Question regarding adding a DNS zone and manually entering a PTR record for a key File Server.

Question regarding adding a DNS zone and manually entering a PTR record for a key File Server.

I just joined our 2 offices (PA Office where I work & NY Office) via a VPN tunnel using our SonicWalls.  Both locations have completely separate networks, but we can now see each other servers by IP only. Were are running Windows 2008 R2 Domain Controllers and File Servers.

I would like PA's staff to be able to "see" NY's File Server by host name versus IP, so I would like to add a PTR record for this server.  However, PA & NY's domain is different, so I'm thinking I can add a DNS zone in PA (non Active Directory integrated I would assume) for the NY domain for the purpose of adding a PTR record like:
NY-FS1.NY-domain.com = 192.168.50.200

Later, I am planning on setting up a trust between the domains, but I am not ready to do this yet.  So I was looking to solve this problem as soon as possible.  However I'm nervous about the implications of adding a DNS zone without knowing the implications.

Thank you
high_soboAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDave242Senior Support EngineerCommented:
First, PTR records aren't relevant here. They're used in reverse lookup zones to resolve IP addresses to hostnames, and that's not what you're looking for.

If you're wanting the PA users to resolve the single fully qualified domain name NY-FS1.NY-domain.com to an IP address, you can do this by creating a forward lookup zone named NY-FS1.NY-domain.com on the PS DNS server, then creating a blank host (A) record within that zone. Give the host record the IP address of the server with that name (192.168.50.200 in your example).

If there are multiple DNS servers in the PA environment which are also AD domain controllers, you'll probably want to make that zone AD-integrated, as this will simplify replication of the zone among those servers.

To create a blank host record on a Windows DNS server, you simply leave the Name field blank when creating the record and enter the IP address as you normally would. If your DNS servers aren't running Windows, the method for doing this may vary.

The effect of this will be that clients which query the PA DNS server(s) for the specific name NY-FS1.NY-domain.com will resolve that name to the IP address you specify. Resolution of other names won't be affected.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DrDave242Senior Support EngineerCommented:
Oh, and once a trust is created between the domains, this zone will be redundant and should be removed.
kevinhsiehCommented:
I would use conditional forwarder in DNS instead. You'll also need them for your trust, so might as well get started.

https://www.dell.com/support/article/tt/en/ttbsdt1/sln164002/how-to-create-a-conditional-forwarder-on-a-windows-dns-server?lang=en

There is a potential for issue regarding email delivery, if the DNS zone overlaps with their public email domain. If that is the case, the AD zone would need to have valid MX records for mail delivery for email being sent by the other domain, with possible SMTP delivery over the VPN (depending on the email infrastructure).
high_soboAuthor Commented:
@DrDave242 so then we can move forward with the forward zone for NY in PA without having domain trust for now with no issues? We most likely would move forward with the trust, but for right now we do not have time to proceed with the trust due to project constraints. Thank you for the reminder to delete the forward zone once the trust has been established down the road. I will delete it at that time to remove the repetitive forward lookups.
DrDave242Senior Support EngineerCommented:
Yeah, this won't cause any issues, since the zone is only for one specific name: NY-FS1.NY-domain.com. It won't affect the ability for PA users to resolve other names in the NY-domain.com domain (so mail delivery to NY-domain.com won't be affected, for example).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.