Question

You have an Active Directory forest named csmtech.local and two Active Directory domains in the forest named csmpub.local and csmsales.local. You want the DNS servers in each domain to be able to handle DNS queries from client computers for any of the other domains. DNS servers in the csmtech.local and csmpub.local domains should be authoritative for their own domains and the csmsales.local domain. However, DNS servers in csmsales. local should be authoritative only for csmsales.local.

How should you set up the DNS servers and zones to handle this situation? Explain how the DNS servers in each domain should be configured with zones. Be sure to include information about replication scope and zone types. Please reference the csmpub.local and csmsales.local in your answer.

Answer 1

There's usually two scenarios people want to cater for:

1. The resolution of full DNS names (often abbreviated to FQDN), for example www.yourdomain.com
2. The resolution of flat names, for example just www

Scenario 1

If someone living in one of your domains - let's say a.local, wants to resolve something in b.local, such as www.b.local, then the easiest way to make this happen is to create something called a conditional forwarder on your DNS servers in a.local.

I'm not sure what operating system you're using, but I'll assume it's Server 2008 R2. If you open the DNS Management console, you can:

• Right-click on the server (if you don't see any servers you can right-click and choose to manage an existing server) and choose Properties
• Select the Forwarders tab
• Click the Edit button
• Type in the IP address of one of the DNS servers in b.local
• Click OK and OK again

This is how you add a forwarder for another domain to your domain. Of course, there's a little more to it than that. You will need to talk to the DNS administrators from b.local and ask them to allow zone transfers to your DNS server's IP. The same is true in reverse if they want to resolve names from a.local.

Scenario 2

If someone in a.local wants to resolve a flat name in another domain or forest, then you need to specify something called a DNS suffix search list for your clients in a.local. There are a few ways to do this, two of the most popular of which would be:

1. Through DHCP option 135 (which requires a bit of extra work as it doesn't exist by default)
2. Group policy

The DNS suffix search list would typically have the user's domain first in the list, and then any other domains that should be automatically searched after that. For example:

1. a.local
2. b.local
3. c.local, etcetera

What happens is the user in a.local might type appServer into a web browser, in which case using the previous example, the the user's computer would first look for appServer.a.local, then appServer.b.local, appServer.c.local, and so on until it found a matching server. Of course, once it finds a match it stops looking, so if appServer lived in a.local, it wouldn't need to search in b.local, c.local etc.

A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. You can also forward queries according to specific domain names using conditional forwarders.

You designate a DNS server on a network as a forwarder by configuring the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network.

A DNS server that is configured to use a forwarder behaves differently than a DNS server that is not configured to use a forwarder. A DNS server that is configured to use a forwarder behaves as follows:

1. When the DNS server receives a query, it attempts to resolve this query by using the zones that it hosts and by using its cache.

2. If the query cannot be resolved using local data, the DNS server forwards the query to the DNS server that is designated as a forwarder.

3. If forwarders are unavailable, the DNS server attempts to use its root hints to resolve the query.

4. When a DNS server forwards a query to a forwarder, it sends a recursive query to the forwarder. This is different than the iterative query that a DNS server sends to another DNS server during standard name resolution (name resolution that does not involve a forwarder).

Configuring a DNS server to use forwarders

• Using the Windows interface

• Using a command line

To configure a DNS server to use forwarders using the Windows interface

1. Open DNS Manager.

2. In the console tree, click the applicable DNS server.

   Where?

   • DNS/Applicable DNS server

3. On the Action menu, click Properties.

4. On the Forwarders tab, under DNS domain, click a domain name.

5. Under Selected domain's forwarder IP address list, type the IP address of a forwarder, and then click Add.