DNSSEC In Multi Domain ENvironment RRS feed

  • Question

  • Hi

    We have single forest with two domains each with two domain controllers

    (Domain A) the first Root Domain that Contain Two Domain controllers, DNS servers and AD integrated zones enabled

    (Domain B) the second Domain that contain Two Domain Controllers, DNS servers and AD integrated zones enabled

    around 10 other different various zones exist on Domain controllers used for internal purposes only

    name resolution will be happening by forwarding to ISP's DNS servers we do have nearly 1500 clients

    it is worth mentioning i haven't signed any AD integrated zones yet the aim is only provide DNSSEC for internet names not internal names

    we have been enforced to use DNSSEC on all our DNS servers i have started the with the followingsteps:

    • checking the tick box (Enabling DNSSEC) for remote validations on Each DNS servers property and pointing to advanced tab
    • started by zone signing the other 10 zones to see what will be happening and i was successful ,10 zones signed
    • running dnscmd.exe /RetrieveRootTrustAnchors on all dns servers (witch are ADDS as well) the command was successful

    end users in domain A start complaining that they can not print to a print server located in Domain B how could i solve this ?

    Monday, October 8, 2018 7:39 AM


All replies