The DNS subdomain
"ForestDNSZones" is for the DNS app partition itself.
By default a W2K3 DC registers
certain SRV RRs record for a domain partition/naming context it hosts. The
ForestDNSZones (per AD forest) and the DomainDNSZones (per AD domain in an
AD forest) are application partitions/naming contexts for DNS. Again by
default the DCs hosting the ForestDNSZones (all the DCs in the AD forest!)
register SRV RRs in that subdomain and DCs hosting the DomainDNSZones (per
domain and all DCs in a certain AD domain) register records in that
subdomain.
If you create a custom app
partition beneath some domain and enlist several DCs as replica members, those
DCs will host replica's for that partition and thus register SRV RRs for that
partition
When creating a DNS zone and
choosing a replication scope you are just saying: store the data for that DNS
zone in that app partition and replicate to the DCs that are replica members of
that partition
For more info: http://www.oreilly.com/catalog/dnswinsvr/chapter/ch08.pdf
Cheers,
Jorge
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Tuesday, October 25, 2005 15:48
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ForestDnsZones
I found that.
Thanks.
I guess what my question is, what is the point/relationship of the
ForestDnsZones subdomain folder in your dns zone?
Its my understanding there is an App partition called
dc=ForestDnsZones,Dc=root,DC=com which houses the root dns entries and srv rr
for GC's and DC guid's.
How does that relate to the subdomain i see in DNS called
ForestDnsZones?
This subdomain only contains site specific records for ldap
servers.
Thanks
On 10/25/05, Almeida
Pinto, Jorge de <[EMAIL PROTECTED]>
wrote:
If you have configured the DNS ZONE _MSDCS.FORESTROOT with the "to all DNS/DC servers in the forest" you must have a separate DNS zone configured as such.
To see more you could fire up LDP and browse to CN=MicrosoftDNS,DC=ForestDnsZones,DC=<FORESTROOT>,DC=<TLD> and see the contents of the DNS app partition/NC. If you have configured DNS zones with the forest replication scope you'll see them listed there
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de
Sent: Tue 10/25/2005 8:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ForestDnsZones
I think you are looking inside the wrong folder...
you are looking into the DNS subdomain folder ForestDnsZones within the forestroot DNS zone. Either look inside the DNS subdomain _MSDCS within the forestroot DNS zone or look inside the DNS zone _MSDCS.forestroot DNS zone if you have configured it with its own replication scope (DNS-domain, DNS-forest or DCs-domain)
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Tue 10/25/2005 1:24 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ForestDnsZones
It is.
I think i'm missing something.
In ForestDnsZones folder in dns management, I just have ldap site info.
There is the usual _msdcs.forestroot subdomain folder in the root domain zone but i thought that stuff should be in the ForestDnsZones folder thats in the app partition?
I know i'm not getting something obivious because this same thing happens in every test win2k3 forest i create.
thanks
On 10/24/05, Almeida Pinto, Jorge de < [EMAIL PROTECTED]> wrote:
true.. they should be there. if your replication is working the CNAME records must be available otherwise you would have little replication ;-)
Are you sure the replication scope is set to all dns servers in the forest, secure dynamic updates are enabled, etc.
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Mon 10/24/2005 11:05 PM
To: activedirectory
Subject: [ActiveDir] ForestDnsZones
Ok, am I missing something here?
I thought one of the main points of this concept was so the forest _msdcs.forestroot.com which contained the GC RR's and the DC GUID cname records could be accessed and updated from any child domain in the forest?
But the ForestDnsZones app partition only has site specific ldap records DC's.
What happened to the GC/DC GUID records?
Thanks
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
