secondary DNS updating

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How can I stop a secondary DNS zone from updating. I would like to create a
secondary DNS zone so all the SRV records are pulled over to the remote DNS
server. But since I am using NAT, I would like to delete all the A records
and add only the ones that need to be added (ie Servers) and add them with
the outside address. Is there a way to make sure the secondary DNS zone is
not updated at ALL?

Thanks
Dev
 
DevGD said:
How can I stop a secondary DNS zone from updating. I would like to create a
secondary DNS zone so all the SRV records are pulled over to the remote DNS
server.
Click to expand...

Make it a Primary.

That answers your question, but I am not
sure if it will accomplish your real goal.
But since I am using NAT, I would like to delete all the A records
and add only the ones that need to be added (ie Servers) and add them with
the outside address. Is there a way to make sure the secondary DNS zone is
not updated at ALL?
Click to expand...

It's not a secondary unless it does zone transfer
from a master -- Primaries don't do that so you
can use a secondary to "prime" a (shadow) zone
initially and then make it a Primary to break the
replication.
 
As Herb mentions, this really isn't a secondary. Usually, in cases like
these, a different server is used for external zones and the A records are
added manually with the external addresses. They can have the same DNS
Domain names but never be aware of one another.
 
Since I need the SRVs to help with establishing a trust. Can I create a
secondary zone on the DNS server in the remote domain. Then convert it to a
primary with SOA being the DNS server of the remote domain so there are no
updates from my domain? Once that is done, I can remove all the IP addresses
and re-populate with the correct IPs?

Thanks
Dev
 
DevGD said:
Since I need the SRVs to help with establishing a trust. Can I create a
secondary zone on the DNS server in the remote domain. Then convert it to a
primary with SOA being the DNS server of the remote domain so there are no
updates from my domain? Once that is done, I can remove all the IP addresses
and re-populate with the correct IPs?
Click to expand...

Yes, you CAN.

If may not do what you (really) wish to accomplish
but the principle is valid.

I frequently setup new AD domains this way, by
initially basing them on the CURRENT DNS that
was in use before AD was (to be) installed.
 
Thank Herb..

My main problem is I am trying to trust two different domains in two
different forests. I am going through a firewall that is NATing one side.
When I try and create the trust it can not find the domain, yet I can ping
the remote DCs and I can do a NET SEND to the domain with success. So if you
have any ideas on what I can try, I would greatly appreciate it.

Thanks
Dev
 
DevGD said:
Thank Herb..

My main problem is I am trying to trust two different domains in two
different forests.
Click to expand...

That has nothing to do with such DNS schemes.
(really)

Trusts between domains from different forests actually
require NetBIOS name resolution which pratically means
that you need WINS Server(s) if you have more than one
subnet (as you do.)
I am going through a firewall that is NATing one side.
Click to expand...

What does this have to do with wishing to split your DNS
for the domains?

All internal DNS servers (i.e., internal to your networks)
should provide the SAME answers.

The only "split" (or Shadow) DNS in most cases should
be between what you show on the Internet and what you
show to your domain computers.
When I try and create the trust it can not find the domain, yet I can ping
the remote DCs and I can do a NET SEND to the domain with success. So if you
have any ideas on what I can try, I would greatly appreciate it.
Click to expand...

That is a NetBIOS issue.

Have ALL of the DCs in all (involved) domains register
with the same WINS database.
 
Back
Top