Default_First_Site_Name AND DNS

  • Thread starter Thread starter Craig Boyer
  • Start date Start date
C

Craig Boyer

I believe I have a DNS issue. I have a parent domain
(acme.com) and a child domain (test.acme.com). Our
company in the test.acme.com has two remote offices
(Denver and Charlotte). I wanted to restrict netlogon
traffic to each domain as well as the remote offices since
we are all geographically separated. So I decided to
create multiple Site and Site links to achieve this. I
created Sites Acme, Test, Denver, and Charlotte. All the
Sites are on different network segments, so I created the
subnets and site links accordingly. There are two domain
controller in the parent and three in the child (the two
remote office are in the child domain and each contain one
domain controller). From the console of all of the domain
controllers, I see in Sites and Services - Acme, Test,
Denver, and Charlotte. This all appears to be correct?
Now when I go into DNS manager on the parent domains DNS
server, I traverse the hierarchy to forward lookup zones,
and go into the Acme.com zone and _Sites. I see the
Sites - Acme, Test, Denver, Charlotte, and Default-First-
Site-Name?? If I do the same thing in the child domain
and traverse to the Child domains forward lookup zones,
acme.com, and _sites. I see Test, Denver, Charlotte, and
Default-First-Site-name?? The parent still see's the
original Default-First-Site-Name and the Child domain
see's it as well, but doesn't see acme.com??? The Default-
First-Site-Name was renamed to acme.com at the beginning
of this process. All four domain controllers were in the
original Site. Once all the Sites were created, then we
moved the domain controllers to the appropriate site. Why
does DNS not reflect the proper Site hierarchy??? Sorry
for this being so long. I am very detailed in nature.
 
It sounds like the child may not be replicating with the parent. Can the child resolve names in the parent domain? Typcially the way to set this up is to configure
forwarders on the child that point to the parent. On the parent, you will need to make sure a delegation exists for the child domain that includes a NS record for
each DNS server in the child hosting the child domain name. This is the glue that ties the child to the parent.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
I can resolve FQDN's of servers located in the parent
domain from the child domain. You maybe correct on the
delegation of the child domain to the parent domain. I
not sure what or how this functions. Answer this
question. I inherited this configuration from previous
consults. How should the DNS hierarchy look with respect
to the Parent/ Child relationship. I think the structure
should be Server name\Forward Lookup Zones\Acme.com\Test.
The Acme.com zone is an active directory integrated. I
additionally can see in both the Acme.com and
test\acme.com zones the _msdcs, _sites, _tcp, and _udp for
each domain.
-----Original Message-----
It sounds like the child may not be replicating with the
Click to expand...
parent. Can the child resolve names in the parent
domain? Typcially the way to set this up is to configure
forwarders on the child that point to the parent. On
Click to expand...
the parent, you will need to make sure a delegation exists
for the child domain that includes a NS record for
each DNS server in the child hosting the child domain
Click to expand...
name. This is the glue that ties the child to the
parent.
Thank you,
Mike Johnston
Microsoft Network Support
Click to expand...
confers no rights. Use of included script samples are
subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
Click to expand...
responses to this message are best directed to the
newsgroup/thread from which they originated.
 
I read through the Q255248 article. I understand
everything that it mentions. Like I said I inherianted
this structure from another consultant. Is there a way to
verify if these steps were followed? What is weird about
looking at the DNS structure is I have two places where
the Test zone appears. One is in within the server name\
forward lookup zones\acme.com\test and the other is in the
root of the server forward lookup zones\Test? The latter
does not have any _MSDCS, _Sites, _TCP, _UDP, but the
first one mentioned above does?? Now the Q artcile
mentions creating the delegation first, then installing
DNS, and then creating the child zone, and so on. In
theory -- If created the child zone, and set it for Allow
dynamic updates, and then DCPromo'ed the child domain
server, what changes take affect within DNS? With DNS
replicating, what would the parent domains Dns look like?
I would assume that it would look like this:

Server1
Forward Lookup Zones
Acme.com
_msdcs
_sites
_tcp
_udp
test
_msdcs
_sites
_tcp
_udp

Is this correct?? I have the above presently, but I also
have another Test zone at the hierarchy level of Acme.com
that does not have any _MsDcs, ....? Shown below. The
Separate Test zone is set to Active directory integrated.

Server1
Forward Lookup Zones
Acme.com
_msdcs
_sites
_tcp
_udp
test
_msdcs
_sites
_tcp
_udp
Test

I am confused??
 
In
Craig Boyer said:
I read through the Q255248 article. I understand
everything that it mentions. Like I said I inherianted
this structure from another consultant. Is there a way to
verify if these steps were followed? What is weird about
looking at the DNS structure is I have two places where
the Test zone appears. One is in within the server name\
forward lookup zones\acme.com\test and the other is in the
root of the server forward lookup zones\Test? The latter
does not have any _MSDCS, _Sites, _TCP, _UDP, but the
first one mentioned above does?? Now the Q artcile
mentions creating the delegation first, then installing
DNS, and then creating the child zone, and so on. In
theory -- If created the child zone, and set it for Allow
dynamic updates, and then DCPromo'ed the child domain
server, what changes take affect within DNS? With DNS
replicating, what would the parent domains Dns look like?
I would assume that it would look like this:

Server1
Forward Lookup Zones
Acme.com
_msdcs
_sites
_tcp
_udp
test
_msdcs
_sites
_tcp
_udp

Is this correct?? I have the above presently, but I also
have another Test zone at the hierarchy level of Acme.com
that does not have any _MsDcs, ....? Shown below. The
Separate Test zone is set to Active directory integrated.
Click to expand...

You should delete the zone named "test" in your second example it is not a
legal DNS zone. That is why it does not have the AD sub folders in it.

You can leave the Acme.com zone as is with the sub domain test it will work,
but does not allow for you to delegate the child zone to the DC in the Child
domain.

To use delegations do the following:

You can also delete the child domain in acme.com for test and create a
delegation named test then point the delegation to the FQDN of the child DNS
server(s) "server.test.acme.com" then the child DNS needs a zone named
"test.acme.com"

You can also point the delegation to this server like"server.acme.com" but
then this server must have a zone named "test.acme.com"
If you do this you can make the zone AD integrated, then you have to set the
security on this zone to give child DCs and Domain computers permission to
create and delete child objects.

You can also create a zone named "acme.com" on the child DNS server make it
AD integrated and set the security on the zone to allow parent DCs and
Domain computers permission to create and delete child objects. Make sure
you create the test delegation as previosly noted.

Now, both DNS servers will have AD zones named "acme.com" with delegations
named "test", and AD zones named "test.acme.com" then you point all machines
to both of these DCs for DNS.

I have personally tested and use the hierarchy. I hope I have explained it
well.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
http://www.lonestaramerica.com/
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
--
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
Back
Top