W2K DNS resolution between trusted domains.

[zingarosvg]

If I create two way trusts between my domain, and three external w2k domains, how do I get my DNS servers to resolve names on their networks and vice versa. (Do I create a secondary zone on my server to point to their DNS server?) I have my DNS forwarding going to our ISP.

Also, how would I get their domain's dns servers to resolve eachother, without setting up trusts between those networks?

Thanks.

 

[brontosaurus]

you don't need trusts to set up dns servers as secondaries, you just need ip connectivity and permissions. it shouldn't pose a big problem for you....

 

[GiaBetiu]

I'm sory brontosaurus but you are wrong.
IP connectivity and permissions are not enough.
When you set the trust, that DC will not be available to solve the domain that you are asking for trust.
Then later, a computer from one network will not be able to make the mapping with the resource that you want from the other network.
Usually common resources should be published in the Global Catalog, and manually!
But Global Catalog is used for searching objects, based on names, bsed on attributes, or helping in authentication.
A network request will be made via a normal procedure, using DNS. Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k

 

[zingarosvg]

OK, so how to I set up the DNS resolution?

I have Domain A, which has two way trusts with domains B, C and D. Each domain has their own DNS server, with forwarders going to their ISPs.

Should I create secondary zones for A on B,C,and D....and seondary zones for B,C,and D on A?

Thanks!

 

[GiaBetiu]

well,... is not so easy
your 2 networks are separated by a public network.
And I suppose that the two companies (networks) are having private unregistered domain name.
Maybe there are some other tricks, but what I can see now is that you need a VPN between the two networks.
(Another trick could be to set as forwarder with a higher priorty the other DNS server.. on each side)
Then you will have a private chanel between your 2 companies.
In this case, after you establish your VPN, you have to do as you were saying, having a secondary zone of the other zone on each side.

Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k

 

[brontosaurus]

Gia, the original post asked about DNS resolution, it did not ask about mapping drives or connecting to resources. You are correct that connecting resources will require a trust (if you want to use your own credentials), but these are 2 totally separate issues. I was answering the resolution question, which has nothing to do with connecting resources. What if he was just interested in gaining resolution because he wanted to hit a web site or FTP server? That has nothing to do with trusts. Any DNS server can secondary off another as long as the administrator allows it, and it works via IP connectivity.
That's what I was saying. And it's not wrong.

 

[zingarosvg]

OK -- I think I have this halfway resolved, our ultimate goal is to publish intranet web sites that we can access between domains... (hence, the need for dns resolution)
The DNS resolution looks like it's working now, so thanks!

The VPN Connections were set up with VPN tunnels on the firewalls. A can ping B,C, and D. I set up secondary zones on A for domains B,C, and D and configured the dns servers on b,c and d to allow for zone transfers. Looks good so far.

Now, we still can't see their networks under network browser, nor connect to their services.. Hmm...we've already established trusts under AD, and our VPN tunnel allows all traffic to flow between the different domains.


Any ideas

 

[GiaBetiu]

What connection to their services did you try?
And how. What is the error is saying?
what VPN protocol are you using?
Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k