Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Difficult trust problem between forests

Status
Not open for further replies.
shorty545

shorty545

IS-IT--Management
Apr 5, 2004
82
0
0
US
I have a dmz.local forest that hosts our dmz. I also have a company.com domain that hosts our internal domain. I am trying to setup a one way trust between the two.

The difficult part, is that the dmz.local DC contains a DNS zone called company.com that is used to host the public namespace. We DO NOT want to list our internal DC in this zone, and therefore cannot setup a secondary zone, or conditional forwarding for the company.com zone.

So...how can i setup a trust between the 2 domains if both forests contain a company.com DNS zone?

Is it possible to use the etc/hosts or etc/lmhosts files for the trust relationship?

PLEASE HELP.....

p.s. i realize the larger problem of having the inside domain named with the external company namespace, but this is too large a project to take on now
 
Sort by date Sort by votes
You have this posted in 2000 as well. Which OS is it?

All lessons learned from the School of Hard Knocks........at least tuition is cheap.
 
Upvote 0 Downvote
Have you tried a root hint instead of a forwarder to the domain you want to trust. Setup a root hint on a DNS server in each forest and have the root hint point to a DNS server on the other forest. From there you should be able to establish your trust
Bare in mind this is assuming you will be trusting dmz.local to company.com. You can't have a trust setup where both domains are company.com
Hope this helps.
 
Upvote 0 Downvote
Sorry this is a 2003 question. Both DC's are 2003. I haven't tried root hints. I don't think this will work, because this DC is also a DNS server. If a do a root hint on the DMZ DNS server for company.com, any request made to this DNS server that it is unable to find in its own DNS cache, it will then send the request to the root hint DNS server. Which would be our company.com zone in our internal LAN. This is what we do not want.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
126
araheusaff
araheusaff
ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
237
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
53
maybeimaleo
maybeimaleo
MoJHK
  • Locked
  • Question
ESXI server upload problem
Replies
3
Views
60
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top