locked
Conversion from two forests to one - DNS and general questions RRS feed

  • Question

  • I have been administering two very small separate forests/domains (no trusts as one site is WS 2008 Standard and the other is SBS 2003 R2) but have VPN connectivity between the sites. The customer has decided that they would prefer to have all of their data at one site. I am planning to move to a HQ/Branch Office type scenario but I have a few questions.

    The two sites are in different states and use different ISPs. I am thinking it seems easiest to have one domain with two DC/DNS/DHCPs. The two DHCPs would be for different subnets. The problem I see is forwarders, so long winded intro to simple question: are the forwarders for each DNS server separate or do they replicate between the servers? I need different forwarders for each site due to different ISPs. I'm going to upgrade the SBS 2003 R2 system to WS 2008 R2 Standard.

    Currently the two sites use different subnets (192.168.0.0-254 and 192.168.200.0-254). I am thinking it would be better to split one of the existing subnets into 192.168.0-127 and 192.168.0.128-254 and have only one zone. Is this the way to go? Or is it better to have two zones? Do I even need two zones for the above scenario?

    I was thinking of having a HQ DC and a Branch RODC but I am concerned about getting domain joins and DHCP/DNS updates/replication to work correctly. If I set up two DCs can I "demote?" one of them to a RODC later?

     

     

     

     

     

    Wednesday, June 29, 2011 6:58 PM

Answers

  • Hi Tom,

     

    Thanks for posting here.

     

    > are the forwarders for each DNS server separate or do they replicate between the servers?

    System will only replicate the DNS zone records but not the DNS forwarder configurations.

     

    > Currently the two sites use different subnets (192.168.0.0-254 and 192.168.200.0-254). I am thinking it would be better to split one of the existing subnets into 192.168.0-127 and 192.168.0.128-254 and have only one zone. Is this the way to go? Or is it better to have two zones? Do I even need two zones for the above scenario?

    To reduce the VPN connection payload in order to improve the network performance between two sites , We’d suggest you to have different subnet for each site.

    For more information regarding with the active directly branch sites designing and deployment , please start form the article below:

     

    Planning and Architecture: AD DS

    http://technet.microsoft.com/en-us/library/cc732058(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, July 1, 2011 6:18 AM

All replies

  • Hi Tom,

     

    Thanks for posting here.

     

    > are the forwarders for each DNS server separate or do they replicate between the servers?

    System will only replicate the DNS zone records but not the DNS forwarder configurations.

     

    > Currently the two sites use different subnets (192.168.0.0-254 and 192.168.200.0-254). I am thinking it would be better to split one of the existing subnets into 192.168.0-127 and 192.168.0.128-254 and have only one zone. Is this the way to go? Or is it better to have two zones? Do I even need two zones for the above scenario?

    To reduce the VPN connection payload in order to improve the network performance between two sites , We’d suggest you to have different subnet for each site.

    For more information regarding with the active directly branch sites designing and deployment , please start form the article below:

     

    Planning and Architecture: AD DS

    http://technet.microsoft.com/en-us/library/cc732058(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, July 1, 2011 6:18 AM
  • Tiger,

    After looking around at some DNS best practices, I realized that the reason I had introduced forwarders (one site was using a domain name they did not own) was no longer necessary so I changed both sites to use root hints instead.

    Thank you. I am setting up seperate sites.

     

    Tom

    Saturday, July 16, 2011 4:28 PM