second primary zone does not utilize forwarding

First our network design is a little conveluted due to where servers are
located, but let me summarize with this:

Domain: Windows 2000
DNS: Windows 2000 AD integrated
First primary domain: myclient.com
Second Primary domain: mycompany.com

The problem is rather simple. If a device requests a record on myclient.com
zone that is not local, the DNS simply forwards it to the internet - works
great. If a device requests a record on mycompany.com zone that is not
local, it does not forward.

I am leaning towards this being by design, but I don't know why. Both are
primary zones under the AD DNS umbrella, it's just the one that is the main
AD zone is the one that fowards correctly.

I have it setup this way because I have a dedicated link between my client
and my company. I host some of my clients servers at my companies
datacenter. Certain records I want to go over the dedicated link and some I
want to go over the internet. I just find it a pain that I have to be sure
to maintain mycompany.com's zone manually with all the potential
internet-bound hosts I may use. I was hoping that mycompany.com zone would
forward what it doesn't have to internet just as the myclient.com does.

Can someone explain why this is? I am sure it is by design, but I can't
seem to grasp the reason.

Thank you for reading.
Milan

Milan wrote:
> First our network design is a little conveluted due to where servers
> are located, but let me summarize with this:
>
> Domain: Windows 2000
> DNS: Windows 2000 AD integrated
> First primary domain: myclient.com
> Second Primary domain: mycompany.com
>
> The problem is rather simple. If a device requests a record on
> myclient.com zone that is not local, the DNS simply forwards it to
> the internet - works great.
If this is true it is broken. DNS server will not forward requests for names
it is authoritative for. The closest DNS can come to this is by checking a
WINS server for unknown hosts. But if a DNS server has a zone for
myclient.com, it will not forward any requests, unless that zone is a stub
zone, which Windows 2000 has no support for.

> If a device requests a record on
> mycompany.com zone that is not local, it does not forward.

It would not, since it holds authority, the only time it will send a query
out for hosts it is not authoritative for, is for names that are explicitly
delegated.

>
> I am leaning towards this being by design, but I don't know why.
> Both are primary zones under the AD DNS umbrella, it's just the one
> that is the main AD zone is the one that fowards correctly.
>
> I have it setup this way because I have a dedicated link between my
> client and my company. I host some of my clients servers at my
> companies datacenter. Certain records I want to go over the
> dedicated link and some I want to go over the internet. I just find
> it a pain that I have to be sure to maintain mycompany.com's zone
> manually with all the potential internet-bound hosts I may use. I
> was hoping that mycompany.com zone would forward what it doesn't have
> to internet just as the myclient.com does.
>
> Can someone explain why this is? I am sure it is by design, but I
> can't seem to grasp the reason.

I would like to know why DNS is forwarding for myclient.com if it has the
zone. Can you post a sample query using nslookup -d2 showing this behavior?

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Reply is in-line.

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:%237NC$GXiGHA.4204@TK2MSFTNGP02.phx.gbl...
> Milan wrote:
>> First our network design is a little conveluted due to where servers
>> are located, but let me summarize with this:
>>
>> Domain: Windows 2000
>> DNS: Windows 2000 AD integrated
>> First primary domain: myclient.com
>> Second Primary domain: mycompany.com
>>
>> The problem is rather simple. If a device requests a record on
>> myclient.com zone that is not local, the DNS simply forwards it to
>> the internet - works great.
> If this is true it is broken. DNS server will not forward requests for names
> it is authoritative for. The closest DNS can come to this is by checking a
> WINS server for unknown hosts. But if a DNS server has a zone for
> myclient.com, it will not forward any requests, unless that zone is a stub
> zone, which Windows 2000 has no support for.

Thank you, this actually answers all my questions. I'm sorry though that I did not make myself clear here. I did not mean the server would forward requests for its own domain, I meant a request like yahoo.com. I noted myclient.com because that is the domain of the client station and the DNS zone for which he would attempt to resolve the address.

>> If a device requests a record on
>> mycompany.com zone that is not local, it does not forward.
>
> It would not, since it holds authority, the only time it will send a query
> out for hosts it is not authoritative for, is for names that are explicitly
> delegated.

Yes, it makes sense now based on what you said above. I will have to manually maintain the mycompany.com records because it will not forward requests for a domain that it holds ownership. This is what I did not know, but now that I do, it's clear as day. Thank you for taking the time to explain.

>>
>> I am leaning towards this being by design, but I don't know why.
>> Both are primary zones under the AD DNS umbrella, it's just the one
>> that is the main AD zone is the one that fowards correctly.
>>
>> I have it setup this way because I have a dedicated link between my
>> client and my company. I host some of my clients servers at my
>> companies datacenter. Certain records I want to go over the
>> dedicated link and some I want to go over the internet. I just find
>> it a pain that I have to be sure to maintain mycompany.com's zone
>> manually with all the potential internet-bound hosts I may use. I
>> was hoping that mycompany.com zone would forward what it doesn't have
>> to internet just as the myclient.com does.
>>
>> Can someone explain why this is? I am sure it is by design, but I
>> can't seem to grasp the reason.
>
> I would like to know why DNS is forwarding for myclient.com if it has the
> zone. Can you post a sample query using nslookup -d2 showing this behavior?
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>