Forest Trusts and DNS

[Guest]

Hi all - hoping this is quick and easy.

I've recently acquired responsibility for a new domain and am working
towards getting them to communicate in an AD Trust Scenario so that we can
authenticate users from each domain on the other.

The two forests are as follows: 1 forest is Server 2003 and the other is an
older Server 2000, mixed mode domain. When trying to setup the prerequisitie
secondary DNS zones, the zone copies from the 2000 to the 2003 domain fine,
but the one from 2003 to 2000 doesn't seem happy. I'm getting a message that
"The transfer of zone data from the master server failed" with a little red
'X' on the zone.

If I start and restop the DNS server service, the newly created zone comes
to life, but it's missing all of the necessary DNS records (_msdcs, IP, etc.)
for AD to communicate. Deleting and recreating this secondary zone has not
helped either.

The DNS setup on both DNS servers is such that zone transfers are allowed to
one another, and each server is pingable from the other.

Any ideas?

 

[c0d3r]

You'll have to allow zone transfers on the zones on 2003 AD before you can
create a secondary on your 2000

If that is not an option, you can also work with forwards
(so requests that cannot be resolved on 2003 are forwarded to the 2000 DNS
servers, and requests that cannot be resolved in 2000 are forwarded to the
2003 DNS servers)

 

[Guest]

Hi c0d3r,
As stated in the original post, I've already got zone transfers permitted
between the two dns servers. The problem is not that it can't transfer but
that it doesn't seem to want to.

 

[c0d3r]

Anything in the event log ?

You'll probably trying to transfer AD integrated system zones, so you can
also use forwarders (instead of zone transfers) to allow name resolution.
Works great as well...