Are you saying that we should run DNS on our DCs so that the SRV records
can be stored there, and point the workstations to our DCs for DNS,
Yes these are the records the AD clients MUST find.
but
configure the DCs so that all name resolution lookups go to the master
server (transparently)?
Where is the menu to configure a DNS server to forward (non-SRV) lookups?
Example your domain name is mydomain.com. When a client requests *anything*
(printing, files, website, etc) that is in the mydomain.com domain, the DNS
server knows it is authoritive for the mydomain.com zone and searches it's
zone for the requested resource.
When a client requests *anything* other than what is in the mydomain.com
zone (basically the entire Internet, and in your case, other DNS zones held
your "network" DNS server), those requests will get forwarded to your
network DNS server. It will resolve requests for *anything* in it's zones.
Not knowing what your "network" DNS is doing, I can only guess that if a
computer is pointed to the "network" DNS server it can get Internet access.
If this is true, any request the "network" DNS server can not answer
(basically the entire Internet) will get resolved via forwarding to an ISP
or root hints. You are not forwarding the SRV records, you are forwarding
requests for resources NOT held in the DNS server.
See:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
for steps to setting up DNS for AD
See:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
for setting up forwarding. You would forward to your "network" DNS server if
you wanted the users in the AD domain to access resources in the zones the
network DNS server holds, if not you could just forward to your ISP's DNS
servers.
hth
DDS W 2k MVP MCSE
