Believe it or not, I have only just got around to migrating from NT 4 server to AD. I have six master domains worldwide, and 20 resource domains. i am now working my way west from Asia to finish up with the US by January (hopefully).
I decided to go for different internal and external namespaces (domains) since I use my UK ISP (PSInet) for the DNS of the of public presence domain (company.com). I decided to use a company.net domain for the internal namespace. Just to be safe, I registered it with nameroute, though I don’t plan to use it on the outside. I’m setting up a single domain directory for Asia to cover Hong Kong, Singapore, Tokyo, Beijing and Shanghai. I decided to call this asia.company.net.
I’m still running Exchange 5.5 and Proxy 2.0 for the time being (waiting for a select contract to be signed) and everything is working ok apart from the fact that DNS keeps resolving all external addresses to the IP of the hosting company that are authoritative for the company.net domain. Somehow the IMC and Proxy are able to communicate properly with the Internet but nslookup is behaving strangely. Thank God that Proxy 2.0 and Exchange don't rely on nslookup working.
The mail/web server has two network cards, one trusted and one untrusted. The trusted has a 10.x.x.x address, gateways to my Private WAN router and DNS to the AD DNS servers(s). The untrusted has a 192.168.x.x address, gateways to my firewall (which NATs incoming SMTP to the server), and has the DNS provided by the ISP.
If I do an nslookup of www.bbc.com
, it always resolves it as follows ;
C:\Documents and Settings\sysadmin>NSLOOKUP WWW.BBC.COM
Note : this is the hosting site for company.net which is a simple placeholder. I originally got very concerned that our DNS had been hijacked but when I discovered that the IP that it always resolves to is one that I am vaguely familar with I stopped worrying about this possibility.
The bindings order does not seem to matter, though at the moment I have the untrusted higher than the trusted so that it queries external DNS first (for Internet performance reasons). My DNS (which I allowed DCPROMO to set up) contains just the domain asia.company.net and _msdcs.asia.company.net.
I began to wonder if the problem stems from the fact that the root zone for company.net domain is not setup in my internal DNS, only asia.company.net. I am planning to have europe.company.net, us.company.net, lebanon.company.net etc. as separate domains/forests since my WAN is not reliable enough to support a single global domain. I am beginning to realise how important it is that the operations master server is visible at all times to DCs in the domain.
Can anyone think of a knowledge base article or technet document that might help me with this. I’d really appreciate any advice that you can offer, even if it means I have to go back up to Hong Kong (hub site) and change things. Ideally I could make any changes from here using terminal services.