|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
13/03/2007, 22h34
|
#1 |
Messages: n/a
Hébergeur: |
DNS best practices
I'm looking over a 2003 server that was set up be someone else and found that
the forward lookup zones are not configured the way I'm used to. I'm used to seeing a subdomain get confugured within the parent domain. So, east.contoso.com would be created and configured within the contoso.com (parent) domain. However, this server has the parent domain (contoso.com) as well as the child domains (east.contoso.com, west.contoso.com, etc) configured under the lookup zone. First, is this considered to be incorrect? And second, Is there a way to move a child domain (east.contoso.com) under the parent (contoso.com) or do I need to simply rebuild the 'subdomain' and all of its records? |
|
|
14/03/2007, 00h25
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: DNS best practices
"gscanga" <gscanga@discussions.microsoft.com> wrote in message news:3D2B12B8-9A89-49BB-81A1-965EC60F7B7E@microsoft.com... > I'm looking over a 2003 server that was set up be someone else and found > that > the forward lookup zones are not configured the way I'm used to. I'm used > to > seeing a subdomain get confugured within the parent domain. So, > east.contoso.com would be created and configured within the contoso.com > (parent) domain. Both are perfectly valid in DNS but configuring a DNS subdomain as a SEPARATE ZONE allows for the zone to be place don't different computers than the parent -- especially the parent. Normally the zones for a domain are held on DNS servers IN that domain so generally most people are delegating them as (actual) separate zones rather than mere subdomains. > However, this server has the parent domain (contoso.com) as well as the > child domains (east.contoso.com, west.contoso.com, etc) configured under > the > lookup zone. First, is this considered to be incorrect? And second, Is > there > a way to move a child domain (east.contoso.com) under the parent > (contoso.com) or do I need to simply rebuild the 'subdomain' and all of > its > records? For a Forest this is going to let you control the replication setings of the zone more accurately (or granularly): Primary, Secondary, AD Integrated with scope on the Domain, DNS-DCs of the Domain, or DNS-DCs of the forest. It likely makes more sense to separate the zones to parallel AD domains directly. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site) |
|
|
|
30/03/2007, 15h54
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: DNS best practices
Thanks for the information Herb,
I guess then, by this logic of greater manageability, the zones have been set up correctly. My primary reason for asking this is because I'm currently joined to the sub domain (east.contoso.com) and I can't resolve to the records that exist on the parent domain (contoso.com). So, my presumption was that we need to move the subdomain *under* the parent and the requests would then resolve. Is my problem of resolving related to the trust relationship? |
|
|
|
30/03/2007, 17h35
|
#4 |
|
Messages: n/a
Hébergeur: |
Re: DNS best practices
"gscanga" <gscanga@discussions.microsoft.com> wrote in message news:BCCE4850-7352-4E41-B446-B14884050F8A@microsoft.com... > Thanks for the information Herb, > > I guess then, by this logic of greater manageability, the zones have been > set up correctly. My primary reason for asking this is because I'm > currently > joined to the sub domain (east.contoso.com) and I can't resolve to the > records that exist on the parent domain (contoso.com). That is a (almost completely) different question. You can resolve the parent domain by having a copy of it (secondary etc), by using a (conditional) forwarder to the DNS servers that hold that zone, or by using a Stub (like a secondary but copies only essential records to preserve WAN bandwidth etc.) > So, my presumption was > that we need to move the subdomain *under* the parent and the requests > would > then resolve. No. You have to arrange for the child domain DNS server to be able to FIND the parent zone through one of the methods above. > Is my problem of resolving related to the trust relationship? No. DNS resolution has nothing to with trusts or permissions of any kind. (Only secure UPDATES are related to permissions for DNS.) -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site) |
|
|
|
30/03/2007, 18h28
|
#5 |
|
Messages: n/a
Hébergeur: |
Re: DNS best practices
OK, I see. Of the 3 options that you've mentioned, which would be best suited
for our configuration? Our parent zone and the child zone exist on the same server (both zones are AD- Integrated). I also know that the parent zone has very few records (less than a dozen). |
|
|
|
30/03/2007, 22h11
|
#6 |
|
Messages: n/a
Hébergeur: |
Re: DNS best practices
"gscanga" <gscanga@discussions.microsoft.com> wrote in message news:9FA5C575-DA0C-481A-9741-D6E1DDA29913@microsoft.com... > OK, I see. Of the 3 options that you've mentioned, which would be best > suited > for our configuration? In many case there is little to recommend one over the others. Use the conditional forwarding if you have Win2003 DNS servers, but you only have the "hold a Secondary for the root" if you are running Win2000 DNS. > Our parent zone and the child zone exist on the same server (both zones > are > AD- Integrated). I also know that the parent zone has very few records > (less > than a dozen). You can also use "AD Integrated" with "Forest wide Scope" if you have ALL Win2003 DCs. This is my favorite for reasonable size domains/zones. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site) |
|
|
 |
| Outils de la discussion | |
|
|
