I've created two domains, which for the purposes of this question we'll call
1) company.com - an internal domain and
2) company.dmz - a dmz domain
Now, when I go to AD Domains and Trusts and try to create a new trust between the two domains it fails before the wizard even complete with the error
"The New Trust Wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection."
Which of course seems reasonable given the DNS servers for company.com have absolutely no way of knowing about company.dmz.
So, how do companies NORMALLY approach making one domain aware of the other? I'm a little hesitant to just create stubs in company.com for company.dmz (and vice versa, since if I let company.dmz resolve publically it wont find our internal AD records), but maybe that's what one does. Especially since the number of servers is quite small and their addresses will not change after creation.
Can I get a confirmation? And maybe a pointer to the holes to poke in the firewall to allow for continued proper operation of the trust after its established?