Two forests: Trusts and DNS question

S

Shambler

Supreme [H]ardness
Joined
Aug 17, 2005
Messages
6,419
Forest A and Forest B - The networks are connected and traffic can route between the two.

What is needed for a machine in Forest A to resolve the name of a machine in Forest B?

I assume a conditional forwarder or stub zone for Forest B will need to be setup in Forest A. But what needs to be done within Forest B. Will it Forest B's DNS server(s) automatically resolve requests from an unknown machine? (In this case Machine A)

I assume No and that a trust will be needed between the two forests. Right?
 
If you have already created a trust between the two all that should be left to do is to make sure you have DNS forwarding configured correctly between the two domains.
 
Shambler said:
I assume No and that a trust will be needed between the two forests. Right?
Click to expand...

Wrong, unless you have set them up specifically then they will answer each others DNS requests.

A trust is for users from one domain to authenticate to services in the other. Which you don't need in this situation from what you have stated.

A simple stub or conditional forwarder is all you need.
 
Last edited:
Okay okay, my main concern was that the DNS Server(s) in Forest B wouldn't accept a request from machines in Forest A due to no Trust relationship.

I believe all that is needed is a Forward look up zone for Forest B to be created in Forest A. And to have a DNS Suffix for Forest B setup on machines in Forest A.

Sound about right?
 
Not quite sure what you mean by that but all you need is a conditional forwarder in each for each forests dns name to forward requests to the respective DNS servers. Make it AD integrated and replicate to all DNS servers in each forest.
 
By default, authorization is not required for machine name queries. Your DNS servers should respond to anyone and everyone, as will machines on the same subnet.

DNS in AD is not sufficient for machine name lookup unless you've specifically configured every service to use full DNS names instead of hostname / netbios names. If you do make everything use DNS, remember to set up sites/subnets, which will allow clients to find your DNS sever quickly.
 
You must log in or register to reply here.
Back
Top