Dustin K said:
Thanks for the insights,
I didn't know that 2K3 had conditional forwarding. The root server will most
likely be 2K3 along with any other server purchases. Some servers will be 2K
though. Sorry to post a confusing question, 2K and 2K3 look similar to me. I
didn't think that the network was that complex. It's based off a Mainframe
with terminals (still going) and Netware servers were added in the late 80's
or early 90's (still running).
You probably should only have ONE domain -- at most a few.
There is also an NT domain running in a few
cities with NT4 and 3.51. Some offices use Linux servers. My goal is to
replace all of it with an AD structure (mama hates a coward!).
These should be consolidate -- either initially or ASAP.
The design is using child domains and separate trees to 1) try and reduce
replication (56k frame relay), and
That's what Sites are normally used to control.
2) separate business entities.
That's more what domains are far.
All I really want to do is to stop child domains from using the parent DNS
servers for external queries to the internet.
That's completely separate from Domain design. You can stop
that just by using the conditional forwarding but must use Win2003
for conditional forwarding or one of the other methods.
So if I read the answer right,
Windows 2K3 can do this? I assume that 2K3 would need to be at the branches
(child level).
One mistake you may be making is in designing all three ideas
at once.
Domain design comes first, then SIMPLE DNS design, then optimize
for efficiency and control.
Mentally separate "resolving for YOUR RESOURCE" from "helping
your clients resolve including the Internet" -- they are really two
different
jobs even though many DNS servers will do both for efficiency.
Will Windows 2K3 DNS servers with conditional forwarding and sutb zones
repliacte with Windows 2K DNS servers?
Sure.
I'm guessing that the 2K DNS server will just ignore any info that it can't
handle,
Win2K and Win2003 support the same records so it isn't an issue.
The Win2003 DNS servers have more (operational) features.
so any branch office setup with 2K DNS servers would still forward
all queries to the parent?
It could but that's not the default or built-in to ANY DNS server -- you
would do that with conditional forwarding or cross secondaries or stubs.
<---- If that's true, than a Win2K server could
be used at the top parent level? (probably not going to happen, just
curious).
I can make it work with any of them -- it's much easier with Win2003.
Thanks again for reading!
PS. I do like the single domain model better. Oh well.
Or a few -- how many really separate companies do you really have?
(but still in the same resource sharing environment)
How many security account policies (password, lockout, or kerberos)?
How many political issues where the admins INSIST on owning their
own resources but still want to be part of the forest/truth relationship?
It's those last three questions that determine ALMOST EVERY domain
boundary.
You can call me if you wish to talk it through -- might clear some stuff
up faster -- phone number is on my web site: LearnQuick.Com
--
Herb Martin
Herb Martin said:
Dustin K said:
Hi all,
I am working on an AD design and am having trouble determining the
best
DNS
design.
It has been decided that the AD forest will have 5 trees with one of the
trees having 6 child domains. [example.com, hq.example.com,
branch1.example.com, etc]. Each bramch id hooked directly to the root domain
by 56k frame relay as well as hooked directly to the internet by DSL.
That is an amazingly complex domain structure -- and without details
sounds suspiciously like a good part of your real problem.
Also odd is a company with such complexity who would not be using
Win2003.
The general DNS solution for such a forest is a true "root" in the internal
namespace that can delegate all top level domains (the way the Internet
does) and thus allow all DNS servers to use root hints/cache-file to find
every other zone.
This DOES however cause a problem if you must also resolve the Internet.
Is it possible to set up a branches DNS server to resolve names for the
branch, forward requests for *.example.com to a root DNS server and forward
all other requests to the branches DSL DNS servers?
Sounds like "conditional forwarding" which first appears in Win2003 DNS.
You should almost certainly be using Win2003 -- it offers conditional
forwarding,
and another (partial) solution to your problem: Stub zones.
The Win2000 solution is usually to hold "cross secondaries" for all other
zones -- but that quickly becomes unmanagable with a large number of
zones/domains as you intend to create (again, rething THAT decision).
This way DNS requests at
the root would be only for internal traffic and the frame wouldn't be used
for traffic destined to the internet.
Why do you need to many trees and domains?
--
Herb Martin
Thanks for reading!!
Dustin
