ovidbailey
asked on
DNS configuration for new forest trust
In a test environment, I have two forests: abc.local and def.local. Within each forest, the downstream domains work fine.
I want to create a forest trust between the two.
I have VPN tunnels between the two, and I can ping the respective DC's.
abc.local has all 2008R2 boxes, and def.local has 2003SP2 DC's.
I don't know how to configure DNS to make this happen, which I think is necessary before I can create the trust. Do I just create a simple primary zone in each domain that contains only the Host A record of one of the DC's, or do I create a new DNS domain. If the latter, what do I assign for the SOA records?
In my configuration, dc1.abc.local is 192.168.33.10. For def.local, dc1.def.local is 192.168.2.10.
Thanks in advance.
I want to create a forest trust between the two.
I have VPN tunnels between the two, and I can ping the respective DC's.
abc.local has all 2008R2 boxes, and def.local has 2003SP2 DC's.
I don't know how to configure DNS to make this happen, which I think is necessary before I can create the trust. Do I just create a simple primary zone in each domain that contains only the Host A record of one of the DC's, or do I create a new DNS domain. If the latter, what do I assign for the SOA records?
In my configuration, dc1.abc.local is 192.168.33.10. For def.local, dc1.def.local is 192.168.2.10.
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See also http://technet.microsoft.com/en-us/library/cc816810(WS.10).aspx.
ASKER
Thanks for the replies. I'll try it both ways. Pinging by address works fine in both directions.
When I create the conditional forwarder on the def.local box (2003), it works just fine; I can ping all the resources on the abc domain.
But when I try to do the same thing on the abc.com domain (2008R2) in the separate Forwarders folder, it identifies the server name OK, but says that "The server wtih this IP address is not authoritative for the required zone.". What did I do wrong?
When I create the conditional forwarder on the def.local box (2003), it works just fine; I can ping all the resources on the abc domain.
But when I try to do the same thing on the abc.com domain (2008R2) in the separate Forwarders folder, it identifies the server name OK, but says that "The server wtih this IP address is not authoritative for the required zone.". What did I do wrong?
ASKER
On the 2003 box itself, all of the records (including SOA) look just fine.
may be it is the firewall on win2003 which block the request try openning port UDP 53 on windows 2003
ASKER
Yeah, that was it. My router was getting really flaky and finally died right in the middle of my testing. Never easy, is it? Thanks.