Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forest w/multiple trees, DNS, and client internet resolution!?

Status
Not open for further replies.
Jpoandl

Jpoandl

MIS
Joined
Jun 23, 2000
Messages
2,008
Location
US
To Win2K people with enterprise experience:

Here's the situation.. We are designing AD for a forest that will house multiple TREES.

For example:

ForestRoot.com------------------
/ company1.com company2.com
/ us.company1.com us.company2.com
/ uk.company1.com uk.company2.com


We think we want forestroot.com to hold the internal ".". Therefore, we do not want to delete the "." internal DNS root and have it forward to the internet ISP DNS servers (We don't want to do this because the companies actually span multiple countries....and don't UK companies having to query through the US-based forestroot)

Our theory is that we leave the "." root in ForestRoot.com and have delegations from ForestRoot.com for zones like company1.com, company2.com, etc. This seems to work fine in our test lab. We can resolve every record within our forest.

The question is...how should we configure INTERNET resolution? From reading Technet, it looks like we may need a PROXY server to resolve internet based requests. This would work for us because every company can set up thier own proxies....that are linked to thier own ISP's.

The other option we are considering is FORWARDING from the root sub-trees (Company1.com or Company2.com) to the internet.

Any suggestions? or a place to look for more information?

Thanks in advance... Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out
 
Sort by date Sort by votes
What if: No clients ever query the root DNS server directly, they all query lower level DNS servers whose root hints files have been altered to point at the root server, as you describe. THEN, leave the standard cache.dns file at the root DNS server, along with the records needed to redirect internal queries back down the tree. This way the root server will pass appropriate queries for your forest to the external root servers while still acting as the root for all appropriate internal resolution queries.

Probably needs some developing.
 
Upvote 0 Downvote
Shackdaddy,

"This way the root server will pass appropriate queries for your forest to the external root servers while still acting as the root for all appropriate internal resolution queries.
"

We don't want the root servers forwarding to the internet. This is because all root servers will be located in the US. Many other domains will be in Europe and Asia, etc. We do not want internet resolution to have to go through the US to resolve internet.

We would rather have subtree domains forward to the internet themselves.

(Thanks for your time...keep the suggestions coming) Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out
 
Upvote 0 Downvote
y Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out
 
Upvote 0 Downvote
Ok, so just put multiple servers within your own domain root, and put one or two in Europe. Then your whole network will quickly come up with the proper load-balancing between your internal root servers, just like systems do with the public root servers.
 
Upvote 0 Downvote
Thanks for the response.

In general, this is a good idea. We thought about that but do not want the expense of multiple root server spanning the world. This is a requirement of the design planning. (The company is fairly small and is not willing to spend the extra money on root DC's.) Plus for security reasons, the people in control of the root server want the roots servers in the US in a special physical area.

I can see why "they" would desire this and believe that it is not necessary to have root servers spanning the globe.

Thanks again for your response.

We think there are two possible fixes for this situation. Either a PROXY server a each phyisical site that can point to local site ISP's. (which I know very little about from a DNS prospective. Can this resolve DNS for client machines?)

Or have sub-tree domains forward to the internet.

Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
1K
suncit
suncit
nukeinfer
  • Locked
  • Question Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
879
mangentle
mangentle
Teo En Ming
  • Locked
  • Question Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
902
fightaccording
fightaccording
techbrain1
  • Question Question
Explorer Error the operating system is not compatible with this product
Replies
0
Views
265
techbrain1
techbrain1
fredmartinmaine
  • Locked
  • Question Question
Domain Controller without DNS Server
Replies
4
Views
1K
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top