active directory integrated zone and secondary zone

[012271]

Can I configure a secondary zone to an active directory
integrated zone ? Does secondary zones only applicable to primary zones ?
If I have 2 domains and in each of the domains, I have active directory integrated zone on dns servers. If I want the dns servers to be a backup of each other, what do I have to configure on each of the dns servers ?

 

[BWilson77080]

are they in seperate domain trees?
or are they parent/child? (ex: corp.companya.com; company.com)???
and all they all win2000 DNS servers?
and are they located in different sites geographically?

 

[012271]

What is the answer if they are in seperate domain tree ?
and what is the answer if they are parent/child ?
Assume that they are all w2000 DNS server.
What is the answer if they are in different sites
and what is the answer if they are in the same site ?
Thanks for your answer.

 

[BWilson77080]

if they are child domains you should create a subdomain in DNS for the child domain and then delegate that zone to the child domain, which will make it serve the child domain, thats to stay w/ AD integrated ,which is your best route anyway..

as for a secondary zone...i dont why you wouldnt be abel to do it...but if you do you lose precious security

 

[012271]

I don't think a delegated child domain DNS server (DNS2) is a full backup of the parent domain DNS (DNS1), so there is a need for a secondary zone of the parent domain to be present on DNS2. Otherwise, we have to configure 2 DNS servers with ADI zone in the parent domain so that they can be backup of each other.

 

[BWilson77080]

all you will have to do is enable forwarding on DNS2 to resolve hosts that arent on the internal network....adding a zone for DNS1 to DNS2 will however reduce WAN traffic

but the two zoens on each are a ebtter idea.....and yes teh zone will need to be creaetd, turned to ad integrated, and then delegated to DNS2


try to avoid secondary servers if possible.