I've got some problems to get the DNS settings right in order to create a one-way trust between two W2k-domains.
The situation is as follows:
In a DMZ (demilitarized zone) we created a new domain (eu-x.poort.firmanaam.nl)
and we need to create a one-way trust between the new domain and the existing domain (pc.firmanaam.nl), where all users and groups are created in Active Directory.
The eu-x.poort... domain is the trusting domain.
In the DMZ was no DNS-server so we made the new Domain Controllers also (AD-integrated) DNS-server.
In the existing domain is a UNIX-DNS-server.
Between both domains is a firewall where port 53 (DNS) will be blocked (probably).
So we would like to create static entries (new zone data) in DNS of the Domain controllers of the other domain (and vice versa). There should be no update activities.
So the question is, what is the best way to set up DNS-settings for creating this trust.
Here's what I've tried so far.
In a test environment things worked (more or less) fine after creating a secondary new zone (on both sides) in DNS (the zone information was loaded with "Transfer from master"
.
The occasional RPC-server not available error messages appeared only sometimes.
But what I would like to do (I think) is to create a New Primary zone (from file). However how to handle these (W2k-generated) numbers.
7f2632f2-630f-4d16-bef2-4c5a400d5f25._msdcs 600 CNAME w2kdc1.pc.firmanaam.nl.
Do I need an alias like this? or is there a way around it.
and _ldap._tcp.46218ed5-2fb9-4567-a73c-8ec179e7676f.domains._msdcs 600 SRV 0 100 389 w2kdc1.pc.firmanaam.nl.
I hope someone can help me with this problem.
By the way. Enable lmhosts and creating records in Lmhosts did not solve our problem in the testenvironment.
In the Production environment we might have a second problem with the length of the domain name.
As it may not exceed 15 characters for it to work.
xxx.xxx.xxx.xxx #PRE #DOMc.firmanaam.nl
xxx.xxx.xxx.xxx "pc.firmanaam.nl\0x1b" #PRE
would not work I think.
The situation is as follows:
In a DMZ (demilitarized zone) we created a new domain (eu-x.poort.firmanaam.nl)
and we need to create a one-way trust between the new domain and the existing domain (pc.firmanaam.nl), where all users and groups are created in Active Directory.
The eu-x.poort... domain is the trusting domain.
In the DMZ was no DNS-server so we made the new Domain Controllers also (AD-integrated) DNS-server.
In the existing domain is a UNIX-DNS-server.
Between both domains is a firewall where port 53 (DNS) will be blocked (probably).
So we would like to create static entries (new zone data) in DNS of the Domain controllers of the other domain (and vice versa). There should be no update activities.
So the question is, what is the best way to set up DNS-settings for creating this trust.
Here's what I've tried so far.
In a test environment things worked (more or less) fine after creating a secondary new zone (on both sides) in DNS (the zone information was loaded with "Transfer from master"
.The occasional RPC-server not available error messages appeared only sometimes.
But what I would like to do (I think) is to create a New Primary zone (from file). However how to handle these (W2k-generated) numbers.
7f2632f2-630f-4d16-bef2-4c5a400d5f25._msdcs 600 CNAME w2kdc1.pc.firmanaam.nl.
Do I need an alias like this? or is there a way around it.
and _ldap._tcp.46218ed5-2fb9-4567-a73c-8ec179e7676f.domains._msdcs 600 SRV 0 100 389 w2kdc1.pc.firmanaam.nl.
I hope someone can help me with this problem.
By the way. Enable lmhosts and creating records in Lmhosts did not solve our problem in the testenvironment.
In the Production environment we might have a second problem with the length of the domain name.
As it may not exceed 15 characters for it to work.
xxx.xxx.xxx.xxx #PRE #DOM
c.firmanaam.nlxxx.xxx.xxx.xxx "pc.firmanaam.nl\0x1b" #PRE
would not work I think.
