After some googling, it appears that subzones won't work for me since both A and B are directly under .ucdavis.edu. Correct? Wouldn't subzones require that A was under B or B under A?I'm thinking that conditional forwarders are the way to go.
Curt > -----Original Message----- > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Friday, August 20, 2010 9:55 AM > To: NT System Admin Issues > Subject: RE: Merging Departments > > I'd use either stub zones or conditional forwarders to link the internal DNS > environments together. You are correct in that you have split brain DNS. > > Thanks, > Brian Desmond > br...@briandesmond.com > > c - 312.731.3132 > > > -----Original Message----- > From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] > Sent: Friday, August 20, 2010 11:53 AM > To: NT System Admin Issues > Subject: RE: Merging Departments > > I'm pretty sure we have what you refer to as split DNS. We have AD > Integrated DNS but it isn't accessible outside the subnet/firewall. A few > hosts are registered with the campus DNS and are discoverable by the > outside world but the rest are not. Could I manually add a DNS entry that > points to the DNS of the other department? Let's say my domain is A and the > other department's domain is B. Could I add b.ucdavis.edu with an IP > address of their domain controller to my DNS and a.ucdavis.edu to their > DNS? > > Perhaps another approach would be to include the DNS server of the other > department's DNS as a secondary DNS server? It seems like that might be > kind of slow waiting for failover to occur? > > Yes, there is a router between the two subnets. I threw in that detail > thinking that browsing across subnets might be more complicated. > > Curt > > > -----Original Message----- > > From: Ben Scott [mailto:mailvor...@gmail.com] > > Sent: Thursday, August 19, 2010 12:59 PM > > To: NT System Admin Issues > > Subject: Re: Merging Departments > > > > On Thu, Aug 19, 2010 at 3:32 PM, Jim Dandy <jda...@asmail.ucdavis.edu> > > wrote: > > > Is there an inter-forest trust that could be set up? > > > > Yup. Should be pretty straight-forward. > > > > The trickiest part is likely to be DNS. If your AD domain name is > not part of > > the public DNS namespace, you're going to have to find some way to get > the > > two different networks seeing each other's domains. This can be > especially > > messy if you've got a "split DNS" > > setup. But if the networks are fairly cohesive, you can prolly just > use > > selective DNS forwarding in the Windows DNS management GUI. > > > > > Keeping in mind that both domains are on separate subnets, how would > I > > > go about setting us such a trust? > > > > Is there network connectivity between the two subnets (i.e., > routers)? If > > so, subnets shouldn't matter. > > > > If the two subnets can't talk at all, how were you planning on > sharing files? > > :) > > > > -- Ben > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~