eggwhisk
asked on
W2K AD DNS
I need some help on DNS resolution in an AD Domain. The scenario is I have a root domain and two second level domains i.e. root.local, us.root.local and eu.root.local. I have been advised to install DNS only in the two child domains and have them be secondaries of each other. With this setup I am unable to query host.us.root.local from a client in eu.root.local (and vice-versa) I believe due to the fact that the client resolver is set to only query using the primary and parent suffixes, meaning the suffix us.root.local would never be tried leading to no resolution. I know I can add a list of domain suffixes, but it seem in Y2K this can only be done manually and we have too many machines.
To complicate things the DNS server in the child domain also need to be forwarders for external resolution.
I also know that the MS solution would be to have DNS installed in the root domain and delegate the child domains. However I will come across the same problem described above.
Can someone advise what is the correct/best way to setup DNS in this scenario without relying on WINs please?
Thanksin advance
Richard
To complicate things the DNS server in the child domain also need to be forwarders for external resolution.
I also know that the MS solution would be to have DNS installed in the root domain and delegate the child domains. However I will come across the same problem described above.
Can someone advise what is the correct/best way to setup DNS in this scenario without relying on WINs please?
Thanksin advance
Richard
ASKER
Hi James,
I do not understand why AD integrated DNS would help this situation, can you expand please?
Yes, we do have DHCP, but under W2K there are not option for specifying more than one suffix to search. This option is only available under W2003 GPO.
What do you think?
Thanks
Richard
I do not understand why AD integrated DNS would help this situation, can you expand please?
Yes, we do have DHCP, but under W2K there are not option for specifying more than one suffix to search. This option is only available under W2003 GPO.
What do you think?
Thanks
Richard
Oh...you're right. I've been on Win2K3 for a bit, and forgot about that.
In any event, AD DNS wouldn't neccessarily help in this situation...it helps all situations. Just having a uniformed AD structure throughout the entire network has been beneficial in my experience.
OK. DNS Suffix. Perhaps you could create a script to specify them Below is an example of a script that you could employ as a logon script that could set the DNS suffix of the remote machines.
http://www.noplan.com/Scriptings/dnssuffix.asp
And then the following link has some ways you can tweak the registry. You can create a registry key then import it at the users' workstations, again, by running a logon script if you prefer.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;178277
Maybe those will help you.
James
In any event, AD DNS wouldn't neccessarily help in this situation...it helps all situations. Just having a uniformed AD structure throughout the entire network has been beneficial in my experience.
OK. DNS Suffix. Perhaps you could create a script to specify them Below is an example of a script that you could employ as a logon script that could set the DNS suffix of the remote machines.
http://www.noplan.com/Scriptings/dnssuffix.asp
And then the following link has some ways you can tweak the registry. You can create a registry key then import it at the users' workstations, again, by running a logon script if you prefer.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;178277
Maybe those will help you.
James
ASKER
I really need the answer to my original question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I did answer the original question. Those scripts can be used to add the DNS suffixes to your client machines.
I guess he really doesn't want to do it that way.
Do you have DHCP enabled on the network? If so you can set scope options to include the DNS addresses and suffixes for the additional DNS servers. If everything is statically assigned, then I'm afraid you have no choice and you will have to change everything manually.
James