Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Microsoft DNS server question

Posted on 2013-12-07
7
Medium Priority
?
440 Views
Last Modified: 2013-12-11
Hi
If I have a single forest with multiple domains. (Server 2008 and 2012)

Example.com is my root domain and then I still have two child domains test1.example.com and test2.example.com

My question is when I point a client pc to my root domain dns server example.com will it be able to resolve also everything in my child domains.
Please advice
0
Comment
Question by:ciscosupp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 39702989
Yes.  When you create a child domain, a delegation to the sub-domains (and DNS domain) is created in the root forest or, if DNS is configured to replicate to "All DNS servers in the Forest".  In DNS you should see a delegation zone or a copy of the entire zone.

In either case, you can use the NSLOOKUP command on a client to test.  From a PC, run a command prompt:

C:\>nslookup
Default Server:  your.DNSServer.example.com
Address:  x.x.x.x

> test1.example.com
Server:  your.DNSServer.example.com
Address:  x.x.x.x

Non-authoritative answer:
Name:    test1.example.com
Address:  y.y.y.y

If the DNS record returns, then you're okay to point clients to the parent.  They should also work just fine if the clients point to the child domain DNS servers.
0
 

Author Comment

by:ciscosupp
ID: 39703146
Thanks
I will use a third party dns server (infoblox)  as my main dns sever for all my clients.
Basically all my clients will point to third party dns server and I will replicate my root domain controller with third party dns server.
Is it okay to only replicate root domain controller to third party  dns sever or must I also replicate my child cc's please advice.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 39703225
You don't have to replicate the zone.   Just need a stub zone with glue records for the DNS zone example.com and the rest will work fine, unless that was the reason for the Infoblox.

Each sub-domain has a different DNS zone.  If you are replicating the zone only, then your will not be able to resolve sub-domains without adding stub zones ir replicating thise DNS zones as well
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:ciscosupp
ID: 39704033
ok but when i create stub zone and do changes on it wil it replicate to my ms dns server as i any changes made on ms dns or third party dns should sync
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 39704251
Only if you are replicating the stub zones to the Infoblox as well. They are separate DNS  zones after all. If not, you have ti manually update them.
0
 

Author Comment

by:ciscosupp
ID: 39711270
okay thanks my last question
can I also make changes in a secondary zone and are they then update to primary zone please advice
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 2000 total points
ID: 39711343
No.  Secondary zones are by definition READ only copies of primary zones.  It's a one-way replication from primary to secondary
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question