DNS and Subnetting

  • Thread starter Thread starter SD
  • Start date Start date
S

SD

My environment consists of one domain company.local but I broke it down into
2 VLANS/subnets where CUsers are on the 192.168.0.x and DUsers are on
192.168.90.x. The 2 domain controllers for company .local are on the
192.168.0.x subnet.

I am running DNS on both Domain Controllers. The only DNS Zones I have are
for the 192.168.0..x subnet. Do I need to create a Forward and/or Reverse
DNS Zone for the .90.x subnet? If so how as it is part of the company.local
domain?

Thanks - SD
 
You create a reverse lookup zone for both 192.168.0 and 192.168.90

No, they are not "part" of company.local, because company.local is a foward
lookup zone

HTH
 
SD said:
My environment consists of one domain company.local but I broke it down into
2 VLANS/subnets where CUsers are on the 192.168.0.x and DUsers are on
192.168.90.x. The 2 domain controllers for company .local are on the
192.168.0.x subnet.

I am running DNS on both Domain Controllers. The only DNS Zones I have are
for the 192.168.0..x subnet. Do I need to create a Forward and/or Reverse
DNS Zone for the .90.x subnet? If so how as it is part of the company.local
domain?
Click to expand...

Subnets would normally be reverse zones. Zones which map ADDRESSES
back to Names.

They are of course totally unrelated to forward zones. The normal
zones which map names to addresses.

Forward zones are always critical (especially to AD); reverse zones
may be optional except for special cases or admin convenience.
Thanks - SD
Click to expand...

There is NO RELATIONSHIP between forward and reverse zones in DNS;
the apparent relationship is strictly in the minds of (us as) admins.
 
The forward lookup zone for the .90 subnet will enable computers in the .0
subnet to resolve their names. You don't say whether the VLANs can route to
each other or not, but I'm assuming they can since you didn't mention
multi-homed domain controllers. If you need connectivity by name across the
routed connection, you absolutely need a forward lookup zone. If you're
going to create one, might as well create a reverse zone, too. It makes it a
lot easier to find out which computers a spewing unwanted traffic onto your
network if you can quickly cross-ref the ip address to a name. At the risk
of sounding like heretic, if you are routed and you don't have anything but
workstations on the .90 subnet, your network will probably do just fine with
no DNS zones. But if you plan on adding any shared resources, you'll need
it. Might as well do it right from the start, it's just a few mouse clicks
anyway.

....kurt
 
Back
Top