I think stub zones should work fine but I could be wrong. Conditional forwarders will do the trick as well.
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -----Original Message----- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, August 20, 2010 12:10 PM To: NT System Admin Issues Subject: RE: Merging Departments After some googling, it appears that subzones won't work for me since both A and B are directly under .ucdavis.edu. Correct? Wouldn't subzones require that A was under B or B under A?I'm thinking that conditional forwarders are the way to go. Curt > -----Original Message----- > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Friday, August 20, 2010 9:55 AM > To: NT System Admin Issues > Subject: RE: Merging Departments > > I'd use either stub zones or conditional forwarders to link the > internal DNS environments together. You are correct in that you have split > brain DNS. > > Thanks, > Brian Desmond > br...@briandesmond.com > > c - 312.731.3132 > > > -----Original Message----- > From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] > Sent: Friday, August 20, 2010 11:53 AM > To: NT System Admin Issues > Subject: RE: Merging Departments > > I'm pretty sure we have what you refer to as split DNS. We have AD > Integrated DNS but it isn't accessible outside the subnet/firewall. A > few hosts are registered with the campus DNS and are discoverable by > the outside world but the rest are not. Could I manually add a DNS > entry that points to the DNS of the other department? Let's say my > domain is A and the other department's domain is B. Could I add > b.ucdavis.edu with an IP address of their domain controller to my DNS > and a.ucdavis.edu to their DNS? > > Perhaps another approach would be to include the DNS server of the > other department's DNS as a secondary DNS server? It seems like that > might be kind of slow waiting for failover to occur? > > Yes, there is a router between the two subnets. I threw in that > detail thinking that browsing across subnets might be more complicated. > > Curt > > > -----Original Message----- > > From: Ben Scott [mailto:mailvor...@gmail.com] > > Sent: Thursday, August 19, 2010 12:59 PM > > To: NT System Admin Issues > > Subject: Re: Merging Departments > > > > On Thu, Aug 19, 2010 at 3:32 PM, Jim Dandy > > <jda...@asmail.ucdavis.edu> > > wrote: > > > Is there an inter-forest trust that could be set up? > > > > Yup. Should be pretty straight-forward. > > > > The trickiest part is likely to be DNS. If your AD domain name is > not part of > > the public DNS namespace, you're going to have to find some way to > > get > the > > two different networks seeing each other's domains. This can be > especially > > messy if you've got a "split DNS" > > setup. But if the networks are fairly cohesive, you can prolly just > use > > selective DNS forwarding in the Windows DNS management GUI. > > > > > Keeping in mind that both domains are on separate subnets, how > > > would > I > > > go about setting us such a trust? > > > > Is there network connectivity between the two subnets (i.e., > routers)? If > > so, subnets shouldn't matter. > > > > If the two subnets can't talk at all, how were you planning on > sharing files? > > :) > > > > -- Ben > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~