AD integrated DNS - Parent Child question

  • Thread starter Thread starter mgamiet
  • Start date Start date
M

mgamiet

Hello, I have a parent and child domain in Win2k AD.
Parent has AD integrated DNS Zone, with child DNS Zone
delegated to Child Domain DC.

company.com has DNS Parent Domain DC
Child.company.com has been delegated to the Child Domain
DC.

My question is this: Does the Parent Domain DNS Server
need to install a secondary version of Child.company.com?
Or will the Entries be replicated across Domain
boundaries - through AD?

Also, What about Reverse Lookup Zones? Do these need to be
delegated to the Child domain as well? Or will the dynamic
updates be replicated through AD?

Help!
 
1. Does the Parent Domain DNS Server need to install a secondary version of
Child.company.com? General answer is No, but if you want the parnet to
resolve host name is the child, then I would use a suffix search order. On
the child domain, you won't have to do this as lond as the child forwards to
the parent.If the child domain and Parent both have a host name the same
then this would be a problem. I rename one of them.
2. Or will the Entries be replicated across Domain boundaries - through AD?
Can you repharse this?
3.Also, What about Reverse Lookup Zones? Usally the parent and child are on
different subnets, So each would have a differnet reverse lookup zone. I
4 Do these need to be delegated to the Child domain as well? You could do a
delagation of the reverse lookup zone.Depends on what you trying to do.
5. Or will the dynamic updates be replicated through AD? With in the Child
and parent AD will replicate

Hope this helps

Tim Roberts (MSFT)
 
mgamiet said:
Hello, I have a parent and child domain in Win2k AD.
Parent has AD integrated DNS Zone, with child DNS Zone
delegated to Child Domain DC.
Click to expand...

Pretty much irrelevant to Parent/Child delegation issues.
company.com has DNS Parent Domain DC
Child.company.com has been delegated to the Child Domain
DC.
Click to expand...

Always "think about" DNS servers, roles, and placement ONE
ZONE at a time. You can subsequently optimize or collapse multiple
zones onto one physical server for efficiency or other reasons if that
makes sense to do.
My question is this: Does the Parent Domain DNS Server
need to install a secondary version of Child.company.com?
Click to expand...

No, not automatically. The parent NORMALLY has no secondary
for the child zones it delegates. (Example: Com servers have NONE of the
thousands they delegate.)

Holding a secondary is ONLY an issue of "it you need it." Nothing related
to parent-child.
Or will the Entries be replicated across Domain
boundaries - through AD?
Click to expand...

No, not in Win2000 -- replication can be better controlled in Win2003.

AD only replicates Config, Schema, and GCs partitions Forest wide in
Win2000. The domain partition is replicated ONLY domain wide.
Also, What about Reverse Lookup Zones? Do these need to be
delegated to the Child domain as well? Or will the dynamic
updates be replicated through AD?
Click to expand...

Reverse zones are (almost) totally unrelated to Forward zones so deal
with each separately.

Yes, a child reverse zone (20.10.in-addr.arpa) needs to be delegated
from the parent (10.in-addr.arpa) if you use that configuration.

Now, why WOULD a parent DOMAIN (not zone) DNS server need to hold
a child DOMAIN DNS zone?

Perhaps because they are not in a "proper" hierarchy. Without a common
root (starting point) it is necessary that each set of DNS servers be able
to
either FIND or HOLD the zone for the other domains.

In the Internet the whole namespace starts at the root "." (dot) but in a
private
namespace with no root zone setup then it is sometimes easier to just "hold
a secondary" than to fix the hierarchy.

With two, or a few zones, this works. With more it is necessary to setup a
true private namespace with it's own root and proper hierarchy.

In Win2003, Stud Zones can help with this problem.
 
AD only replicates Config, Schema, and GCs partitions Forest wide in
Win2000. The domain partition is replicated ONLY domain wide.
Click to expand...

Technical correction or at least an elaboration:

Since an entry for every object in the Forest is included in ALL of the GCs
for the forest, at least some of the DNS info will replicate to ALL GCs
as well as ALL DNS information replicating through that same domain.

In Win2000 the DNS integrated zones are in the Domain partition.

[What I wrote in the previous message may not have been incorrect but
it could certainly have been slightly misleading.]
 
Back
Top