Conditional Forwarders to Domains outside of the Forest

Hi All,

I have a following scenario:

1. Local Windows domain LOCALDOMAIN.COM contain 1 W2K3 DC
MYDC01.localdomain.com which is also a DNS server.
2. There are 3 Windows domains: REMOTEDOMAIN.COM, SUB01.REMOTEDOMAIN.COM and
SUB02.REMOTEDOMAIN.COM.
3 Zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM are delegated to
the W2K3 DCs in those domains.

On the MYDC01.localdomain.com I want to enable conditional forwarders so
when I need to perform a name resolution for any of the domains in the
REMOTEDOMAIN.COM forest, the name resolution was most effective.

Questions:
1. What is the best way to do it:
1.1. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM.
1.2. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
because zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM were
delegated.
2. If it is possinble please post a Microsoft reference which
explains/justifies that decision.

Thank you in advance,
Alex

I don't think there is a "correct" answer here since different situations
require different configurations. I will give you my two cents and you can
ignore it if it's not what you are looking for.

I would go with example 1.1 and set up conditional forwarders or stub zones
to each of the domains. You have a direct connect to each dns namespace so
if remotedomain fails, you can still resolve and reach the subdomains.

Another question you may want to ask is whether or not you want to use stub
zones or conditional forwarders. This is personal preference but here are
some notes.

Stub Zone Advantages
1. You always have an updated list of remote authoritative sources for the
given remote domains.
2. The query is still handled by your local DNS server since it will query
the remote DNS server for the client and cache the result locally.
3. If one of your remote domains has a DNS server change, your other sites
will get the change automatically.

Conditional forwarding advantages
1. The query is pushed to the remote server and returned to the client.
Your DNS is removed from the picture.

2. Since they are retrieving the information from the remote dns server,
their requests should always be responded to quickly since the information is
cached on that server from prior requests.

3. Conditional forwarders also allow you to specify which DNS server will
get the forwarded request. This may be necessary if you have internal
security concerns or firewalls to traverse. Stub zones will just query
anything in the list of authoritative sources it has on hand.

-Train-
Windows Server &
Cisco Security Administrator


"Alex" wrote:

> Hi All,
>
> I have a following scenario:
>
> 1. Local Windows domain LOCALDOMAIN.COM contain 1 W2K3 DC
> MYDC01.localdomain.com which is also a DNS server.
> 2. There are 3 Windows domains: REMOTEDOMAIN.COM, SUB01.REMOTEDOMAIN.COM and
> SUB02.REMOTEDOMAIN.COM.
> 3 Zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM are delegated to
> the W2K3 DCs in those domains.
>
> On the MYDC01.localdomain.com I want to enable conditional forwarders so
> when I need to perform a name resolution for any of the domains in the
> REMOTEDOMAIN.COM forest, the name resolution was most effective.
>
> Questions:
> 1. What is the best way to do it:
> 1.1. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
> SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM.
> 1.2. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
> because zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM were
> delegated.
> 2. If it is possinble please post a Microsoft reference which
> explains/justifies that decision.
>
> Thank you in advance,
> Alex

I forgot your link

http://technet2.microsoft.com/Window...49c591033.mspx

--
-Train-
Windows Server &
Cisco Security Administrator


"Alex" wrote:

> Hi All,
>
> I have a following scenario:
>
> 1. Local Windows domain LOCALDOMAIN.COM contain 1 W2K3 DC
> MYDC01.localdomain.com which is also a DNS server.
> 2. There are 3 Windows domains: REMOTEDOMAIN.COM, SUB01.REMOTEDOMAIN.COM and
> SUB02.REMOTEDOMAIN.COM.
> 3 Zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM are delegated to
> the W2K3 DCs in those domains.
>
> On the MYDC01.localdomain.com I want to enable conditional forwarders so
> when I need to perform a name resolution for any of the domains in the
> REMOTEDOMAIN.COM forest, the name resolution was most effective.
>
> Questions:
> 1. What is the best way to do it:
> 1.1. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
> SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM.
> 1.2. On MYDC01.localdomain.com enable forwarders to REMOTEDOMAIN.COM,
> because zones SUB01.REMOTEDOMAIN.COM and SUB02.REMOTEDOMAIN.COM were
> delegated.
> 2. If it is possinble please post a Microsoft reference which
> explains/justifies that decision.
>
> Thank you in advance,
> Alex