Here's the situation.. We are designing AD for a forest that will house multiple TREES.
For example:
ForestRoot.com------------------
/ company1.com company2.com
/ us.company1.com us.company2.com
/ uk.company1.com uk.company2.com
We think we want forestroot.com to hold the internal ".". Therefore, we do not want to delete the "." internal DNS root and have it forward to the internet ISP DNS servers (We don't want to do this because the companies actually span multiple countries....and don't UK companies having to query through the US-based forestroot)
Our theory is that we leave the "." root in ForestRoot.com and have delegations from ForestRoot.com for zones like company1.com, company2.com, etc. This seems to work fine in our test lab. We can resolve every record within our forest.
The question is...how should we configure INTERNET resolution? From reading Technet, it looks like we may need a PROXY(ISA) server to resolve internet based requests. This would work for us because every company can set up thier own proxies....that are linked to thier own ISP's.
The other option we are considering is FORWARDING from the root sub-trees (Company1.com or Company2.com) to the internet.
Any suggestions? or a place to look for more information?
Joseph L. Poandl
MCSE 2000
If your company is in need of experts to examine technical problems/solutions, please check out
For example:
ForestRoot.com------------------
/ company1.com company2.com
/ us.company1.com us.company2.com
/ uk.company1.com uk.company2.com
We think we want forestroot.com to hold the internal ".". Therefore, we do not want to delete the "." internal DNS root and have it forward to the internet ISP DNS servers (We don't want to do this because the companies actually span multiple countries....and don't UK companies having to query through the US-based forestroot)
Our theory is that we leave the "." root in ForestRoot.com and have delegations from ForestRoot.com for zones like company1.com, company2.com, etc. This seems to work fine in our test lab. We can resolve every record within our forest.
The question is...how should we configure INTERNET resolution? From reading Technet, it looks like we may need a PROXY(ISA) server to resolve internet based requests. This would work for us because every company can set up thier own proxies....that are linked to thier own ISP's.
The other option we are considering is FORWARDING from the root sub-trees (Company1.com or Company2.com) to the internet.
Any suggestions? or a place to look for more information?
Joseph L. Poandl
MCSE 2000
If your company is in need of experts to examine technical problems/solutions, please check out