
[Invalid
(unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129
[Invalid
(unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42
[Invalid
(unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33
[Invalid
(unreachable)]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS
server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone
child.domain.com.
Test record _dcdiag_test_record added successfully
in
zone
child.domain.com.
Test record _dcdiag_test_record deleted
successfully
in
zone child.domain.com.

TEST: Records registration (RReg)
Network Adapter [00000001] Broadcom NetXtreme
Gigabit
Ethernet:
Matching A record found at DNS server
192.168.5.6:
DC1.child.domain.com

Error: Missing CNAME record at DNS server
192.168.5.6
:

8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
[Error details: 1460 (Type: Win32 - Description:
This
operation returned because the timeout period expired.)]

Matching DC SRV record found at DNS server
192.168.5.6:
_ldap._tcp.dc._msdcs.child.domain.com

Error: Missing GC SRV record at DNS server
192.168.5.6
:
_ldap._tcp.gc._msdcs.domain.com
[Error details: 1460 (Type: Win32 - Description:
This
operation returned because the timeout period expired.)]

Matching PDC SRV record found at DNS server
192.168.5.6:
_ldap._tcp.pdc._msdcs.child.domain.com

Matching A record found at DNS server
192.168.1.20:
DC1.child.domain.com

Matching CNAME record found at DNS server
192.168.1.20:

8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com

Matching DC SRV record found at DNS server
192.168.1.20:
_ldap._tcp.dc._msdcs.child.domain.com

Matching GC SRV record found at DNS server


.