Announcement

Collapse
No announcement yet.

Can I have multiple zones?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can I have multiple zones?

    Currently have a 2003 AD setup (3 DCs, 2 DNS servers) and everything works fine.

    We also have a parent company in the US who we can access via a firewall VPN which routes traffic to them when we need to access some of there systems. We do not have a trust in place due to security restrictions.

    Currently our local domain is called for example domain1.local

    Our US office lets say is called usdomain.int.com

    Now, what I want to do is have DNS names on my domain so when we access resoruces which are in the US, we can enter webserver.usdomain.int.com instead of 10.21.24.35 etc. These wont be dynamic updating, just static addresses.

    Can I do this without affected my local domain1.local DNS setup?

    Thx!

  • #2
    Re: Can I have multiple zones?

    You have a few options to work with. I would highly recommend that you simply setup your DNS servers to do CONDITIONAL FOWARDING for "usdomain.int.com" domain. That way, there is no need to have any records on your servers. You dont even have to call the parent DNS admins for any configuraiton information or permission. With this configuration, whenever your DNS server receives a query for that particular domain, your DNS server will use the information it has in the CONDITIONAL FOWARDING to get the answer back to the client.

    Another common option is for you to host a SECONDARY zone on your DNS servers for "usdomain.int.com". However, this would require coordination between you and the parent DNS admins. Depending on security, they may not allow as you would have the complete zone information about their infrastructure.

    I do not recommend that you simply create a zone called "usdomain.int.com" and create your own records. As you can imagine, if the resource in the parent network changes its IP, you would have no knowledge until some reports that the resource is not reachable.

    Again, my preference is the CONDITIONAL FORWARDING. Windows 2003 DNS supports it.
    JM @ IT Training & Consulting
    http://www.itgeared.com

    Comment


    • #3
      Re: Can I have multiple zones?

      Originally posted by [JM] View Post
      You have a few options to work with. I would highly recommend that you simply setup your DNS servers to do CONDITIONAL FOWARDING for "usdomain.int.com" domain. That way, there is no need to have any records on your servers. You dont even have to call the parent DNS admins for any configuraiton information or permission. With this configuration, whenever your DNS server receives a query for that particular domain, your DNS server will use the information it has in the CONDITIONAL FOWARDING to get the answer back to the client.
      Thanks, this is what I went with in the end.

      I originally wanted to do a separate zone as I didn't think out parent company would allow us to query there DNS which is why I didn't go down the forwarder route, but I checked it out with them and explained it was best in the long run and they gave in.

      Works great now so thanks for your help.

      For completeness and in case someone else searches this, I had to create 2 forwarders in the end. My first domain usdomain.com worked great with the forwarders but we also had a site we accessed called site2.usdomain.com which was an external site. When I put the forwarders in for usdomain.com this stopped the external site working, so all I did then was create another forwarder for site2.usdomain.com but set that to our external DNS server and BINGO, all worked fine

      Thanks for your help again.

      Andy

      Comment


      • #4
        Re: Can I have multiple zones?

        That's good news. Thanks for the update.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment


        • #5
          Re: Can I have multiple zones?

          Actually, I had to roll it back this morning.

          Turns out that although the DNS lookups worked OK and traffic flowed fine, overnight email to your US company stopped. Found out it was because the US email is sent external via SMTP, but with the forwarders in it tried to route it over our VPN tunnel to them and it fell over. Pulled the forwarders out this morning and its all working fine now.

          Dam.

          Comment

          Working...
          X