am I doing this right? DNS setup between trusted domains over a wan link

  • Thread starter Thread starter Jason
  • Start date Start date
J

Jason

Hi all, Here's why I'm trying to do and i'm not completely sure I have
it setup correctly. I have two domains seperated by a T1 wan link.
lets call them domaina.local and domainb.local. Here's how the
networks are setup:

Domaina.local 192.168.0-1.x

Domainb.local 192.168.2.x

on domaina.local I have the AD integrated zone setup for local
resolution. I then added a secondary zone for domainb.local. I then
added the NS from domainb.local to the name servers tab on both the
forward and reverse zones and enabled zone transfers to only servers
in the NS tab.

On domainb.local I basically did the same thing. Setup a secondary
zone for domaina.local and added the NS for that domain to the NS tab
and enabled zone transfers on both forward and reverse lookups.

So from the info i've given, does it sound like things are setup
properly? The zone transfers were what had me worried most. Just
wasn't sure if they were supposed to be enabled like that. If
something isn't correct, please school me! Thanks in advance!
 
In
Jason said:
Hi all, Here's why I'm trying to do and i'm not completely sure I have
it setup correctly. I have two domains seperated by a T1 wan link.
lets call them domaina.local and domainb.local. Here's how the
networks are setup:

Domaina.local 192.168.0-1.x

Domainb.local 192.168.2.x

on domaina.local I have the AD integrated zone setup for local
resolution. I then added a secondary zone for domainb.local. I then
added the NS from domainb.local to the name servers tab on both the
forward and reverse zones and enabled zone transfers to only servers
in the NS tab.

On domainb.local I basically did the same thing. Setup a secondary
zone for domaina.local and added the NS for that domain to the NS tab
and enabled zone transfers on both forward and reverse lookups.

So from the info i've given, does it sound like things are setup
properly? The zone transfers were what had me worried most. Just
wasn't sure if they were supposed to be enabled like that. If
something isn't correct, please school me! Thanks in advance!
Click to expand...

Allowing zone transfers to the nameservers will work if the DCs are not
multi-homed.
IMO, I would allow zone transfers to the actual IPs that the DNS server
machines have on them.
Just in case the NS records don't resolve to these IPs, which could very
well happen if the DCs are multi-homed.
 
In
Kevin D. Goodknecht said:
In

Allowing zone transfers to the nameservers will work if the DCs are
not multi-homed.
IMO, I would allow zone transfers to the actual IPs that the DNS
server machines have on them.
Just in case the NS records don't resolve to these IPs, which could
very well happen if the DCs are multi-homed.
Click to expand...


Also to add, if a trust is to be created between two domains that are NOT in
the same forest in Windows 2000, then this is NOT DNS based, but rather
NetBIOS based. This would be called an external trust that works exactly as
in the NT4 days.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top