AD DNS Problem with 2 Domains
Posted on 2007-10-10
I have 2 Windows 2000 AD DOMAINS, domain1.com and domain2.com, running on the same IP subnet. The domains are setup with a functioning trust.
Both domains use AD integrated DNS that's hosted on AD servers in the domain1.com domain.
Zone transfers are enabled for servers listed on the name servers tab. Secure updates are enabled. All DNS records function and replicate to DNS servers in domain1.com (this includes all records for the domain2.com zone.)
I'm now setting up a new subnet that will extend the domain2.com domain to a new site.
IP routing is functioning between the sites, and there are no FW policies in place that block traffic between the subnets. I've also setup a new site & subnet in AD Sites & Svcs.
Only domain2.com will be setup at the new site, so I've setup an additional DC for domain2.com on the remote subnet, listing the domain1.com IP address as the primary DNS server before running DC promo. DNS server was installed on the new DC but not configured before running DCpromo.
After running DCPromo and rebooting, all seems well (including AD replication) with the exception of DNS.
When I open the DNS snap-in I see the zones for domain1.com and domain2.com, but none of the records have replicated from the domain1.com DNS servers. Only the name server and host records for the domain2.com domain controllers are listed.
Dcdiag gives me no errors. There are no errors in the event log.
Repadmin /showreps shows successful attempts for inbound domain2.com neighbors, and displays nothing under outbound neighbors.
Could this be some kind of permission problem between the DNS servers on domain1.com and the domain/DNS servers in domain2.com?
To test, I tried setting up AD integrated DNS on one of the other domain2.com servers on the existing subnet, and I get the *same* result.
When I setup an additional domain1.com DC with DNS on the new subnet, DNS works perfectly. All records are displayed and replicated. This eliminates an IP routing/firewall problems.
This definitely has something to do with the fact that the primary AD DNS for domain2.com is hosted on the domain1.com DCs.
Are there permissions that I can set on the domain1.com DC to make this work or is this setup just wrong?
Should I setup a standard secondary DNS in the new subnet instead of AD integrated?
Domain2.com was originally setup to use domain1.com's DNS server because all machines are on the same subnet and share DHCP configuration.
Is there a way to migrate domain2.com's DNS to a domain2.com AD server while still sharing the same subnet/DHCP configuration?
Thanks for any help!