Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Creating DNS zones for Parent - Child Domains

Posted on 2006-06-22
9
463 Views
Last Modified: 2011-10-03
Here is the situation. I have a root domain (purely for administration) and 2 child domains( one in Greece & US) each with multiple sites. The root domain & child domain reside in same site.

 Within the US Child domain, I have 2 sites (atlanta & NYC), I want the DC in those locations to host DNS for their clients and have all internet traffic generated to be directed to the local ISP

How is DNS set up in the Parent domain to reflect this and also how is it setup in the child domain to be site specific?
0
Comment
Question by:broberc6
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 84 total points
ID: 16962020
"Within the US Child domain, I have 2 sites (atlanta & NYC), I want the DC in those locations to host DNS for their clients and have all internet traffic generated to be directed to the local ISP"

The internet traffic (web browsing) will traverse using your ROUTER rules...and not DNS rules.  In other words, the client will use thier TCP/IP Gateway settings to get out to the internet.  So, as long as you routers are setup properly, the clients will use the local ISP internet connection.

You can use this command to test...(from a command prompt)

TRACERT www.yahoo.com <enter>  

This will show you the path the client is using to get out to the internet.
0
 

Author Comment

by:broberc6
ID: 16962097
How would the zones in the parent domain and the child domain?
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16962125
"How would the zones in the parent domain and the child domain?"  Sorry, I don't understand what you mean... its like saying "how would the dog in the house?"
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 83 total points
ID: 16962334
On the Parent domain:

All zones should be AD Integrated.
The _msdcs zone should have a replication scope of "To all DNS servers in the Forest"
The domain.local zone should have a replication scope of "To all DNS servers in the domain"

On each child:

The _msdcs zone should propogte automatically from the parent.
The child.domain.local zone should remain local to the domain only.

On the Forwarders tab on each of the child domain's DNS servers:

Setup Conditional Forwarding for the Parent domain to forward to that DNS server.

On the Forwarders tab of the parent DNS server:

Setup Conditional Forwarding for each of the child domains and forward to the correct DNS server.


On the Forwarders tab of ALL DNS servers - any other domain - send to the Local ISP.


ALL client computers should contain only their local DNS server's address and nothing else.

Each DC should be a GC.

Hope this helps.
NM
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 83 total points
ID: 16967588

Just a couple of questions / comments on the proposed setup:

> On the Forwarders tab on each of the child domain's DNS servers:
> Setup Conditional Forwarding for the Parent domain to forward to that DNS server.

Wny not just configure the Parent Zone to replicate it's own domain.local to the entire forest. The zone should be small anyway and changes are going to be minimal. It's size compared to the usual GC type replication is also pretty insignificant so wouldn't burden anything. Only applies if Windows 2003 is being used.

> On the Forwarders tab of the parent DNS server:
> Setup Conditional Forwarding for each of the child domains and forward to the correct DNS server.

Unnecessary. The Parent domain should know about the child domains as they should be within it's DNS hierarchy. That is, the parent zone should have Name Server records for each sub-domain (or child domain). If there are Name Server records you don't need Forwarders as it knows exactly where to send the request already.

Chris
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16967705
You could make the domain zones part of the Application partition so they replicate to all servers in the Forest, sure.  Most of the time there is no need for domains (internally) to resolve anything in the other domains except the servers so why make the local DNS server authoritative for the zone?  This is why I stated it the way I did, with Conditional Forwarding.

It's not as much about the parent knowing the child as it is about the child knowing about the parent.

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 16967745

Oh I agree completely. We just switched from using Forwarders for our domain to replicating the root domain to the entire forest... nice and neat :)

Chris
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Moving Files servers to DFS 11 57
setup share and NTFS permissions. 12 85
Event-ID 3001, 3011 - LoadPerf - Windows Server 2003 14 62
DHCP lease duration / Migration 8 72
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question