DNS replication

  • Thread starter Thread starter Simon
  • Start date Start date
S

Simon

Hi all!

I have two AD domains both using different DNS namespaces
seperated by a firewall and on different subnets (site A
and site B). Some systems from site A require the
resolving of names from site B which are often changing.

My question is, what is the easiest way to allow systems
on site A to resolve machine names on site B. Is it best
to make a new name space on site A which matches site B's
and make it a secondary name server?

I am currently using host files (don't laugh!).

All servers are running Win2k SP4.

Many thanks,
 
I have two AD domains both using different DNS namespaces
seperated by a firewall and on different subnets (site A
and site B). Some systems from site A require the
resolving of names from site B which are often changing.
Click to expand...

What specifically do you mean by "namespace"? The general
definition references all names that can be found by searching that
"namespace" -- as opposed to those which cannot.

Since DNS typically searches from the ROOT down, this implies
two separate Root with consequently separate DNS trees or
in other words a separate hierarchy.

You might have two actual disjoint roots or you might just
have disjoint zones or branches of zones but in any case they
don't share a common root.
My question is, what is the easiest way to allow systems
on site A to resolve machine names on site B. Is it best
to make a new name space on site A which matches site B's
and make it a secondary name server?
Click to expand...

If you have no or only one root, then arrange to delegate both
trees from this same root.

If you have disjoint root namespaces (each is a full DNS hierarchy
on it's own) then you have a bigger problem.

Simplest answer is to hold secondaries (or stubs if you use BIND)
on ALL DNS servers for (each) opposite zone.

Namespace A servers hold a Secondary for EVERY zone in
namespace B.
Namespace B servers hold a Secondary for EVERY zone in
namespace A.
This works, it is not efficient of your time.

You cannot forward (as a general solution) without dealing with
the problem of "infinite loops" since each points at the other,
and the more immediate issue of the forwarder returning NXDomain.
I am currently using host files (don't laugh!).
Click to expand...

You do what you must. If it is a small enough problem that hosts
files help, then likely the "all hold Secondaries" is preferable.
 
In
posted their thoughts said:
Hi all!

I have two AD domains both using different DNS namespaces
seperated by a firewall and on different subnets (site A
and site B). Some systems from site A require the
resolving of names from site B which are often changing.

My question is, what is the easiest way to allow systems
on site A to resolve machine names on site B. Is it best
to make a new name space on site A which matches site B's
and make it a secondary name server?

I am currently using host files (don't laugh!).

All servers are running Win2k SP4.

Many thanks,
Click to expand...

Are the domains in different forests or the same forest?

It sounds like, without the 30 ports allowed to pass domain traffic thru the
firewall to allow AD replication/communication, that they are in two
different forests, unless of course, you have a VPN between the locations.

Use of HOSTS files also kind of tells me that they are not in the same
forest and just using them to access each other by their FQDNs.

If you put in a DC that belongs to the other domain, that's fine, but you'll
be better off using a VPN between the locations. If you do decide for a DC
over there that's part of the other domain, HOSTS files ain't going to work
due to the SRV requirements. So make sure that whatever DNS server it's
using has a copy of the zone info from the other doman.

Either way you go, it's easier to use DNS if you ask me. Just have a
secondary copy of the zone in A on B and vice-versa. HOSTS files are a PITA
(pain in the a__) and slow down your machines the larger they get.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thanks for the replys.

The domains are two different roots and do not require an
AD info other than name resolution. This only needs to
work one way (from A ---> B)

Since my post I have tried setting up a secondary name
server for site B on site A's DNS server. This worked
fine but fails to pull updated and remove stale records.

Basically the servers I am trying to connect to are web
servers which run VNC. When we only had a small number of
servers we used to type in the IP address into VNC but
over time as we have installed more servers we have found
it easier to use the host names, simple as that.

Once again, thanks for your time.

Simon
 
If it fails to pull updated records - did you try to
check "Notify when changes occur" on the primary zone ?
 
Back
Top