DNS across multiple forests

Joe 26 Reputation points
2020-09-25T01:47:33.313+00:00

Hi,

We've been experiencing odd DNS behaviour for years and it's time to fix it up :)

Could you please advise what you would change in regards to primary & secondary DNS and DNS forwarders, as below?

The current config is:

Domain A (has primary forward lookup zones and two-way trust with Domain B)
Each DC has DNS1 & DNS2 pointing to itself and another DC in the same domain.
Forwarders are configured to DCs in Domain B
Conditional forwarders point to Domain B and C

Domain B (has primary forward lookup zones and two-way trust with Domain A)
Each DC has DNS1 & DNS2 pointing to itself and another DC in the same domain.
Forwarders are configured to external/public DNS servers
Conditional forwarders point to Domain A and C

Domain C (has primary forward lookup zones one-way trust with Domain A and B)
Each DC has DNS1 & DNS2 pointing to itself and another DC in the same domain.
Forwarders are configured to DCs in Domain B
Conditional Forwarders points to Domain A

Thanks

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,034 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
526 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gloria Gu 3,896 Reputation points
    2020-09-25T07:19:10.88+00:00

    Hi,

    Thank you for posting in Q&A!

    According to my understanding, you have established two-way trust and one-way trust relationship across multiple forests. If my understanding has any problems, please correct me at any time.

    Following are my suggestions:

    1. In a domain contains multiple DCs, Primary DNS: set to another DC in the site & Secondary DNS: Set to itself using the loopback address
      28275-11.png

    2.Based on experience, DNS forwarders can set both the public DNS server and the original DNS servers as you said in the description.

    3.The setting of Conditional forwarders has no problem.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Joe 26 Reputation points
    2020-10-02T08:41:42.257+00:00

    Hi

    That's good to know about the recommended primary and secondary DNS thanks.

    What I'm trying to determine to solve the issues is what is the order of DNS lookups in regards to:
    -primary and secondary DNS

    • conditional forwarders
    • DNS forwarders

    For example if you ping <InternalWebsite.domain.com> (of which the Forward Lookup Zone is in Domain B) from a Windows 10 PC on Domain A, in what order does it try to resolve the FQDN if it cannot be resolved?

    We have it configured like so:
    Win 10 PC (on Domain A) uses Domain A's DNS1 and DNS2 servers to resolve all lookups.
    However, the internal site lives on Domain B. If neither DNS1 or DNS2 has DNS(3) from Domain B configured in their DNS Forwarders, then the lookup fails. Sometimes DNS seems to skip DNS1 and tries DNS2 instead.

    Which brings me to the second point - when are Conditional Forwarders used?
    We have a conditional forwarder for Domain B in Domain A DNS, but DNS does not always resolve Domain B lookups unless Domain B DNS is configured in Domain A's Forwarders.

    0 comments