?
Solved

DNS configuration for new forest trust

Posted on 2010-09-04
7
Medium Priority
?
936 Views
Last Modified: 2012-05-10
In a test environment, I have two forests: abc.local and def.local. Within each forest, the downstream domains work fine.

I want to create a forest trust between the two.

I have VPN tunnels between the two, and I can ping the respective DC's.
abc.local has all 2008R2 boxes, and def.local has 2003SP2 DC's.

I don't know how to configure DNS to make this happen, which I think is necessary before I can create the trust. Do I just create a simple primary zone in each domain that contains only the Host A record of one of the DC's, or do I create a new DNS domain. If the latter, what do I assign for the SOA records?

In my configuration, dc1.abc.local is 192.168.33.10. For def.local, dc1.def.local is 192.168.2.10.

Thanks in advance.
0
Comment
Question by:ovidbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:abt-it
abt-it earned 800 total points
ID: 33605902
First of all, you need correct routing between these networks. After that, add a forwarder for abc.local at the DNS of def.local and vice versa. That should work.
0
 
LVL 7

Accepted Solution

by:
Waseems earned 1200 total points
ID: 33605904
you can use conditional forwarding from each server to the other server based on the other domain name
OR
you can create secondary zone for the other zone on each server
but only creating the primary zone with host record will not work because SRV records are required for the connection
0
 
LVL 10

Expert Comment

by:abt-it
ID: 33605905
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:ovidbailey
ID: 33606354
Thanks for the replies. I'll try it both ways. Pinging by address works fine in both directions.

When I create the conditional forwarder on the def.local box (2003), it works just fine; I can ping all the resources on the abc domain.

But when I try to do the same thing on the abc.com domain (2008R2) in the separate Forwarders folder, it identifies the server name OK, but says that "The server wtih this IP address is not authoritative for the required zone.". What did I do wrong?
0
 

Author Comment

by:ovidbailey
ID: 33606377
On the 2003 box itself, all of the records (including SOA) look just fine.
0
 
LVL 7

Expert Comment

by:Waseems
ID: 33607130
may be it is the firewall on win2003 which block the request try openning port UDP 53 on windows 2003
0
 

Author Comment

by:ovidbailey
ID: 33607812
Yeah, that was it. My router was getting really flaky and finally died right in the middle of my testing. Never easy, is it? Thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month15 days, 17 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question