snyderkv
asked on
Active Directory forest trust DNS recomendation
EE,
I'm labing a forest trust before implementing in real world. I have 2k3-R2 to 2k8-R2 two way trust and am trying to pick the best DNS method between stub zones, a secondary zone using the other domains DNS server or a forwarder
We currently use forwarders to resolve internet names so is it a bad idea to use an additional forwarder (of the destination forest) to resolve cross forest DNS names and authentication requests ?
I want to use an integrated stub zone but this seems messy as well being that we'd have to replicate that across hundreds of DCs and domains in the forest.
Is there a feataure within these that I'm missing to make this easier or less intrusive of a design change?
Thanks again
I'm labing a forest trust before implementing in real world. I have 2k3-R2 to 2k8-R2 two way trust and am trying to pick the best DNS method between stub zones, a secondary zone using the other domains DNS server or a forwarder
We currently use forwarders to resolve internet names so is it a bad idea to use an additional forwarder (of the destination forest) to resolve cross forest DNS names and authentication requests ?
I want to use an integrated stub zone but this seems messy as well being that we'd have to replicate that across hundreds of DCs and domains in the forest.
Is there a feataure within these that I'm missing to make this easier or less intrusive of a design change?
Thanks again
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rad, I'm confused, we have hundreds of DCs that use standard forwarders for internet queries, so I didn't think it was a great idea to add a cross forest DNS entry into the mix. Will a conditional forwarder act any different or is it the same?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great thanks Dave for the clarification and everyone else. I'll test it out now
ASKER
Good info, I'll test in my lab. But wanted to ask, it seems like the difference is simply that I can integrate these forwarders into AD instead of just a single DC like standard forwarders, but if I try to reach google, wouldn't it still try and ask across the forest?