Newbie: DNS Setup in Two Locations

[Kris]

Hello,
I want to setup DNS Servers in two locations A and B. These two
locations are connected via Point-Point with FULL T1. Two networks are
192.168 and 172.20 respectively.
I have setup a DC with a.abc.com (Frist Server in the network). Now
how do I create b.abc.com? To creat child domain I donot see parent
domain. Will a.abc.com will act like a parent domain?
Please help.
Thanks
Kris

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello,
I want to setup DNS Servers in two locations A and B. These two
locations are connected via Point-Point with FULL T1. Two networks are
192.168 and 172.20 respectively.
I have setup a DC with a.abc.com (Frist Server in the network). Now
how do I create b.abc.com?

You would have to DCPromo the server at location B as a "New Domain in an
existing forest."
This would not be a child domain, it would be a new domain tree in an
existing forest.

To creat child domain I donot see parent
domain.

To create a child domain, and be able to resolve a.abc.com you have to
forward b.a.abc.com DNS to a.abc.com, then create a delegation named b in
the a.abc.com, using the DNS at b.a.abc.com as the Name server.

Will a.abc.com will act like a parent domain?

Only if the location B domain is named b.a.abc.com.


If you want users at site A to have access to resources at site B and
Vice-versa without having to assign explicite permissions at each site,
DCPromo the server at Site B as a replica Domain Controller. This will make
Administration much easier because you would not have to configure
permissions separately for each site.

You could still set a connection specific suffix for each site's members so
that each sites resources are kept in separate DNS zones. That would be
a.a.abc.com at site A and b.a.abc.com at site B. You would not have to
create any separate zones this way, your zone would basically look like
this: (Plus the AD folders)
a.abc.com
\a
\b

 

[Kris]

Kevin,
Thank you for the response.
But here are some questions based on your recommendations and some misread
due to my wording sorry for that.
NOTE: All I'm using Win2KAdv DNS server is only for DNS purpose nothing else
(atleast at this time).
a. In order to make b.abc.com a "NEW Domain in existing forest" I need to
provide "Network Credentials" and What domain name should be inputed?
b. Since I have created a DC with a.abc.com now my forest starts at
a.abc.com? Not abc.com? If I do want to create abc.com and a.abc.com in the
same server since its located at location A and create b.abc.com part of
abc.com would I then still create DC for b and under abc.com forest and I
would be able to see abc.com?
c. misread part: will a.abc.com will act like a parent domain? Is actually
releated to part of B question since its ONE server (thought abc.com and
a.abc.com)
Thanks
Kris

 

[Kris]

Also please NOTE: IP networks are different

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,
Thank you for the response.
But here are some questions based on your recommendations and some
misread due to my wording sorry for that.
NOTE: All I'm using Win2KAdv DNS server is only for DNS purpose
nothing else (atleast at this time).
a. In order to make b.abc.com a "NEW Domain in existing forest" I
need to provide "Network Credentials" and What domain name should be
inputed?

You need to use the credentials for the Administrator account of the
existing forest.

b. Since I have created a DC with a.abc.com now my forest starts at
a.abc.com? Correct

Not abc.com? Correct

If I do want to create abc.com and a.abc.com

in the same server since its located at location A and create
b.abc.com part of abc.com would I then still create DC for b and
under abc.com forest and I would be able to see abc.com?

You have already created a.abc.com, it will be your Forest Root domain, its
children will be child.a.abc.com.
Or you can create a new tree b.abc.com, but a.abc.com will still be the
forest root.

I don't think it will let you start a new tree at abc.com, but I could be
wrong. Usually abc.com would be the forest root, and its children would be
a.abc.com and b.abc.com and so on.
You could also start a new tree at abc.net for example, but a.abc.com would
still be abc.net's forest root.

c. misread part: will a.abc.com will act like a parent domain?

Not necessarily parent, forest root. A forest root can be a parent domain,
but it does not have to be, it can also be in a different tree. For istance
you can create a new tree named b.abc.com, for which a.abc.com is its forest
root.

Is

 

[Kris]

Kevin,
What domain name should I provide in Network credentials?

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,
What domain name should I provide in Network credentials?

I already said, the Forest root Administrator account. Probably
(e-mail address removed) if that is your forest root, I'm not sure what your
Forest Root domain name is.

 

[Kris]

Kevin,
If I had to redo the servers what is the correct procedure?
a. Create abc.com w/DC
b. Create a.abc.com domain in DNS (they are one server abc.com and
a.abc.com).
c. Create b.abc.com domain in DNS (w/DC?) in separate server located at site
b.
d. What about IP networks wouldn't that be a issue? 192 network to 172
network?

Thanks
Kris

 

[Kris]

Kevin,
At network credentials:
Username: (e-mail address removed)
password: pwd
domain: a.abc.com
when clicked next I get :
The domain "a.abc.com" is not an active directory domain or domain
controller for the domain could be contacted"
Please help.
Thanks
Kris

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,
If I had to redo the servers what is the correct procedure?
a. Create abc.com w/DC

I would put both DCs in the same domain. you really need two DCs per domain,
anyway. Creating child domains and new domain trees don't help for failover.

b. Create a.abc.com domain in DNS (they are one server abc.com and
a.abc.com).

This would work, but it only gives you one DC per domain.

c. Create b.abc.com domain in DNS (w/DC?) in separate server located
at site b.
d. What about IP networks wouldn't that be a issue? 192 network to 172
network?

No issue, you would set up static Routes between the two subnets. So that
each router is aware of the other subnet and how to get to it.

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,
At network credentials:
Username: (e-mail address removed)
password: pwd
domain: a.abc.com
when clicked next I get :
The domain "a.abc.com" is not an active directory domain or domain
controller for the domain could be contacted"

The machine must use the address of the first DC for DNS only.

 

[Kris]

Kevin,
You are right I was trying to create failover type system but anyway can you
provide me steps please since my mind is confused I cannot catch your point
so easily.
This DNS domains and Active Directory domains are confusing me out. Please
provide step-by-step instructions.
Thanks
Kris

 

[Kris]

The machine must use the address of the first DC for DNS only.
in other words ....

 

[Enkidu]

Hello,
I want to setup DNS Servers in two locations A and B.
These two locations are connected via Point-Point with
FULL T1. Two networks are 192.168 and 172.20 respectively.

Before you try anything else, ensure that you have network
connectivity between the two locations. Use ping and other
tools.

I have setup a DC with a.abc.com (First Server in the
network). Now how do I create b.abc.com? To creat child
domain I donot see parent domain. Will a.abc.com will
act like a parent domain?

I would set up your server as a standalone server. Setup its
NIC with the DNS of the first Domain. Check that you can
connect to the DNS on the first Domain over the network. You
don't have to login or anything - just use nslookup. If you
first Domain server is set up to query the Internet DNS,
that's good. Use the first Domain's DNS to look up, say,
www.microsoft.com.

If all is OK, run DCPROMO on the new server, tell the AD
setup that this is a new tree in an existing forest, and it
should connect to the DNS in the existing Domain and do the
upgrade.

With Domains a.abc.com as root and b.abc.com as a new tree
you have two disjoint DNS spaces - they don't overlap - so
you have to have a new tree

Cheers,

Cliff

 

[Enkidu]

Also please NOTE: IP networks are different

This is of no consequence.

Cheers,

Cliff

 

[Enkidu]

Also please NOTE: IP networks are different

Sorry, this is of no consquence if the two networks
can communicate. Test this with tools like 'ping'

Cheers,

Cliff

 

[PScyime via WinServerKB.com]

Kris

It not really possible for you to be provided a step by step guide until you
explain clearly and precisely what you want and even then technet and the MS
support site are the best resources for specific deployment info

It is confusing and needs some careful planning, but if you have a specific
question let us know

Unfortunatly the only way this subject becomes less confusing is reading,then
reading, a wecast or two, a technet art, reading - you get the idea.
Webcasts are cool cus you can just sit there and have some one explain it to
you - better than reading

Good Luck

Simon

Also please NOTE: IP networks are different

--
Simon Whyley
MCP XP,2Kpro
Comptia A+


Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000-active-directory/200508/1

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,
You are right I was trying to create failover type system but anyway
can you provide me steps please since my mind is confused I cannot
catch your point so easily.
This DNS domains and Active Directory domains are confusing me out.
Please provide step-by-step instructions.
Thanks
Kris

For best failover reliability.

First get static routes on your routers set up so you can ping IP addresses
in both subnets.
Set up your first DC using your choice of domain name, when you promote the
second DC, it must use the first DC for DNS only.
Promote it as a replica DC
After AD has fully replicated, your zone should exist on both DNS servers.
Turn off round robin, Turn on Enable Netmask Ordering (Advanced tab)

 

[Kris]

Simon,
As I explained in the first post that I want to have two DNS servers in two
locations and share the resources (view them in network neighbourhood).
Regards,
Kris

 

[Kris]

Enkidu,
Thanks for the responses.

Two networks can ping each other no problems.
I will put DNS entry of Server A into Server B and see what happens.

But how would you setup/plan out with what I want to achieve;
Two DNS and share the resources (view in Network Neighbourhood).

Thanks
Kris