DNS Zones

  • Thread starter Thread starter Allison
  • Start date Start date
A

Allison

Inside of my organization, I have 3 Windows 2000 Domain Controllers that are
running DNS and Active Directory. We recently installed 2 new non-Windows
DNS servers to be the authority for a new zone called 'company.com' for our
company intranet and other web related functions. My client workstations
only have the Windows 2000 DNS servers listed, and I do not won't to go to
each client computer and add the other 2 DNS servers. What is the best way
to allow my clients to resolve 'company.com'?

1. On my 2000 boxes, should I create an Active Directory-integrated zone or
a standard primary zone?

2. Once the zone is created on my 2000 boxes, do I need to delegate the zone
to the new DNS servers?

Any help we be great.

Thanks
 
-----Original Message-----
Inside of my organization, I have 3 Windows 2000 Domain Controllers that are
running DNS and Active Directory. We recently installed 2 new non-Windows
DNS servers to be the authority for a new zone called 'company.com' for our
company intranet and other web related functions. My client workstations
only have the Windows 2000 DNS servers listed, and I do not won't to go to
each client computer and add the other 2 DNS servers. What is the best way
to allow my clients to resolve 'company.com'?

1. On my 2000 boxes, should I create an Active Directory- integrated zone or
a standard primary zone?

2. Once the zone is created on my 2000 boxes, do I need to delegate the zone
to the new DNS servers?

Any help we be great.

Thanks


non windows 2000AD DNS servers cannot communicate or
Click to expand...
function with windows 2000AD DNS servers.
 
Inside of my organization, I have 3 Windows 2000 Domain Controllers that are
running DNS and Active Directory. We recently installed 2 new non-Windows
DNS servers to be the authority for a new zone called 'company.com' for our
company intranet and other web related functions. My client workstations
only have the Windows 2000 DNS servers listed, and I do not won't to go to
each client computer and add the other 2 DNS servers. What is the best way
to allow my clients to resolve 'company.com'?

1. On my 2000 boxes, should I create an Active Directory-integrated zone or
a standard primary zone?
Click to expand...

Standard secondary would be more appropriate. Make them secondary to
whichever of the new DNS servers is primary.
2. Once the zone is created on my 2000 boxes, do I need to delegate the zone
to the new DNS servers?
Click to expand...

No. They aren't the authoritative servers.

Jeff
 
I'm kind of confused about some of the answers I have gotten. P. Brennan
says I can't do this, but you say I can by using secondary zones. Remember,
I want to be able to resolve the new domain (company.com). My clients need
to go to the 2000 boxes first and if it is a request for a resource on
'company.com', then my Windows DNS servers need to pass on the request to
the authoratitive DNS servers for 'company.com'. Can this be done?

Thanks
 
In
non windows 2000AD DNS servers cannot communicate or
function with windows 2000AD DNS servers.
Click to expand...

I'm sorry, but that's not accurate at all.

Any DNS can perform zone transfers to any other DNS server as per the RFCs,
whether AD integrated zones or not.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Allison said:
I'm kind of confused about some of the answers I have gotten. P.
Brennan says I can't do this, but you say I can by using secondary
zones. Remember, I want to be able to resolve the new domain
(company.com). My clients need to go to the 2000 boxes first and if
it is a request for a resource on 'company.com', then my Windows DNS
servers need to pass on the request to the authoratitive DNS servers
for 'company.com'. Can this be done?

Thanks
Click to expand...


Allison, go with Jeff's response.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hello Allison,

Thank you for your posts.

I would like to provide my suggestions for your reference.

1. If the existing Windows DNS zones are not named "company.com", we can
try the following two methods:

1.1) On the existing Windows DNS server, create a forwarder for the
non-Windows DNS servers.
1.2) Create a secondary DNS zone and copy data from the non-Windows DNS
servers.

Both methods should work.

2. Since the primary zone is located on non-Windows DNS servers, we cannot
make this new zone an Active Directory-integrated zone.

3. We do not need to create a delegation in this scenario.

Please feel free to let me know if anything is unclear or if you need more
information. Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Allison" <[email protected]>
|References: <[email protected]>
<[email protected]>
|Subject: Re: DNS Zones
|Date: Tue, 25 Nov 2003 16:43:41 -0600
|Lines: 43
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.dns
|NNTP-Posting-Host: 216.166.25.12
|Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA0
5.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.dns:30560
|X-Tomcat-NG: microsoft.public.win2000.dns
|
|I'm kind of confused about some of the answers I have gotten. P. Brennan
|says I can't do this, but you say I can by using secondary zones.
Remember,
|I want to be able to resolve the new domain (company.com). My clients need
|to go to the 2000 boxes first and if it is a request for a resource on
|'company.com', then my Windows DNS servers need to pass on the request to
|the authoratitive DNS servers for 'company.com'. Can this be done?
|
|Thanks
|
|
||>
|> >Inside of my organization, I have 3 Windows 2000 Domain Controllers that
|are
|> >running DNS and Active Directory. We recently installed 2 new
|non-Windows
|> >DNS servers to be the authority for a new zone called 'company.com' for
|our
|> >company intranet and other web related functions. My client
workstations
|> >only have the Windows 2000 DNS servers listed, and I do not won't to go
|to
|> >each client computer and add the other 2 DNS servers. What is the best
|way
|> >to allow my clients to resolve 'company.com'?
|> >
|> >1. On my 2000 boxes, should I create an Active Directory-integrated zone
|or
|> >a standard primary zone?
|>
|> Standard secondary would be more appropriate. Make them secondary to
|> whichever of the new DNS servers is primary.
|>
|> >2. Once the zone is created on my 2000 boxes, do I need to delegate the
|zone
|> >to the new DNS servers?
|>
|> No. They aren't the authoritative servers.
|>
|> Jeff
|
|
|
 
I'm kind of confused about some of the answers I have gotten. P. Brennan
says I can't do this, but you say I can by using secondary zones. Remember,
I want to be able to resolve the new domain (company.com). My clients need
to go to the 2000 boxes first and if it is a request for a resource on
'company.com', then my Windows DNS servers need to pass on the request to
the authoratitive DNS servers for 'company.com'. Can this be done?
Click to expand...

Sure. If you absolutely have to pass the request on, and there's no
technical reason you have to, configure your Windows systems to use
the others as forwarders. But the proper, normal, and as-designed
method is to use the Windows systems as secondaries to the new servers
for the new zone.

Jeff
 
non windows 2000AD DNS servers cannot communicate or
function with windows 2000AD DNS servers.
Click to expand...

Shhh! My non-Windows 2000 AD servers might hear you and stop
communicating with my Windows 2000 AD servers. :)

Your response is too generic to qualify, but there's no reason a W2K
DNS with an AD zone can't also serve as DNS for standard primary or
secondary zones and communicate with just about any DNS. Plus, the
proper software versions allow AD DNS zones to communicate as well.

Which is irrelevant to the OP's question, since the new zone isn't an
AD one anyway, and never will be, nor need to be.

Jeff
 
A> What is the best way to allow my clients to resolve 'company.com'?

A stub zone. Another, less preferable, way is a conditional forwarding rule.

A> 1. On my 2000 boxes, should I create an Active Directory-integrated
A> zone or a standard primary zone?

No.

A> 2. Once the zone is created on my 2000 boxes, do I need to
A> delegate the zone to the new DNS servers?

No.
 
Back
Top