DNS with 2 domains

  • Thread starter Thread starter Andrew
  • Start date Start date
A

Andrew

Just joined 2 networks via vpn. One network has domain1.com, the new one
has domain2.com, we have dns setup so that domain1.com uses its own dns
servers for name resolution, so does domain2's. We would like some of
domain1's server be accessible by name from domain2 and vice versa. How can
I get domain1 to access a server on domain2 (I believe I can add a dns
record?), I can do this via a hosts file on a client, but would rather
manage it from a central location.
 
In
Andrew said:
Just joined 2 networks via vpn. One network has
domain1.com, the new one has domain2.com, we have dns
setup so that domain1.com uses its own dns servers for
name resolution, so does domain2's. We would like some
of domain1's server be accessible by name from domain2
and vice versa. How can I get domain1 to access a server
on domain2 (I believe I can add a dns record?), I can do
this via a hosts file on a client, but would rather
manage it from a central location.
Click to expand...

Not by just adding a record. You need to add a zone. On each primary, allow
zone transfers to the other DNS server IP. Then, create a secondary zone for
the other domain on each DNS server.
Then you can set up trust between these two domains so you can share
resources to the other domain's users through explicit permissions.
 
In
ade said:
Thankyou,

What if the zones are AD integrated kevin, should they be
changed to primary?
Click to expand...

No, but you will notice events logged due to the continual incremental zone
transfers. This is due to the dynamic registrations and not the type of
zone. You should ignore these events and be glad you are getting them to
remind you that dynamic registration is working.
 
Kevin,

Just got the below working a treat with zone transfers, thankyou. How can I
go about having machines from one domain actually resolving the names in the
other domain though? The macines from one domain seem to only resolve names
from their own domain.

I have got the clients pointing towards their own dc only, but the dc has
both dns zones running? I'm a little comfused?

Thanks
 
In
ade said:
Kevin,

Just got the below working a treat with zone transfers,
thankyou. How can I go about having machines from one
domain actually resolving the names in the other domain
though? The macines from one domain seem to only resolve
names from their own domain.

I have got the clients pointing towards their own dc
only, but the dc has both dns zones running? I'm a
little comfused?
Click to expand...

If you created a secondary for the other domain's zone on each DNS they can,
if you have the correct DNS address in the clients. The clients must use
their own local DNS server for the domain, only.
If you want the machines from each domain to resolve the other machines by
host name only, instead of FQDN you will have to add the other domain to the
DNS suffix search list or use WINS.
There are two ways to add the DNS suffix search list, one is manually add it
to each machine, the other is add the other domain to the connection DNS
suffix through DHCP option 015 or by manually adding it to the DNS tab on
Win2k and later in the field DNS suffix for this connection. The DNS client
automatically adds both the Primary and Connection specific DNS suffixes to
the DNS suffix search list. The latter can be a problem if you have legacy
clients being registered in DNS by DHCP, which uses option 015 for DNS
registration.
 
Thanks again Kevin,

When I ping a host in the other domain, it comes nack with unkown host. Is
there a way to add a dns suffix en mass? If I modify the dns suffixes, can
this cause any issues? I'd ideally like all clients using one dns server
that can contact both domains to resolve names as we are practicing a domain
migration.

Thanks again for your help
 
In
ade said:
Thanks again Kevin,

When I ping a host in the other domain, it comes nack
with unkown host. Is there a way to add a dns suffix en
mass? If I modify the dns suffixes, can this cause any
issues? I'd ideally like all clients using one dns
server that can contact both domains to resolve names as
we are practicing a domain migration.
Click to expand...

DHCP has no option for adding the DNS suffix search list, it can only add a
connection specific DNS suffix with option 015, which will add the DNS
suffix search. I would *not* recommend this because this will cause your
local DDNS clients will use this suffix to register in the other domain.

You can create a script to add the DNS suffix search list.
How to Configure a Domain Suffix Search List on the Domain Name System
Clients:
http://support.microsoft.com/default.aspx?scid=kb;en-us;275553

Win2k3 added this in a GPO, but the GPO only works on WinXP & Win2k3
clients.
New Group Policies for DNS in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294785
 
Thanks again Kevin, so, you would leave Option 15 in dhcp blank, and just
use the script?

Which domain would you set to be the first in suffix list, the one they are
a memeber of? the one they are to be migrated to? or change the suffix once
migrated?

Sorry to rattle on a bit, i just want to know all the facts and get things
right.

Thanks in advance.
 
In
ade said:
Thanks again Kevin, so, you would leave Option 15 in dhcp
blank, and just use the script?

Which domain would you set to be the first in suffix
list, the one they are a memeber of? the one they are to
be migrated to? or change the suffix once migrated?
Click to expand...


I would set the local suffix first, but IMO, I don't think it makes that
much difference.
Is this going to be a migration?
Or are you just setting up a trust between these domains?
 
Both really,

I would ike to test all name resolution before any objects are migrated so
will establish a trust first. I've just built 2 test domains to try all the
ideas/suggestions I read here on first, and name resolution is one part I
really really want to get my head around and get right.

Thanks again for your help.
 
Back
Top