Setting Up DNS on Child Domain Controller

[Will]

In a Windows 2000 AD forest, the child domain controller's DNS is normally
set to add the parent domain as a secondary, just to keep a copy cached for
use locally. What about the forwarders settings in DNS on the child
domain controller? Should this be set to the upstream domain's domain
controller, or does it not matter?

 

[Enkidu]

In a Windows 2000 AD forest, the child domain
controller's DNS is normallyset to add the parent
domain as a secondary, just to keep a copy cached
for use locally. What about the forwarders
settings in DNS on the child domain controller?
Should this be set to the upstream domain's domain
controller, or does it not matter?

I'd say yes, in most cases. The forwarders is *generally*
only used to access addresses *outside* of the LAN/WAN, and
in most cases you only want to access the outside world's
DNS from one machine or at least only from the root domain's
DNS servers.

If those DNS servers are heavily loaded, I guess you could
set the forwarders in the child domains.

If you are using forwarders only to access the external
Internet, then think of it like this: it is not really an AD
question, since the addresses that you are requesting are
not part of your AD structure. Therefore you can leave AD
considerations out of it and consider only the networking
aspects of the problem, such as, where are the gateways for
the child domain and are they the same as the gateways for
the parent domain.

Cheers,

Cliff

 

[Guest]

Well If you want you can definatly set forwarders to your parent domain. The
reason to put forwarders is to resolve the external names(Public Domain). We
usually put the IP Address of the ISP to resolve the Public Domain's or to
access internet.

You can set you child domain to put forwarders to your parent domain so that
you do not have to create the secondary copy of your parent domain in the
child domain and on parent domain put forwarders to your ISP.

DNS can be set in may way so it all depends on your enviroment.

 

[Herb Martin]

In a Windows 2000 AD forest, the child domain controller's DNS is normally
set to add the parent domain as a secondary, just to keep a copy cached for
use locally. What about the forwarders settings in DNS on the child
domain controller? Should this be set to the upstream domain's domain
controller, or does it not matter?

There is no clear cut answer -- it depends on why you
are forwarding and which names you expect to resolve.

For instance: All DNS servers (both zones/domains) on
same LAN with a gateway caching only DNS to the outside
world (The Internet)

ALL DNS servers usually forward to the gateway DNS

Second example: Child DNS at branch site with no independent
Internet access.

It is likely useful to forward to "HQ" DNS servers for Internet
(and other site perhaps) resolution.

You must think through what you will resolve and what the
referral (forwarding, recursion, caching etc) paths will look like.

The goal is:

#1 Resolve EVERYTHING necessary
#2 Do it most efficiently while maintaining rule #1

For #2, try to do it locally, then closest AND/OR try to do
it from the DNS server with the LARGEST cache or broadest
source of information (caching hierarchically for complex
scenarios.)

Then you test, making sure it actually works.

 

[Manny Borges]

No, this is not how to use fowarders.
Fowarders are used when you need to resolve into a name space that is not
connected to the DNS hierarchy.

Standard DNS delgated zones and NS records (aptly named :glue" records) will
seperate the namespace yet still provide resolution.

What is the goal here? Decrease resolutions per server, break up
administration, decrease resolution time?


--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

The pen is mightier than the sword, and considerably easier to write with.
-- Marty Feldman