DNS Best Practice for two domains
Posted on 2015-02-17
I have two active directory domains, DMZ.com and Domain.com. There is an outgoing trust from dmz.com to domain.com.
Both domains originally had two domain controllers (2003). I'm migrating to 2008 and have added two domain controllers (2008) to both domains. My question is on the configuration of Zone Transfers.
Each of the Domain Controllers in Domain.com is configured as a Name Server for all Forward Lookup Zones in Domain.com. Zone Transfers are allowed to each of the domain controllers in DMZ.com for the zones in Domain.com.
And vice versa: Each of the DCs in DMZ.com is configured as an NS for all zones in DMZ.com. Zone Transfers allowed to each DC in Domain.com for the Forward Lookup zones in DMZ.com
1 - Should Zone Transfers be allowed for the domain.com zones on DMZDC01 to DMZDC02 (and for the other DCs too, let's keep it simple)
2 - Vice versa: Should Zone Transfers be allowed for DMZ.com zones on DC01 to DC02
3 - Reverse Lookup Zones - How should this be configured between the two domains?