Two forests: Trusts and DNS question

Shambler

Supreme [H]ardness
Joined
Aug 17, 2005
Messages
6,420
Forest A and Forest B - The networks are connected and traffic can route between the two.

What is needed for a machine in Forest A to resolve the name of a machine in Forest B?

I assume a conditional forwarder or stub zone for Forest B will need to be setup in Forest A. But what needs to be done within Forest B. Will it Forest B's DNS server(s) automatically resolve requests from an unknown machine? (In this case Machine A)

I assume No and that a trust will be needed between the two forests. Right?
 

Mackintire

2[H]4U
Joined
Jun 28, 2004
Messages
2,923
If you have already created a trust between the two all that should be left to do is to make sure you have DNS forwarding configured correctly between the two domains.
 

bmh.01

Gawd
Joined
Mar 28, 2002
Messages
610
I assume No and that a trust will be needed between the two forests. Right?

Wrong, unless you have set them up specifically then they will answer each others DNS requests.

A trust is for users from one domain to authenticate to services in the other. Which you don't need in this situation from what you have stated.

A simple stub or conditional forwarder is all you need.
 
Last edited:

Shambler

Supreme [H]ardness
Joined
Aug 17, 2005
Messages
6,420
Okay okay, my main concern was that the DNS Server(s) in Forest B wouldn't accept a request from machines in Forest A due to no Trust relationship.

I believe all that is needed is a Forward look up zone for Forest B to be created in Forest A. And to have a DNS Suffix for Forest B setup on machines in Forest A.

Sound about right?
 

bmh.01

Gawd
Joined
Mar 28, 2002
Messages
610
Not quite sure what you mean by that but all you need is a conditional forwarder in each for each forests dns name to forward requests to the respective DNS servers. Make it AD integrated and replicate to all DNS servers in each forest.
 
Joined
Aug 8, 2010
Messages
832
By default, authorization is not required for machine name queries. Your DNS servers should respond to anyone and everyone, as will machines on the same subnet.

DNS in AD is not sufficient for machine name lookup unless you've specifically configured every service to use full DNS names instead of hostname / netbios names. If you do make everything use DNS, remember to set up sites/subnets, which will allow clients to find your DNS sever quickly.
 
Top