I'm labing a forest trust before implementing in real world. I have 2k3-R2 to 2k8-R2 two way trust and am trying to pick the best DNS method between stub zones, a secondary zone using the other domains DNS server or a forwarder
We currently use forwarders to resolve internet names so is it a bad idea to use an additional forwarder (of the destination forest) to resolve cross forest DNS names and authentication requests ?
I want to use an integrated stub zone but this seems messy as well being that we'd have to replicate that across hundreds of DCs and domains in the forest.
Is there a feataure within these that I'm missing to make this easier or less intrusive of a design change?