Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

DNS configuration for External Trusts

  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS configuration for External Trusts

    I am trying to an establish an external trust between 2 Forests.
    Forest A -
    Forest B -

    Both sites have their own DNS servers (did not setup myself). I tried following a bunch of guides found on the net. And come to the point where I need to setup pointers but I can't seem to do it and is giving me either an error saying zone configuration error, or zone already exists.

    Can anyone maybe explain an easy way to go about fixing this or getting it so that I can communicate between the 2 domains so I can start to setup the trust?

    Any help would be appreciated.


  • #2
    Re: DNS configuration for External Trusts

    there are 3 ways you can establish DNS recognition of each other.

    1) create secondaries zones on each forest that would carry a secondary of the other forest Primary zone
    that you do by going in to the zone configuration and allowing zone transfer to the other forest DNS IP, then on the other forest DNS you create a new zone as "Secondary" pointing it to pull the zone from the 1st forest DNS you just enabled Zone transfer.
    do the same on the other Forest (both should have secondaries of each other Primaries).

    2) the other method which I recommend, known as "Conditional Forwarding", by going in to the DNS Server configuration (not the Zone config) and going to the Forwarder tab and adding the other forest zone there with it's IP.
    this means that every DNS query that is asked for that zone it would be forwarded to the other forest DNS.
    do it on both DNS/Forests pointing to each other.

    3) Create a stub zone for each other Forests Zones (if it is a Windows 2003 DNS).
    you can read more about it here:

    Remark: when I say IP I mean the IP of the DNS Server in the Forest you want to Forward/Zone Transfer to/from
    Note: you can apply only 1 of the methods not both (that is why you get an error "Zone already Exists").
    Last edited by Akila; 31st May 2008, 20:06.