DNS Configuration for Root / Child Domain

I inherited a Root / Child domain that is relatively simple except for the network/DNS config.  The domain consists of a single empty Root domain (single DC) and a single Child domain (with two DC's).  Everything is within a single Forest / Site.  All three DC's are running DNS.  I noticed that there are replication errors, specifically when running DNSLint on the Root DC, I get an error stating "Total number of CNAME records missing on this server: 2".  All other DNSLint, DCDiag and NetDiag tests pass.  

The confusion comes in with the networking setup.  Due to security requirements, the child DC's are multi-homed, but the root DC is not.  I've attached a sample diagram which should help clarify.   What I'm trying to determine is how DNS should be configured in this scenario to allow for proper AD operation.  I want to add a second DC to the Root for redundancy, but would like to first get DNS setup properly.     Diagram
Who is Participating?
Question: How do I set up DNS for a child domain?

Answer: To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server.

Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for your environment.

Set the child domain controller to point to itself first. As soon as an additional domain controller is available, set the child domain controller to point to this domain controller in the child domain as its secondary.

The above article belongs to all windows versions.

Multihomed DC's are not recommended, take a look & if you got multihomed DC, disable registry this records in dns option in each NIC except one.

DNS recommendations from MS Team.
Well that depends on how you are using AD DNS.  In this example I woudl turn off DNS updating on the DC's for any NIC's with 172 IP's so that AD will alsways communciate across the 192 IP's.  

The issue is that you really need to have DNS answering on the 192 IP's for that to work properly.  Are the rest of the machinces in the child domain mutli-homed and can you have all of the communication going across the 192 network.
dkrautAuthor Commented:
so this is where it gets tangled... In our environment, we use the 192.168.x.x net for management (RDP, etc.) and use the 172.30.x.x net for server to server communication.  Not sure why my predecessor decided to forgo the 172.30.x.x network on the root DC.  I was thinking of connecting the second NIC and adding the 172.30.x.x net to the root DC, but I have to tread carefully since this is a production environment.
I wouldn't add a second NIC to the DC.  I think that will complicate things further.  When I had a similar configuration in a previous environment we considered AD traffic "management traffic" not traditional server to server traffic since AD is essentially infrastructure not end user services like a file server.  

Do you need the AD DNS to resolve things on the 172 network?
Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.