DNS in child domains

G

Guest

I have a single tree forest with a number of child domains. I have a dns
server in the root domain which is AD integrated. The child domains all have
a dns server with a secondary zone which is updated from the dns server in
the root domain.

Should I be able to change the zones in the child domains to AD integrated?
Should they have a copy of the zone for whole domain or just the child sub
domain?

Thanks
 
M

Mark Renoden [MSFT]

Hi

It often depends on your infrastructure but often a good way of doing it is
having a delegation for the child zone at the parent level which points to a
DNS server in the child domain and then have the DNS server in the child
domain own an AD Integrated zone for the child domain name space.

Clients in the child domain then use the child DNS server to resolve names.
If you need to make queries to the parent level, you can then use forwarders
or secondary copies. All domains need to be able to resolve
_msdcs.<forestrootdomain>.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Thanks Mark.

There is quite a bit of integratration between domains so I will probably
need a full copy of the forest domain zone locally anyway. To keep
administration to a minimum I will stick with the one primary (AD) zone at
the root and secondaries everywhere else.

Many thanks
Gordon O'Brien

Mark Renoden said:
Hi

It often depends on your infrastructure but often a good way of doing it is
having a delegation for the child zone at the parent level which points to a
DNS server in the child domain and then have the DNS server in the child
domain own an AD Integrated zone for the child domain name space.

Clients in the child domain then use the child DNS server to resolve names.
If you need to make queries to the parent level, you can then use forwarders
or secondary copies. All domains need to be able to resolve
_msdcs.<forestrootdomain>.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.



GOB said:
I have a single tree forest with a number of child domains. I have a dns
server in the root domain which is AD integrated. The child domains all
have
a dns server with a secondary zone which is updated from the dns server in
the root domain.

Should I be able to change the zones in the child domains to AD
integrated?
Should they have a copy of the zone for whole domain or just the child sub
domain?

Thanks
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rebuild Forest Root Domain Controller 3
Active Directory DNS structure for parent/child domains 2
Zone transfers in AD-integrated DNS 1
child domains, dns replication 1
How to Configure DNS Settings 2
non contiguous child domain 2
Domain consolidation and decommission child domain in ActiveDirectory Windows Server 2003 3
Replication issues with one of the child domain 1

Top