DNS issue

[Arxitektwn]

Hello all!



I am implementing a new win2k infrastructure in my company. The network
will have one parent domain and several child domains. The parent domain
will be the schema master and it will contain the dns forwarder to ISP. At
the moment I am using to offline servers, one is the parent domain and one
child domain. Both are using the same subnet number. I did a config that it
seems that works, but I would like to have your advice.



*Create the forward lookup zone to the parent dsn.

*Create a delegation for the child domain, on the parent dns.

*Create the forward lookup zone on the child.



Then I wanted to install exchange on the child domain. So I run forestprep
at the parent (delegate permission on domain admin group). But when I tried
to install exchange to the child it didn't let met (I was using an account
with domain admin permissions) - I was getting an error : that it can't
reach the parent domain.



But when I install a "forwarder" to the child pointing to the parent, it
worked.



I am bit lost with what exactly the delegation to the child domain does. I
though by creating that delegation the child will be able to reach the
parent. But on the contrary I had to put a forwarder.



Is that config the best that I can have? Or there is another way without
using a forwarder?



And what about the reverse lookup zone? I create it in the parent (ie
10.53.0.0/19), but I don't realy know what I have to do on the child, since
they are both on the same subnet. Do I have create a delegation on the
parent for that?



And one last thing, how the forwarder actually works? First resolves
internally and if no match sent it through the forwarder?



Any help, will be really appreciated.



Thank you


M.

 

[TIM ROBERTS]

Check these Items,

On the parent Domain
How many DNS Server do you have? If one make sure it points to itsself for
dns on the TCPIP Properties of the NIC, If you have then lets cross them, if
mor than two pick one DC and then point them all to that DC for DNS and list
there selves as alternate.
Deligations
Make sure you have one for ech child domain, check the records

At the Child Domain
Make sure you have a forwarder pointing back to the Parent domain
Same rule above about DNS applie here as well
Do a NSLookup on the child DOMAIN for the parent, do you get all the records
for you domain.

On both Parent and Child, do a netdiag /fix and then a netdiag /v /l attache
them here so we can view them.

Installing a "forwarder" to the child pointing to the parent" If this was
done on the Child domain, this correct, if you set a forwarder on the Parent
to the child then is wrong and you will get a loop condition

You have to have a forwarder set on the child to the parent, with out this
it will not be able to contact the DC in the parent for the Global Cat or
the DNS GUID that is required.
Forwaders work this way, If I qry microsoft.com and I don't have a zone for
it, or its not in cache and I have forwaders set to the Parent domain. Then
it looks in cache, then for a zone then looks, dosn't find what its looking
for, it forwarders to the parent. Then the same process goes on there

 

[Roger Abell]

comments inlined . . .

Hello all!



I am implementing a new win2k infrastructure in my company. The network
will have one parent domain and several child domains. The parent domain
will be the schema master and it will contain the dns forwarder to ISP. At
the moment I am using to offline servers, one is the parent domain and one
child domain. Both are using the same subnet number. I did a config that it
seems that works, but I would like to have your advice.

so it is w2k and not w2k3 - this limits your DNS options

*Create the forward lookup zone to the parent dsn.

*Create a delegation for the child domain, on the parent dns.

*Create the forward lookup zone on the child.

could be either of the three
considerations about which you gave no info are
things like site/geopraphic distribution

Then I wanted to install exchange on the child domain. So I run forestprep
at the parent (delegate permission on domain admin group). But when I tried
to install exchange to the child it didn't let met (I was using an account
with domain admin permissions) - I was getting an error : that it can't
reach the parent domain.

so the child domain (or controller where doing this) was not using
the correct DNS server, or rather, the one it was using did not have
access to the zones

But when I install a "forwarder" to the child pointing to the parent, it
worked.

which gave it access to the zones that were on the parent DNS

I am bit lost with what exactly the delegation to the child domain does. I
though by creating that delegation the child will be able to reach the
parent. But on the contrary I had to put a forwarder.

a delegation from parent says that the delegated-to will be
hosting the zone that is delegated.

Is that config the best that I can have? Or there is another way without
using a forwarder?

you mentioned the main three ways earlier

And what about the reverse lookup zone? I create it in the parent (ie
10.53.0.0/19), but I don't realy know what I have to do on the child, since
they are both on the same subnet. Do I have create a delegation on the
parent for that?

first you need to figure out where you will hold the zones
for AD in general. If you have no connectivity issues, slow
links, geo distribution, etc. then the most simple is to just
let the DCs of the forest root (parent) host all DNS and then
point alll machines of all domains at those DCs for DNS.