 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / DNS / June 2007Simple Windows Server DNS question.
Scenario... I have a windows DNS server "A" in a windows AD environment. I have non windows DNS server "B" in a remote location. Other then able to communicate on the WAN both servers have no relationship/trust. Both DNS servers need to add each other as forwarders for DNS queries. So I believe I need to grant/add "B" servers access to "A" somehow to allow resolutions. So to my knowledge I probably have to add "B"'s IP to "A" in order to accept DNS queries from "B" To my knowledge I need this for the "A" windows DNS server will not repsond to systems not part of the domain. > Scenario... > > I have a windows DNS server "A" in a windows AD environment. > I have non windows DNS server "B" in a remote location. > Other then able to communicate on the WAN both servers have no > relationship/trust. > Both DNS servers need to add each other as forwarders for DNS queries. You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. You can conditionally forward a Windows 2003 (not 2000) to another DNS server for some specific DNS zone (tree). Chances are if NEITHER of these is otherwise related to each other then you don't want them to generally forward to each other anyway, and each will be using their respective ISP (or some other Internet DNS Server) to resolve Internet DNS names. A non-Windows DNS server MIGHT support (the equivalent of) Conditional Forwarding but you will have to check your non-Windows server for that. If not, then you MAY let the other server hold a "Secondary" copy of your zones so they can resolve your specific zone DNS names. > So I believe I need to grant/add "B" servers access to "A" somehow to > allow resolutions. Not for Conditional Forwarding no "grant" is required. For a Secondary you must enable this in the source (master) DNS Server. (There is a tab labeled "Zone Transfers" on EACH DNS Zone property sheet for the Windows DNS server.) > So to my knowledge I probably have to add "B"'s IP to "A" in order to > accept DNS queries from "B" > > To my knowledge I need this for the "A" windows DNS server will not > repsond to systems not part of the domain.  SignatureHerb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site) >> Scenario... >> [quoted text clipped - 14 lines] > will be using their respective ISP (or some other Internet DNS Server) to > resolve Internet DNS names. Alright Im glad to see you know your stuff and Ill explain myself a little more clearly. Both networks "A" and "B" have Intranets. In order for both networks to properly browswe each others Intranets I believed the solution is to just forward DNS resolutions to each other in order to have their local urls resolved properly. Knowing this, how would you recomend this be done. I do know network "A" is a microsoft domain, and I believe "B" is not. Adding standard secondary zones? I appreciate the help .. > A non-Windows DNS server MIGHT support (the equivalent of) Conditional > Forwarding but you will have to check your non-Windows server for that. [quoted text clipped - 16 lines] >> To my knowledge I need this for the "A" windows DNS server will not >> repsond to systems not part of the domain. Network A has a DNS-Server: DNS-A with a Primary Forward-Zone: INTRANET-A.DOM Network B has a DNS-Server: DNS-B with a Primary Forward-Zone: INTRANET-B.DOM So that both Networks can be resolved by all Clients, one Solution is to make: on DNS-A a secondary Zone from INTRANET-B.DOM where the Master is DNS-B and on DNS-B a secondary Zone from INTRANET-B.DOM where the master is DNS-A you just have to make shure, that the Zone-transfer works between both DNS-Servers. This is best done by adding each DNS-Server in each ZONE and ALLOW ZONETRANSFER to all DNS-Servers in ZONE sorry about my English, good look Werner >>> Scenario... >>> [quoted text clipped - 48 lines] >>> To my knowledge I need this for the "A" windows DNS server will not >>> repsond to systems not part of the domain. soory... it must read: on DNS-A a secondary Zone from INTRANET-B.DOM where the Master is DNS-B and on DNS-B a secondary Zone from INTRANET-A.DOM where the master is DNS-A > Network A has a DNS-Server: DNS-A with a Primary Forward-Zone: > INTRANET-A.DOM [quoted text clipped - 70 lines] >>>> To my knowledge I need this for the "A" windows DNS server will not >>>> repsond to systems not part of the domain. >>> Scenario... >>> [quoted text clipped - 14 lines] >> will be using their respective ISP (or some other Internet DNS Server) to >> resolve Internet DNS names. > Alright Im glad to see you know your stuff and Ill explain myself a little > more clearly. Both networks "A" and "B" have Intranets. In order for > both networks to properly browswe each others Intranets I believed the > solution is to just forward DNS resolutions to each other in order to have > their local urls resolved properly. Browsing is a NetBIOS application -- for browsing to work across multiple subnets you need (replicated) WINS Servers, and for every machine (especially DCs and other servers) to be WINS Clients. > Knowing this, how would you recomend this be done. I do know network "A" > is a microsoft domain, and I believe "B" is not. For DNS resolution or PRIVATE DNS names (not available on the Internet) you need to use Conditional Forward A->B for B.zones, and B->A for A.zones OR if Conditional Forwarding is NOT available then B much hold a secondary for A zones and vice versa. You might use Conditition Forwarding in one direction and Secondary for the other -- Win2003 DEFINITELY supports Conditional Forwarding, 2000 does NOT, and other DNS servers will depend on their feature set. > Adding standard secondary zones? That will ALWAYS work for DNS resolution -- but browsing is NOT a DNS application. You need NetBIOS for Browsing, and that means a practical need for REPLICATED WINS Servers when you have more than one subnet. > I appreciate the help .. > [quoted text clipped - 18 lines] >>> To my knowledge I need this for the "A" windows DNS server will not >>> repsond to systems not part of the domain. >>>> Scenario... >>>> [quoted text clipped - 21 lines] >> the solution is to just forward DNS resolutions to each other in order to >> have their local urls resolved properly. Sorry browsing was a poor choice of words... surfing! > Browsing is a NetBIOS application -- for browsing to work across multiple > subnets you need (replicated) WINS Servers, and for every machine [quoted text clipped - 46 lines] >>>> To my knowledge I need this for the "A" windows DNS server will not >>>> repsond to systems not part of the domain. >>>>> Scenario... >>>>> [quoted text clipped - 23 lines] > > Sorry browsing was a poor choice of words... surfing! No problem that is why I gave both answers anyway. >> Browsing is a NetBIOS application -- for browsing to work across multiple >> subnets you need (replicated) WINS Servers, and for every machine [quoted text clipped - 47 lines] >>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>> repsond to systems not part of the domain. >>>>>> Scenario... >>>>>> [quoted text clipped - 7 lines] >>>>> >>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. So in conclusion I guess we all agree that adding each other as forwarders is not a proper solution and highly not recommended. I should setup new zones on both networks and have them be able to transfer to each other. Agreed? >>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>> DNS server for some specific DNS zone (tree). [quoted text clipped - 71 lines] >>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>> repsond to systems not part of the domain. >>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. > > So in conclusion I guess we all agree that adding each other as forwarders > is not a proper solution and highly not recommended. I hope we all agree because not only is it "not recommended" it will typically crash BOTH DNS Services. You have created and INFITE LOOP for anything that cannot be resolve on at at least one of the servers A->B->A->B-A->............................................... > I should setup new zones on both networks and have them be able to > transfer to each other. That always works even with older DNS servers. > Agreed? Or you can CONDITIONALLY forward for specific zones from either or both of them IF the DNS Server in question (e.g., Win2003) supports this. Expect older DNS servers to NOT support this -- check newer ones for the feature. >>>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>>> DNS server for some specific DNS zone (tree). [quoted text clipped - 72 lines] >>>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>>> repsond to systems not part of the domain. >>>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) forwarders. >> [quoted text clipped - 22 lines] > Expect older DNS servers to NOT support this -- check newer ones for the > feature. I agree, unfortunetly my network runs on w2k DNS so zone transfers it is. Now all I have to decide is if I should add this zone as an AD integrated or just a secondary standard. I'm thinking AD for redundancy purposes. Thanks again for your input. >>>>>>> You can conditionally forward a Windows 2003 (not 2000) to another >>>>>>> DNS server for some specific DNS zone (tree). [quoted text clipped - 73 lines] >>>>>>>> To my knowledge I need this for the "A" windows DNS server will not >>>>>>>> repsond to systems not part of the domain. >>>>>>>> You cannot use two DNS servers a MUTUAL (unconditional*) >>>>>>>> forwarders. [quoted text clipped - 25 lines] > > I agree, unfortunetly my network runs on w2k DNS so zone transfers it is. Ok. That is secondaries then. > Now all I have to decide is if I should add this zone as an AD integrated > or just a secondary standard. I'm thinking AD for redundancy purposes. No you do not -- you cannot used AD Integrated for someone else's Domain/Forest. They cannot use Integrated for YOUR Domain/Forest AD Integrated DNS You can only be a Secondary to them*, and they can only be a Secondary to you. *You don't have Win2003 which would technically open up Stub zones or AD Integrated across domains but in the SAME FOREST, but you cannot do AD Integrate across multiple domains otherwise. You certainly cannot do AD integrated ACROSS unrelated domains. This doesn't affect YOUR ability to use AD Integrated internally (which is usually the best choice) because these DNS servers/zone can have ordinary Secondaries (doing zone transfers) anyway. > Thanks again for your input. Happy to help. SignatureHerb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site) |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.