I'd use either stub zones or conditional forwarders to link the internal DNS environments together. You are correct in that you have split brain DNS.
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -----Original Message----- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, August 20, 2010 11:53 AM To: NT System Admin Issues Subject: RE: Merging Departments I'm pretty sure we have what you refer to as split DNS. We have AD Integrated DNS but it isn't accessible outside the subnet/firewall. A few hosts are registered with the campus DNS and are discoverable by the outside world but the rest are not. Could I manually add a DNS entry that points to the DNS of the other department? Let's say my domain is A and the other department's domain is B. Could I add b.ucdavis.edu with an IP address of their domain controller to my DNS and a.ucdavis.edu to their DNS? Perhaps another approach would be to include the DNS server of the other department's DNS as a secondary DNS server? It seems like that might be kind of slow waiting for failover to occur? Yes, there is a router between the two subnets. I threw in that detail thinking that browsing across subnets might be more complicated. Curt > -----Original Message----- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Thursday, August 19, 2010 12:59 PM > To: NT System Admin Issues > Subject: Re: Merging Departments > > On Thu, Aug 19, 2010 at 3:32 PM, Jim Dandy <jda...@asmail.ucdavis.edu> > wrote: > > Is there an inter-forest trust that could be set up? > > Yup. Should be pretty straight-forward. > > The trickiest part is likely to be DNS. If your AD domain name is not part of > the public DNS namespace, you're going to have to find some way to get the > two different networks seeing each other's domains. This can be especially > messy if you've got a "split DNS" > setup. But if the networks are fairly cohesive, you can prolly just use > selective DNS forwarding in the Windows DNS management GUI. > > > Keeping in mind that both domains are on separate subnets, how would I > > go about setting us such a trust? > > Is there network connectivity between the two subnets (i.e., routers)? If > so, subnets shouldn't matter. > > If the two subnets can't talk at all, how were you planning on sharing files? > :) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
