Help - Config of forwarders

[who]

take this example

abc.com
is hosted externally on a Unix DNS server.

If I add an AD Forrest and call the 1st AD Domain
Manufacturing.abc.com

and a child domain called Brentwood.manufacturing.abc.com
and host these on W2k ad integrated DNS servers, would I be correct in
saying I would have my W2K server as authoritative for
manufacturing.abc.com and point my forwarders from it to the Unix DNS server
?

does that mean that any DNS resolution for names outside of the company will
go from the manufacturing.abc.com dns server on to the Unix DNS server for
the abc.com domain and be resolved.

If I did that would say another user on the internet be able to resolve
names in manufacturing.abc.com ?


many thanks
Paul

 

[Herb Martin]

take this example

abc.com
is hosted externally on a Unix DNS server.

Actually "forwarders" have (almost) nothing to
do with your own Zones.

There are two major purposes to a DNS server -
1) Resolve names of YOUR resources
2) Help you clients resolve all names

These two purposes should be considered separately.
Forwarders are almost totally related to the latter.

If I add an AD Forrest and call the 1st AD Domain
Manufacturing.abc.com

and a child domain called Brentwood.manufacturing.abc.com
and host these on W2k ad integrated DNS servers, would I be correct in
saying I would have my W2K server as authoritative for
manufacturing.abc.com and point my forwarders from it to the Unix DNS

server

That is ONE way to do it. The point of forwarders is to
help your DNS server resolve names they cannot (or should
not) resolve for themselves.

The other choice is to use root hints to point your DNS
server(s) to a "common root" (a common zone from which
all others can be found by recursing through the delegations.)

does that mean that any DNS resolution for names outside of the company will
go from the manufacturing.abc.com dns server on to the Unix DNS server for
the abc.com domain and be resolved.

Yes. Any zone not held by the first server should use the
forwarder.

If I did that would say another user on the internet be able to resolve
names in manufacturing.abc.com ?

Completely different issue.

For that to work (we are talking now about the "first major
purpose" of a DNS server) the PARENT DNS server must
delegate to your authoritative DNS servers -- and they must
be reachable on the net.

Also consider that you probably should not be mixing
internal and external resolution (for others).

 

[who]

Many thanks Herb,

To ask a further point then:-

For that to work (we are talking now about the "first major
purpose" of a DNS server) the PARENT DNS server must
delegate to your authoritative DNS servers -- and they must
be reachable on the net.

"Delegate to" means to tell the Parent DNS that the domain name
manufacturing.abc.com exists and has a DNS server with IP address of
xx.xx.xx.xx ?


Paul

 

[Herb Martin]

For that to work (we are talking now about the "first major

"Delegate to" means to tell the Parent DNS that the domain name
manufacturing.abc.com exists and has a DNS server with IP address of
xx.xx.xx.xx ?

Yes, and technically it is done by adding the "child" (delegated) domain
name to the parent as an NS record with the name of the domain and
the name of the DNS server.

(If not already present elsewhere an A-host record for that NS record
server name must also be added.)

These are technically called "delegation records" but a common,
very nearly technical term is also "Glue records" because they
glue the DNS namespace together from top (root) to bottom.


--
Herb Martin

Many thanks Herb,

To ask a further point then:-



Paul

 

[who]

Thanks Herb,

I really have trouble learning things without understanding the nitty
gritty, for example If I read in a book "Delegate the child domain"
it doesn't sink in unless there is an explanation like your that follows.

But

If I read in the same book "Delegate the child domain",
*quoting you*
by adding the "child" (delegated) domain
name to the parent as an NS record with the name of the domain and
the name of the DNS server..
(If not already present elsewhere an A-host record for that NS record
server name must also be added.)

Then it makes sense to me, maybe I'm a bit odd ?

Paul

"Delegate to" means to tell the Parent DNS that the domain name
manufacturing.abc.com exists and has a DNS server with IP address of
xx.xx.xx.xx ?

Yes, and technically it is done by adding the "child" (delegated) domain
name to the parent as an NS record with the name of the domain and
the name of the DNS server.

(If not already present elsewhere an A-host record for that NS record
server name must also be added.)

These are technically called "delegation records" but a common,
very nearly technical term is also "Glue records" because they
glue the DNS namespace together from top (root) to bottom.

 

[Herb Martin]

Thanks Herb,

I really have trouble learning things without understanding the nitty
gritty, for example If I read in a book "Delegate the child domain"
it doesn't sink in unless there is an explanation like your that follows.

It's a problem you should work on -- in fact I dislike the
books that waste space with tons of gratuitous screen shots,
instead of a few for those places where we really need to see
the detail or for occasional context.

The key to getting past this limitation is to get in the habit of
using the product when reading a GOOD book on it and to
use the built-in help which today is better than most any book
you can purchase.

 

[who]

No - no screen shots required - just an explanation like yours.

 

[Herb Martin]

You're welcome -- keep learning.

--
Herb Martin

No - no screen shots required - just an explanation like yours.