Scenario: Your network is a multiple-domain Active Directory with two
forests, each containing multiple child domains. Full trust is configured among
the domains.
When a trust exists between two domains, the authentication mechanisms for each domain trust the authentications coming from the other domain. Trusts help provide for controlled access to shared resources in a resource domain (the trusting domain) by verifying that incoming authentication requests come from a trusted authority (the trusted domain). In this way, trusts act as bridges that allow only validated authentication requests to travel between domains.What Are Domain and Forest Trusts? The network includes several branch offices with computers in the branch offices running Windows 7 or Windows Server 2008 R2 over low-bandwidth links.  Computers in the branch offices need to use resources throughout the network. You want to configure name resolution for the branch offices. You need to keep the traffic generated by fully qualified domain name (FQDN) resolution attempts to a minimum. What should you do to accomplish this? |
You need to configure a conditional forwarder in each branch office. A conditional forwarder can be configured to forward name requests directly to a specific authoritative DNS server for each DNS domain. This helps to keep traffic generated by name requests to a minimum.
Specify Other DNS Servers as Authoritative for a Zone
Understanding forwarders
You should not deploy a stub zone server in each branch office. This does not resolve the situation. A stub zone does not contain the full DNS database. It contains only the records necessary for pointing to authoritative DNS servers.
This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
Understanding Stub Zones
You should not configure each DHCP server to provide a complete list of DNS servers. DNS servers are queried in the order in which they are listed, so this solution could result in multiple query requests for each name resolution requirement.
Understanding DNS Client Settings
You should not create a Global Name Zone (GNZ) and enable the zone on all DNS servers. The GNZ provides simple single-name host name resolution, including support across forest boundaries. It does nothing to improve resolution of FQDNs.
DNS Server
 |
| By Mördel (Own work) [CC-BY-3.0 (www.creativecommons.org/licenses/by/3.0)], via Wikimedia Commons |
Installing a DNS Server Role in Windows Server 2008
Configure the DNS Server Role
Configuring and Troubleshooting DHCP
Tips on How to Configure DNS Zones
No comments:
Post a Comment
"Comment As:" anonymous if you would rather not sign into an account!