Solved

W2K AD DNS

Posted on 2004-04-22
10
233 Views
Last Modified: 2010-03-18
I need some help on DNS resolution in an AD Domain.  The scenario is I have a root domain and two second level domains i.e. root.local, us.root.local and eu.root.local.  I have been advised to install DNS only in the two child domains and have them be secondaries of each other.  With this setup I am unable to query host.us.root.local from a client in eu.root.local (and vice-versa) I believe due to the fact that the client resolver is set to only query using the primary and parent suffixes, meaning the suffix us.root.local would never be tried leading to no resolution.  I know I can add a list of domain suffixes, but it seem in Y2K this can only be done manually and we have too many machines.

To complicate things the DNS server in the child domain also need to be forwarders for external resolution.

I also know that the MS solution would be to have DNS installed in the root domain and delegate the child domains.  However I will come across the same problem described above.

Can someone advise what is the correct/best way to setup DNS in this scenario without relying on WINs please?

Thanksin advance
Richard
0
Comment
Question by:eggwhisk
  • 3
  • 2
  • 2
10 Comments
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10887855
Use Active Directory Integrated DNS.  Skip the primary and secondary stuff.  It's counter productive in a Win2K environment.  

Do you have DHCP enabled on the network?  If so you can set scope options to include the DNS addresses and suffixes for the additional DNS servers.  If everything is statically assigned, then I'm afraid you have no choice and you will have to change everything manually.

James
0
 

Author Comment

by:eggwhisk
ID: 10888042
Hi James,

I do not understand why AD integrated DNS would help this situation, can you expand please?

Yes, we do have DHCP, but under W2K there are not option for specifying more than one suffix to search.  This option is only available under W2003 GPO.

What do you think?

Thanks
Richard
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10888135
Oh...you're right.  I've been on Win2K3 for a bit, and forgot about that.

In any event, AD DNS wouldn't neccessarily help in this situation...it helps all situations.  Just having a uniformed AD structure throughout the entire network has been beneficial in my experience.

OK.  DNS Suffix.  Perhaps you could create a script to specify them  Below is an example of a script that you could employ as a logon script that could set the DNS suffix of the remote machines.

http://www.noplan.com/Scriptings/dnssuffix.asp

And then the following link has some ways you can tweak the registry.  You can create a registry key then import it at the users' workstations, again, by running a logon script if you prefer.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;178277

Maybe those will help you.

James
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:eggwhisk
ID: 10888403
I really need the answer to my original question.  
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 250 total points
ID: 10890821
The only way I can see that would resolve your problem eggwhisk would be to make the Secondary DNS servers set to forward to the primary root DNS zone servers and have the root DNS servers forward to external DNS/ISP servers for outside name resolution.

Alternatively, you could also try adding your root DNS servers as the first forwarders in the list and your extenral ISPs DNS server (for external name resolution) as the secondary forwarders. Just make sure you internal root DNS server are the first servers to query.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10890915
I did answer the original question.  Those scripts can be used to add the DNS suffixes to your client machines.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10890987
I guess he really doesn't want to do it that way.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Speed testing 26 78
AD health monitoring 2 58
sync conflicts 1 27
Server 2008 Cluster Fail-over Errors 5 53
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now