Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 17, 2012 8:52 PM
Hello all,
I read up on forard lookup zones and conditional forwarders but still trying to figure which one is better to use. I manage three domains. In the DNS tools one is setup as forward lookup and the other is setup using conditional forwarder. What the adavantage and disadavanrtage of uing a conditional forwarder and forward lookup zone?
Also, suppose I use a conditinal forwarder for contoso.usa.corp can I set the conditional forwarder to just usa.corp or do I have to use the FQDn contoso.usa.corp. The reason I ask is because someone has it in the DNS management as usa.corp and I believe you must use the FQDn contoso.usa.corp. Is using just usa.corp correct and so when I try to connect to a machine called test.contoso.usa.corp it's able to resolve.
Thanks
All replies (8)
Tuesday, September 18, 2012 3:53 AM âś…Answered
A Forward Lookup Zone is a zone you create on your DNS server under Forward Lookup Zones.
With a forwarder, whether it's a conditional or general forwarder, you are sending the query for that zone name to a different DNS server that is not part of your environment.
When you configure a Conditional Forwarder, you are specifying the full namespace (FQDN) that you want to forward to that other DNS server. If you have a usa.corp zone, you can simply create a child zone called contoso, whcih in effect, that zone will now be called contoso.usa.corp.
But I must ask, is contoso.usa.corp a domain name that is not part of your forest, or is it part of the forest? The reason I'm asking is I don't fully understand based on your description, what you are trying to accomplish. We usually look at conditional forwarding in terms of comparing it to stub zones, such as when you have a partner organization.
.
See if this helps to understand what a conditional forwarder is and when to use one:
What should I use, a Stub, Conditional Forwader, Forwarder, or Secondary Zone??
http://blogs.msmvps.com/acefekay/2012/09/18/what-should-i-use-a-stub-conditional-forwader-forwarder-or-secondary-zone/
.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Monday, September 17, 2012 5:29 PM
Hello all,
I read up on forard lookup zones and conditional forwarders but still trying to figure which one is better to use. I manage three domains. In the DNS tools one is setup as forward lookup and the other is setup using conditional forwarder. What the adavantage and disadavanrtage of uing a conditional forwarder and forward lookup zone?
Also, suppose I use a conditinal forwarder for contoso.usa.corp can I set the conditional forwarder to just usa.corp or do I have to use the FQDn contoso.usa.corp. The reason I ask is because someone has it in the DNS management as usa.corp and I believe you must use the FQDn contoso.usa.corp. Is using just usa.corp correct and so when I try to connect to a machine called test.contoso.usa.corp it's able to resolve.
Thanks
Monday, September 17, 2012 5:31 PM
I would have ask here.
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads
Thanks
Tuesday, September 25, 2012 6:27 PM
To answer your question contoso.usa.corp is not part of my forrest. My forrest is called dev.usa.corp and there is a one way trust with contoso.usa.corp. The main reason for my question is there is a conditional forward for contoso.usa.corp in my dev.usa.corp. A project has been in place to migrate all the user\computers to a new domain called contoso2.usa.corp. My dev.usa.corp has a one way trust with the new domain contoso.usa.corp. In my DNS tools in dev.usa.corp someone has put in a conditional forward for usa.corp which points to contoso.usa.corp. I want to create a new conditional forward for contoso2.usa.corp would I just use usa.corp and use a child called contoso2? Hope that makes sense
Wednesday, September 26, 2012 1:46 AM
To answer your question contoso.usa.corp is not part of my forrest. My forrest is called dev.usa.corp and there is a one way trust with contoso.usa.corp. The main reason for my question is there is a conditional forward for contoso.usa.corp in my dev.usa.corp. A project has been in place to migrate all the user\computers to a new domain called contoso2.usa.corp. My dev.usa.corp has a one way trust with the new domain contoso.usa.corp. In my DNS tools in dev.usa.corp someone has put in a conditional forward for usa.corp which points to contoso.usa.corp. I want to create a new conditional forward for contoso2.usa.corp would I just use usa.corp and use a child called contoso2? Hope that makes sense
I see. No, just create a specific conditional forwarder for contoso2.usa.corp.
.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, September 26, 2012 6:46 PM
Thanks for the information
Friday, October 12, 2012 9:21 AM
Sorry if my question is offtopic, but I believe this should be asked here:
I have a lab environment. I had a single domain forest before. Now I added a new tree into the existing forest. Forest had 1 single domain before, now it has 2 domains. The new tree contains 1 new domain, and as it is a new tree, DNS suffix is disjoint from the root domain.
Either I made some mistake, or dont know, but the root domain does not know how to resolve my new internal domain: instead of recognizing "Hey, that domain is inside my forest, I should contact the DNS server hosting that AD-integrated DNS zone". But in fact AD Root DNS server always goes to the root hints, and resolves public external IP addresses for the query. Maybe my AD knowledge is rusty, but domains inside the same AD Forest should know about each other, and the Root domain DNS server should know that a new domain in the forest has been introduced, and should contact the new internal DNS server if the query is against a zone, that is hosted on that new DNS server. Or am I completely wrong? Do I have to create conditional forwarders to achieve this? I was expecting AD is intelligent enough to handle this situation without manual intervention.
Friday, October 12, 2012 1:22 PM
Actually, it is off topic, since your scenario is different than the original poster. We usually recommend creating a new thread, since each individual issue has their own uniqueness.
As for what's going on on your end, it appears its based on your design to support multiple trees. Read the following for ideas how to make this work.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.