DNS for various internal domains

  • Thread starter Thread starter -->AP
  • Start date Start date
A

-->AP

All 5 domains are Windows 2003 AD.

We have several domains internally - 1 main one and 4-5 Developer / Testing
based domains. They are all in separate Forests and most of them have no
trusts at all with one another.

The goal is to at least have address resolution to occur regardless of the
destination host from whatever domain. How do I ensure that DNS resolution
occurs regardless of what machines I am on - I am thinking (1) configure the
FORWARDERS of the various domains/DNS to point to other domain/DNS. Would
this be good or should I do it another way? I do not want to do Secondary
zones as much as possible or create new trusts.

What are some tricks or configurations I can do here?
 
-->AP said:
All 5 domains are Windows 2003 AD.

We have several domains internally - 1 main one and 4-5 Developer /
Testing
based domains. They are all in separate Forests and most of them have no
trusts at all with one another.

The goal is to at least have address resolution to occur regardless of the
destination host from whatever domain. How do I ensure that DNS
resolution
occurs regardless of what machines I am on - I am thinking (1) configure
the
FORWARDERS of the various domains/DNS to point to other domain/DNS. Would
this be good or should I do it another way? I do not want to do Secondary
zones as much as possible or create new trusts.

What are some tricks or configurations I can do here?
Click to expand...

Hello AP,

This totally depends on the dns domain-names you are useing, and if
there are firewalls in between some of the domains.

If you have names like company.com for production, and dev1.company.com
to dev5.company.com you can configure the dev-domains to forward to
company.com, and create delegations there to dev1 to dev5.

If you have separate names and the dev-domains are in the same site
than the production, I'd still forward all dev domains to the
production. Then the dev-domains are able to resolve production names,
and the internet since I assume that's configured in the production
domain properly.

If you need the production computers being able to resolve the
dev-domains you can either configure conditional forwarders
(recommended if you run firewalls - you are able to restrict specific
DNS-Servers to point to), or you could create stubzones (which just
hold the informations for the name servers dynamically) on the
prod-server for the dev-domains. Secondaries will be an option as well,
but they load the whole content what you don't like (and I wouldn't
like it either).

Afterwards everything should be able to resolve everything else, e.g.
if a client in dev1 askes for a name in dev2, the dns-server of dev1
would forward the request to production, which will conditional forward
to dev2 (or return informations which name server takes care of dev2).

Trusts are not necessary and do not have to do anything with DNS
Nameresolution.

--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
 
Ulf B. Simon-Weidner [MVP] wrote:

(...)


I will jump in ths thread with my 2 gr (gr is the sam as cent) - Ulf
described solution pretty well. I was only thinkning that in this
conditions where You have 5 windows 2003 domains You can use conditional
forwarding and it will be working just fine
 
Back
Top