none
Create SRV record for GNZ in Cross Forest

    Question

  • I am trying to follow the GNZ documentation and get single-label name resolution to work across forests.  No luck. 

    1) Created conditional forwarding between forests

    2) created two-way forest trust

    3) enabled GNZ on all DNS servers in both forests

    4) created GlobalNames zone in Forest A. 

    5) created cname record for resource in Forest A.

    6) created SRV record in Forest B.

    The instructions in the deployment guide say:

    In each of the other forests, to the forest-wide __msdcs zone which should be replicated to all DNS servers in the forest, add SRV resource records pointing to each remote domain controller DNS server that hosts a local copy of the GNZ:

    Name Field: “_globalnames._msdcs.FQDN_of_forest(n)

    Data Field: “[Priority][Weight][Port]FQDN_of_remote_DNS_server_hosting_GNZ

    so in Forest B, I am expecting to be able to type http://intranet and get resolution from the GlobalNames zone in Forest A.  The SRV record is in the root of Forest B's msdcs folder.  _globalnames.msdcs.forestb

    What am I doing wrong?

    Further reading has done little to help.  This article (http://technet.microsoft.com/en-us/library/cc794952(v=ws.10).aspx)  confuses me when it says to right-click the domain that's replicated across the forest- what domain are they referring to?  Forest A's domain or Forest B's? 


    Jason Yates

    Friday, May 10, 2013 10:08 PM

All replies

  • It means each forest's zones.

    I assume you've created a Search Suffix for each other's forest zones?

    Configuring DNS Search Suffixes
    Published by Ace Fekay, MCT, MVP DS on Feb 12, 2011 at 12:27 PM
    http://msmvps.com/blogs/acefekay/archive/2011/02/12/configuring-dns-search-suffixes.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, May 13, 2013 3:04 AM
  • I did create the srv record in the other forest and it's not working.  You can see that in my list. (I actually created an SRV record in every possible location- I spent two hours testing this but still without success).   I am unsure as to exactly where to put it on account the instructions in the two documents are unclear and don't seem to agree. I do not have a search suffix defined because it shouldn't matter- I am not trying to get name resolution to work using  FQDN's - but using GNZ.  Wouldn't adding a suffix defeat the point?  The GNZ guide explains:

    "For a customer with many domains, managing a suffix search list for all clients can be cumbersome, and client query performance is also somewhat lowered when querying a single-label name with the list of domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution.

    If you cannot configure the DNS client suffix search list for all computers requiring this single-label name functionality, and you also require that single-label names for servers are global and unique, then the GNZ might be suitable. "

     


    Jason Yates

    Monday, May 13, 2013 3:30 PM
  • To clarify - one document has you create a new domain while the other does not.  here are the URL's:

    http://technet.microsoft.com/en-us/library/cc794952(v=ws.10).aspx

    http://www.microsoft.com/en-us/download/details.aspx?id=5011

    I'd like to hear from someone who actually got this to work. 


    Jason Yates

    Monday, May 13, 2013 3:36 PM
  • Hi Jason,


    Thank you for your question.


    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.


    Thank you for your understanding and support.


    Jeremy Wu
    TechNet Community Support

    Wednesday, May 15, 2013 9:07 AM
    Moderator
  • This works for me as expected.

    What's the SRV record you created?
    Do you have it working as expected within the same forest?

    hth
    Marcin

    Saturday, May 18, 2013 8:08 PM
  • I did some testing with a friend and we found that it didn't work across forests with conditional forwarders as the means to bridge the two non-contiguous names, but rather just plain forwarding.  We did this using four separate servers, four domains, two forests - and the results were consistent.  Nothing in the documentation suggests there's a need for a particular forwarding configuration.  I'm curious Marcin if you used conditional forwarding or stub zones or something else?


    Jason Yates

    Tuesday, May 28, 2013 2:09 PM
  • For anyone else coming across this - I've initially set my test environment using stub zones. Cross-forest GNZ did not work until I've deleted the stub zones and configured plain forwarding, just as Jason said.
    Tuesday, December 10, 2013 1:30 PM