Should I simply manually add a DNS Forward Zone ?

We have two facilities. Each facility has its own LAN, AD and domain. Between the two facilities is a VPN connection.
I want the facility A's users to see the facility B's hosts so I manually created a Forward Zone in the facility A's DNS server. That has been working fine for long. But it's been a pain since I have to manually maintain the new/old records from time to time.
An idea recently came to my mind: why not just add the facility B's DNS server's IP address into the facility A's computers' DNS Server Address list in the way like:

DNS Server Addresses:  (in facility A's computers)
10.10.10.15    (the facility A's DNS server)
10.10.50.121    (the facility B's DNS server)
10.10.10.16     (the facility A's 2nd DNS server)
10.10.50.122  (facility B's 2nd DNS server)

I assumed that in facility A, while trying to resolve B's host name, (of course 10.10.10.15 cannot resolve it,) it would pass over to the next 10.10.50.121 in the list for help. And of course the 10.10.50.121 would be able to resolve it since it is a facility B's DNS server.

Well, I found my assumption is not working. But why isn't it working? Did I miss anything?
Do you think I still need to go back to manually add and maintain a Forward Zone in facility A for resolving B's host names?
CastlewoodAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
oBdAConnect With a Mentor Commented:
You missed something.
AD members should use DNS servers for their own domain only. The DNS client only fails over to the next DNS server if the DNS server it currently uses doesn't respond at all, not if the DNS server responds with "record not found".
So first thing to do is to remove B's DNS servers on all A domain members and vice versa; you might have noticed prolonged logon times already.
Then you can either create secondary(!) zones in each domain for the respective other domain and replicate them from the other domain, or you can create a conditional DNS forwarder pointing to the DNS servers in the other domain (Properties of the DNS server, tab "Forwarders"; you need to do this on all DNS servers).
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/kb/304491
Guide with screen shots:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 
R. Toby RichardsConnect With a Mentor Network AdministratorCommented:
What you should do is to add a forwarder. In DNS, right-click your DC/DNS server. Select "Properties". Click the "Forwarders" tab. Add the domain name and it's DNS servers there:

DNS.png
Also make sure that the clients have the foreign domain in the append suffixes of the NIC's TCP settings:

2015-02-02-07-23-57-Network-Connections.
You can enforce this with group policy: Computer Configuration / Administrative Templates / Network / DNS suffix search list.
0
 
Manoj BojewarCommented:
I would say best option to create  AD integrated Primary Zone DNS for Site B replicate to Site A using Primary Zone.. This way you don't require to update changes to both the sides.
0
 
R. Toby RichardsNetwork AdministratorCommented:
You still need to make sure the clients have the foreign domain name in their DNS suffix search list.
0
 
CastlewoodAuthor Commented:
Manoj Bojewar's suggestion may not work since the two domains are not in the same forest. Sorry I didn't mention it.

R. Toby Richards, I added the conditional forwarders for each side and hope side A can see side B's and vice versa. But it turns out to be that side A can see B's while side B cannot see A's. So the question is, why is the conditional forwarder not working at Side B ? Could I miss anything somewhere?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.