DNS settings and TCP/IP property settings on two different domain trees (easy question to answer)

I have one domain tree at my house (call it DomainA.com).     The other domain tree is completly seperate (naming is different). Call it DomainB.com

I made an external trust in between them. (not transitive)

For DNS issues: I added a secondary zone on Domain A for Domain B. I then zone transfered
                        I did the same for Domain B. Added a secondary Zone w/ Domain A's records in it.

In the TCP/IP properites of Domain A.com, it points to itself (127.0.0.1)
In the TCP/IP properties of Domain B.com, it points to itself (12.7.0.0.1)


Secondary zones do not repliate automatically to other DCs because they are not AD integrated right?
Did I do this correctly? Is this the "norm" when you join two trees together to make a forest?
Thanks
dissolvedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Slave (aka secondary) zones only replicate from the Master DNS.

Active Directory Integrated zones aren't secondary as such, they're all primary (or master) and replicate via Active Directory.

In your scenario you're actually making a trust between two seperate Forests - each domain you have is in the root of it's own Forest. It just looks a little odd because your forests only consist of one tree each.
0
Chris DentPowerShell DeveloperCommented:

Actually though, you'll see when you run DCPromo that you get 3 options (hopefully I've remembered that correctly):

Domain Controller for an existing domain
Domain Controller for a new domain
Domain Controller for a child domain in an existing forest

Child Domains are sub-domains of the main domain. For example:

Root of the Forest / Main Domain: domain.com
Child Domain for same Forest: child.domain.com

There are differences in how Active Directory handles this as well. With two seperate domains they are, to all intents and purposes, completely seperate - no roles overlap and really one couldn't care less what the other is doing.
0
Chris DentPowerShell DeveloperCommented:

Finally, for some reading matter on the subject if you want to know everything:

Best Practice Active Directory Design for Managing Windows Networks:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx

Designing and Deploying Active Directory:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dpgDSS_overview.asp

There's a hell of a lot there, not exactly light reading ;)
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

dissolvedAuthor Commented:
Exactly! Thats what I was trying to do. Like say dissolved.com is a company.  It merged with another company called iaskstupidquestions.com   They are two totatlly different forests right? The only way (in win2k) to share resources between them, is to make external trust. So thats what I did. When you do this, iaskstupidquestions.com becomes part of dissolved.com's forest. Is that correct???  As far as I know, this is the only way to join two companies together who have merged (in win2k anyway)

My question was: Did I set up the DNS correctly on them?
- dissolved.com's TCP/IP properties for DNS points to itself
- iaskstupidquestions.com TCP/IP properties for DNS point to itself

They are both DCs obviously and both running DNS. It worked great when I did it. Just trying to see if I did it "typically."

------------------------------------------------------------------------------
Ok, so secondary zones, replicate from the primary zone. Right?

so if dissolved.com has a secondary zone (so it can communicate with iastupidquestions.com's host via host name)
and iaskstupidquestions.com has a secondary zone (so it can communicate with dissolved.com's hosts  via host names)
...........The two secondary zones dont zone transfer in between themselves?  Rather, they zone transfer from THEIR master?

Phew!
Thanks for links. WIll check out when I get back from Thanksgiving (be back today)
0
dissolvedAuthor Commented:
by the way, is the above correct?
0
Netman66Commented:
You did it exactly right.

0
Chris DentPowerShell DeveloperCommented:

Yep, it's all correct, the documentation includes scenarios very much like your own.

On DNS, I think you have it anyway, but just to check :)

The Master / Slave / Primary / Secondary terms are all a bit mixed up - which is more of a general thing not something specific to you ;)

There are several types of zone file, including Active Directory Integrated, Master and Slave.

So, you have:

DNS Server for Dissolved.com contains:

Master Zone for Dissolved.com
Slave Zone for iaskstupidquestions.com (Tranferred from DNS for iaskstupidquestions.com)

DNS Server for iaskstupidquestions.com contains:

Master Zone for iaskstupidquestions.com
Slave Zone for Dissolved.com (Transferred from DNS for Dissolved.com)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dissolvedAuthor Commented:
thanks!
0
Netman66Commented:
Dissolved,

Please ask in Community Support to reopen this question.  Assign all the points to Chris.  I was merely adding my two cents in, but did not work with you on this.

He deserves the credit.

Regards,
NM

0
dissolvedAuthor Commented:
You're right. Chris did give me A LOT of helpful input in this thread (as well as other threads). But I feel you deserved points as well. I was also looking for verification that I had comprehended the DNS setup properly. Your response was simple, but answered part of my question. That is why I gave you points.

If you still ffeel uncomfortable with the points, let me know.
Thanks netman

dissolvved
0
Netman66Commented:
Thanks for getting back to me.  I think we should see if Chris is okay with this.  Personally, it makes no difference to me - I don't hang out here for the glory just to help people.

If Chris wants things changed then I will support his request.

0
dissolvedAuthor Commented:
Sounds good to me. Thanks Netman. Nice having experts like you on the board! It's what makes this my favorite place to hang out.
0
Chris DentPowerShell DeveloperCommented:

I'm perfectly happy with the points as they stand. I just like helping people if I can ;)
0
Netman66Commented:
Good stuff!  Glad everyone's happy.

Thanks again, and see you two around.

NM
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.