?
Solved

DNS configuration for a Child Domain

Posted on 2005-04-20
11
Medium Priority
?
212 Views
Last Modified: 2010-03-18
Hi guys, I would like to know how to configure properly a DNS service for a Child domain with the following scenario:

We are currently running an Active Directory which consists in a Single Domain (singledomain.com) with 4 domain controllers (W2003).  Two of them are sitting in the Main office and two of them in a Remote office 1 which is connected to the Main office through a frame relay 384k.  Main office has internet connection and Remote office 1 gets access to the internet through the Main office.

We have a Remote office 2 with internet access and connected to the Main office through a VPN over the internet.
We would like to install a domain controller and create a Child domain (child.singledomain.com) for this Remote office 2.

The issue is how to configure the domain controller DNS service of Remote Office 2 and how to configure the clients if they are currently getting DNS resolution from our ISP and they need to browse the AD

Note:  singledomain.com is our internal domain name but has been register in internet with someone else
0
Comment
Question by:munrra
  • 7
  • 4
11 Comments
 
LVL 6

Accepted Solution

by:
bmquintas earned 600 total points
ID: 13825353
Domain controller for child domain should be its own DNS server , secondary DNS the DC of the parent Domain, configure forwarders to resolve Internet Access (maybe your ISP dns servers?)
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13825420
Forget the last part, the child domain should be it's own dns server, have the parent domain DC has secondary dns server and forward all non resolved queries to the parent domain dc.
0
 

Author Comment

by:munrra
ID: 13826609
Hi bmquintas, thanks for your quick response.

With your suggestion all the queries for internet access from the remote office 2 will be resolved by the DC DNS service of the Main Office?

Regards

munrra
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 6

Expert Comment

by:bmquintas
ID: 13826723
Exactly, i'm assuming all "external" traffic will be made over the VPN, if one of the workstations request a local resource, it will be resolved by the child domain server , if the resource is outside the domain  the query will be forwarded to the DC at the main office.
0
 

Author Comment

by:munrra
ID: 13826951
Remote office 2 has their own ISP and I would like to minimize the VPN traffic.  If the VPN is down, them what happens with the internet access of remote office 2.
If a user of remote office 2 wants to access a resource in the main office them the DNS of main office have to show him the way or someone else.
What I would like to know is the best way to configure DNS under the scenario described above.
I'm new in DNS and open to suggestions, thanks in advance for your help
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13827087
I personally don't like the scenario having not centralized internet connections.... it's one more security point to manage...
Either way my last post assumed all internet traffic had to "walk" the vpn, if the vpn is down.. sure no internet
So to solve the scenario i believe the first post (where i asked you to ignore the part of the isp dns servers) is the correct approach.
If you set up forwarding to the isp dns:

Users enter www.google.com

DC doesn't have a record for that host->"asks" the DC of the parent domain->if query successfull name resolved
if the DC of the parent domain is not available (vpn down) the child domain server will forward the request to isp dns servers.

So i think.
0
 

Author Comment

by:munrra
ID: 13828539
Main office and remote office 2 are located in different countries each of them with their own IT staff. That's why we have 2 ISP's.
I think the best will be to configure the child domain DNS service in a way to forward everything that doesn't belong to him to the ISP and also forward any query for "singledomain.com" to the DNS of the main office through the VPN.
Due to the fact that our internal domain name is already registered in internet with someone else, when somebody behind the child domain send a query to the child DNS, it will forward the query to the ISP DNS and them what happens?
 

munrra
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13828632
If it is your internal domain, your DC knows that, and will not forward the query.
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13828669
0
 

Author Comment

by:munrra
ID: 13834729
I have created a test environment and DNS is working fine
I'm giving you the points, the correct approach for me was the first post
Thank for the link

munrra
0
 
LVL 6

Expert Comment

by:bmquintas
ID: 13835135
No problem, if possible leave some feedback after starting the configuration in production environment.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Screencast - Getting to Know the Pipeline
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question