DNS Zone Security Delegation 2

[mrpib]

Hi,

Corporate is looking to provide division IT admin rights to sub-zones in DNS to local admins. Not something I feel comfortable doing in the first place but have been given direction to make this happen.

For an example:

ABC.com AD Integrated Primary zone we can implement security on by right click and Security tab. A subfolder/domain in abc.com called 123.abc.com we cannot as far as we can see when you rt click.

We were wondering is it even possible since we don't want to give them rights to ABC.com primary zone. The only other way I can think of is to create a new primary zone called 123.abc.com but that will just become a mess after each division gets their own zone.

Thanks in advance.

 

[lhuegele]

I don't believe you can do what you want, and you can't make 123.abc.com it's own zone because it's a sub-zone of abc.com. What you can do is give them 123.com.

Personally, if a division here wanted to control their own DNS, I would make them get their own DNS server and their own domain to manage. I would then set-up replication and bring in their domain as a secondary zone.

Good luck,

 

[GlenJohnson]

lhuegele is correct, plus this would give the added advantage of having multiple dns servers, so if something happened to one, users would still have the service.

Glen A. Johnson
Johnson Computer Consulting

http://www.fred08.com/index.aspx