Windows Server - DNS Setup for Domain Trust

Asked By MusesShado on 15-Sep-07 08:20 AM
Hi All,

I've got a new domain forest under our responsibility which I need to setup
a domain trust for to allow users from each domain to access resources
between domains.  I understand how to setup a trust, but as usual, I'm having
difficulties with DNS concept.

In order for these domains to talk to one another they have to know how to
find one another by name ( and, but if I try and
setup a secondary DNS zone for each domain from the other domain they don't
seem to work...

If anyone can offer suggestions, it would be most appreciated.
Lance DOT Gilroy AT fourseasons DOT com

Anthony replied on 15-Sep-07 08:39 AM
When you set up a Secondary, the Primary has to allow the zone to be copied.
You can find those settings in the Primary zone properties.
Apart from that, there's nothing to get in the way of setting up
cross-linked secondaries like that,
RyanHanisc replied on 15-Sep-07 11:54 AM

Rather than adding the overhead of managing secondary DNS zones you may want
to look at other options.  Generally speaking, you'd opt for AD Integrated
zones rather than a Primary/ Secondary relationship in you AD Domain making
external secondaries a less than attractive option.

Generally, you would use simply make the other servers aware of the
additional DNS servers through network properties or forwarders. (Pros and
Cons with each.)  This lets you protect your domain from any problems in the
foreign DNS and allows you to use AD Integrated DNS as well.
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
kj [SBS MVP] replied on 15-Sep-07 12:02 PM
DNS Server vesion(s) can effect your choices.

With 2003 servers, I'd go with either stub zones or Domain Forwarders.

Augusto Alvarez replied on 15-Sep-07 02:00 PM
I will use the Forwarders option, I think is the best think to do in your

In this case when some at domain1 wants something from domain2 (or
viceversa), the server automatic redirects the request to the proper server
or servers. And there are no zone transfers involved, or DNS records that
are out of date or anything like that.


augusto alvarez | it pro | southworks s.r.l.