DNS between forests and Firewalls

  • Thread starter Thread starter Joseph C.
  • Start date Start date
J

Joseph C.

We are attempting to create 2 AD forests. There will be
one DC/DNS in the DMZ and one DC/DNS for the internal
forest. What would be the proper procedure to setup DNS
so that resolution will take place between the forests?
What factors should I be aware of on a firewall level.

Thank you in advance.
 
Joseph C. said:
We are attempting to create 2 AD forests. There will be
one DC/DNS in the DMZ and one DC/DNS for the internal
forest. What would be the proper procedure to setup DNS
so that resolution will take place between the forests?
What factors should I be aware of on a firewall level.
Click to expand...

Unless you are going to use "external trusts" (or Win2003 'forest' trusts)
then forests are pretty irrelevant to DNS.

DNS is a pure name resolution issue AND perhaps a Domain setup
issue, with some correlation in a single forest due to the hierarchy of
trees.

Why will you have multiple forests? Why will you have a DC in the
DMZ area?

What will you Name structure look like? And which machines need to
resolve which (other) machines?

Will you be using public DNS names (and thus "shadow DNS" for either
or both forests/domains?

It's a lot more complicated than we can guess from your question BUT
it is very SIMPLE to setup if we know the precise requirements.
 
Back
Top