-----Original Message-----
In Charlie <
[email protected]> posted their thoughts, then I
offered mine
Remove the secondary of the parent in the child zone. That is why the child
zone is probably disappearing because it believes it's a child of the parent
sedonary zone.
Proper delegation involves delegating to the child domain's DNS server, then
in the child domain's DNS server, forward back to the parent. From the
parent, forward to the ISP. They are the basic rules of delegation.
For more information:
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248
Delegating zones - Glue records and glue chasing:
http://www.microsoft.com/technet/treeview/default.asp? url=/technet/prodtechnol/windowsserver2003/proddocs/server/
sag_DNS_imp_DelegatingZones.asp
Hope that helps.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
.
Yes, I thought this might be unrelated to my other post,
but maybe not.
First of all, it is the secondary copy of the parent zone
that disappears from the child domain DNS/DC, not the
child zone. To rule out a problem with the DNS service or
Windows on the child DNS/DC I created a secondary of an AD-
integrated zone from outside the forest (I have a test
W2K3 forest that I was able to use). That secondary zone
did not disappear, which suggests the problem is related
to the method I have used.
That said, here is what I am afraid will happen if I try
to forward to the parent DNS: I won't be able to use an
on-demand VPN tunnel because there will be no way of
establishing the connection. Each office has one public
IP address assigned by the ISP on the Internet-facing
router interface, internally I use private IP addresses.
The public IP addresses are not static. I rely on DDNS
records for resolving to the correct public address. So
as far as I can see I would be caught in a catch 22 when
the child DNS tries to make the connection to the parent
DNS. In any case, it seems like a persistent connection
would be needed since the child DSN would constantly be
forwarding to the parent if I have users connecting to the
Internet a lot.
I guess it would be nice to be able to upgrade to W2K3
because I would be able to take advantage of conditional
forwarding. I could forward to the parent DNS just for
the parent zone and to the ISP DNS for everything on the
Web. I assume that would solve the problem.
For now, it looks like I need a persistent VPN connection
which I can establish from the parent. I guess I just
don't like that idea.
Thanks.