Fix Child Domain DNS prior to adding 2003 DCs

  • Thread starter Thread starter gbruntzel
  • Start date Start date
G

gbruntzel

I inherited a 2000 forest (mixed mode) with DNS that's a bit wierd.
I'm preparing for forestprep and domainprep but want to make sure DNS
is correct before proceeding.

Let me first state that DNS for child domains was NOT setup/delegated
as per MS KBA 255248.
http://support.microsoft.com/kb/255248/en-us

I have the root domain mydomain.com DC is Server-4, 192.168.1.4
(TCP/IP DNS to itself)

Two child domains
child2.mydomain.com DC is Server-2 192.168.1.2 (TCP/IP DNS
to 192.168.1.4)
child3.mydomain.com DC is Server-3 192.168.1.3 (TCP/IP DNS
to 192.168.1.4)

They all have DNS Servers running.
Server-4 SOA for mydomain.com AD-Integrated, forwarders point to
internet
Additional name servers listed are Server-2 and Server-3.

Server-2 holds same forward zone (mydomain.com) AD-Int, and shows
itself as SOA
(child2.server-2.mydomain.com) with Servers 3 & 4 listed as additional
name servers, forwarders are setup to Server-4

Server-3 holds same forward zone (mydomain.com) Standard Primary and
shows itself as SOA
(child3.server-3.mydomain.com) with Servers 2 & 4 listed as additional
name servers, forwarders are setup to Server-4.

All workstations in ALL domains point to Server-4, 192.168.1.4 for name
resolution.

As you can imagine, opening DNS on Server-4 and viewing DNS on Servers
2 and 3 is a bit strange. Server-4 and Server-2 appear to contain the
same information. However Server-3 only knows about it's own child
domain and contains no information about the other child domain or the
parent domain. This was also the case when it was AD-Integrated. It
was just recently changed to Standard Primary.

Ideally, we need to get DNS straightened out across all domains. Can
we use the steps in MS KBA 255248 even though Servers 2 and 3 are
already DCs?

Should we just blow away the DNS servers on Server-2 and Server-3 since
their TCP/IP settings (on respective child domain DCs) already point to
Server-4 instead of themselves and all workstations are also pointing
to Server-4? I can't believe that DNS on Server-2 or Server-3 are
doing anything for us at all.

It sounds like conditional forwarding under 2003 will be the way to go,
but we need to get this untangled first. Any recommendations would be
greatly appreciated.

Thanks,
Greg
 
I inherited a 2000 forest (mixed mode) with DNS that's a bit wierd.
I'm preparing for forestprep and domainprep but want to make sure DNS
is correct before proceeding.
Click to expand...

Good, since this is generally required as you must have
full replication (and that means working DNS) before doing
the 'preps'.
Let me first state that DNS for child domains was NOT setup/delegated
as per MS KBA 255248.
http://support.microsoft.com/kb/255248/en-us
Click to expand...

Then fix that. (you really must)
I have the root domain mydomain.com DC is Server-4, 192.168.1.4
(TCP/IP DNS to itself)

Two child domains
child2.mydomain.com DC is Server-2 192.168.1.2 (TCP/IP DNS
to 192.168.1.4)
child3.mydomain.com DC is Server-3 192.168.1.3 (TCP/IP DNS
to 192.168.1.4)

They all have DNS Servers running.
Click to expand...

Then you must either delegate, make the root DNS secondary or stub
for children, or use conditional forwarding but the 'stub' and 'conditional'
choices only apply to WIn2003 so likely you just need to DELEGATE.
Server-4 SOA for mydomain.com AD-Integrated, forwarders point to
internet
Additional name servers listed are Server-2 and Server-3.

Server-2 holds same forward zone (mydomain.com) AD-Int, and shows
itself as SOA
(child2.server-2.mydomain.com) with Servers 3 & 4 listed as additional
name servers, forwarders are setup to Server-4

Server-3 holds same forward zone (mydomain.com) Standard Primary and
shows itself as SOA
(child3.server-3.mydomain.com) with Servers 2 & 4 listed as additional
name servers, forwarders are setup to Server-4.

All workstations in ALL domains point to Server-4, 192.168.1.4 for name
resolution.

As you can imagine, opening DNS on Server-4 and viewing DNS on Servers
2 and 3 is a bit strange. Server-4 and Server-2 appear to contain the
same information. However Server-3 only knows about it's own child
domain and contains no information about the other child domain or the
parent domain. This was also the case when it was AD-Integrated. It
was just recently changed to Standard Primary.

Ideally, we need to get DNS straightened out across all domains. Can
we use the steps in MS KBA 255248 even though Servers 2 and 3 are
already DCs?
Click to expand...

The key is to just do it right. Which means that from the root DNS
servers you must be able to find EVERYTHING in your forest (plus
everything outside such as on the Internet) and from each child DNS
server you must also be able to find the root at a minimum, along
with everything else the clients will ever need.

This means delegating (or something equivalent) from the root AND
setting up the client DNS servers to find the root (and either through
the root or separate find all the 'sister' domains and trees.)
Should we just blow away the DNS servers on Server-2 and Server-3 since
their TCP/IP settings (on respective child domain DCs) already point to
Server-4 instead of themselves and all workstations are also pointing
to Server-4? I can't believe that DNS on Server-2 or Server-3 are
doing anything for us at all.

It sounds like conditional forwarding under 2003 will be the way to go,
but we need to get this untangled first. Any recommendations would be
greatly appreciated.
Click to expand...


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks,
 
Back
Top