AD zones, secondary Zones

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

Hi, just a quick question.

I hear that it's advisable to have hold copies of a parent
zones has secondaries on child domians in additon to the
childs own AD integrated zones, delegated from the parent.
What if you have AD integrated Zones on the parent and you
want to hold a copy of the zone has a standard zone on the
child domians.

how would you create this?
 
In
Tom said:
Hi, just a quick question.

I hear that it's advisable to have hold copies of a parent
zones has secondaries on child domians in additon to the
childs own AD integrated zones, delegated from the parent.
What if you have AD integrated Zones on the parent and you
want to hold a copy of the zone has a standard zone on the
child domians.

how would you create this?
Click to expand...


You would still delegate to the child from the Parent. Zone type has nothing
to do with delegation. Zone type just dicatates how the zone is stored,
whether in a text file, in the registry, in an SQL database or in the AD
database. That's it.

Now AD Integrated zones, which are store specifically in a specific domain's
AD database (such as the parent domain in your case) can't be replicated to
a child domain's AD database, since they are different domains. THat is in
W2k AD. In W2k3 AD, there a new feature to enable this.

When you delegate from the parent to a child, the parent will no longer hold
a copy of the zone anyway, and the zone folder will 'gray out' under the
parent zone in DNS with only the SOA nameserver records that will be hosting
the zone for now on, which are the child DNS servers.

Here's more info on delegation. Don't forget to forward to the parent from
the child. Then forward from the parent to the ISP.

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
thanks Ac

just to re-cap, with delegation and a forwarder back to the parent, would this be able to resolve all requests on the parent domian from the child domain,. vice-versa. Also would root hints work here

When you create a forwarder from the child domian I assume you just enter the server name of the parent a nd it's IP address

Another example here would be is, and sorry if it's long winded. If you had a parent domain and two child domains, how would you best implement DNS, ie. AD Integrate zones, forwarders, root hints, what common root, would you add on each domain DNS server secondary zones of the the other domian DNS. If this doesn't make sense, apologise I'm just trying to get a grasp of it all and this example and how it will be built will answer my questions

Look forward to your and anyone elses reply.
 
In
Tom said:
thanks Ace

just to re-cap, with delegation and a forwarder back to the parent,
would this be able to resolve all requests on the parent domian from
the child domain,. vice-versa. Also would root hints work here?

When you create a forwarder from the child domian I assume you just
enter the server name of the parent a nd it's IP address.

Another example here would be is, and sorry if it's long winded. If
you had a parent domain and two child domains, how would you best
implement DNS, ie. AD Integrate zones, forwarders, root hints, what
common root, would you add on each domain DNS server secondary zones
of the the other domian DNS. If this doesn't make sense, apologise
I'm just trying to get a grasp of it all and this example and how it
will be built will answer my questions.

Look forward to your and anyone elses reply.
Click to expand...


Forget the Root hints. That's why delegation works. You would forward from
the child to the parent. Yes, just put the parent DNS address in the child's
forwarder.

Keep in mind, you may need to use mutliple search suffixes in the child
members so if you were to query (ping) from a computer called
computer.child1.domain.com by a single name, such as computer1 and that
computer1 exists in child 2.domain.com, then in computer.child1.domain.com's
machine, you should have a search suffix added for child2.domain.com.

If you want AD integrated zone, that's up to you. You can have AD integrated
zone for your two parent domain's servers as long as they are both DCs. You
can do the same in your child domains. If you have two DCs with DNS
installed in the child domain, then make sure you delegate both of them from
the parent. In those child DNS servers, yes, you can make the
child.domain.com zone AD integrated on both DCs.

I hope my previous post and this explanation are clear about how the zone
types and delegation works for you.

Here's some further reading for you that may also be helpful...

227844 - Primary and Active Directory Integrated Zones Differences:
http://support.microsoft.com/default.aspx?scid=kb;en-us;227844

Active Directory-Integrated Zones -Win2003 but most appies to Win2000 except
Application Partitions:
http://www.microsoft.com/technet/pr...2003/proddocs/deployguide/dssbc_logi_lhld.asp

Windows 2000 DNS - Active Directory integration, multimaster replication,
dynamic and secure dynamic update, and aging and scavenging.:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cncf/cncf_imp_orav.asp

Q237675 - Setting Up the Domain Name System for Active Directory:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q237675

Configure DNS for AD:
http://www.microsoft.com/windows2000/en/server/help/sag_DNS_pro_ConfigServerForDS.htm

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top