I am trying to follow the GNZ documentation and get single-label name resolution to work across forests. No luck.
1) Created conditional forwarding between forests
2) created two-way forest trust
3) enabled GNZ on all DNS servers in both forests
4) created GlobalNames zone in Forest A.
5) created cname record for resource in Forest A.
6) created SRV record in Forest B.
The instructions in the deployment guide say:
In each of the other forests, to the forest-wide __msdcs zone which should be replicated to all DNS servers in the forest, add SRV resource records pointing to each remote domain controller DNS server that hosts a local copy of the GNZ:
Name Field: “_globalnames._msdcs.FQDN_of_forest(n)”
Data Field: “[Priority][Weight][Port]FQDN_of_remote_DNS_server_hosting_GNZ”
so in Forest B, I am expecting to be able to type http://intranet and get resolution from the GlobalNames zone in Forest A. The SRV record is in the root of Forest B's msdcs folder. _globalnames.msdcs.forestb
What am I doing wrong?
Further reading has done little to help. This article (http://technet.microsoft.com/en-us/library/cc794952(v=ws.10).aspx) confuses me when it says to right-click the domain that's replicated across the forest- what domain are they referring to? Forest A's domain or Forest B's?
It means each forest's zones.
I assume you've created a Search Suffix for each other's forest zones?
Configuring DNS Search Suffixes
Published by Ace Fekay, MCT, MVP DS on Feb 12, 2011 at 12:27 PM
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
I did create the srv record in the other forest and it's not working. You can see that in my list. (I actually created an SRV record in every possible location- I spent two hours testing this but still without success). I am unsure as to exactly where to put it on account the instructions in the two documents are unclear and don't seem to agree. I do not have a search suffix defined because it shouldn't matter- I am not trying to get name resolution to work using FQDN's - but using GNZ. Wouldn't adding a suffix defeat the point? The GNZ guide explains:
"For a customer with many domains, managing a suffix search list for all clients can be cumbersome, and client query performance is also somewhat lowered when querying a single-label name with the list of domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution.
If you cannot configure the DNS client suffix search list for all computers requiring this single-label name functionality, and you also require that single-label names for servers are global and unique, then the GNZ might be suitable. "
To clarify - one document has you create a new domain while the other does not. here are the URL's:
I'd like to hear from someone who actually got this to work.
I did some testing with a friend and we found that it didn't work across forests with conditional forwarders as the means to bridge the two non-contiguous names, but rather just plain forwarding. We did this using four separate servers, four domains, two forests - and the results were consistent. Nothing in the documentation suggests there's a need for a particular forwarding configuration. I'm curious Marcin if you used conditional forwarding or stub zones or something else?
You use GNZ when "You cannot rely on the suffix search lists on client computers to provide single-label name resolution" - as per http://technet.microsoft.com/en-us/library/cc731744.aspx.
So no, I haven't created search suffixes, and it doesn't work for me either.
Can you provide some details on how you configured your primary DNS suffixes and suffix search lists in both forests, and where exactly you created the SRV record(s).
I find the documentation to be confusing. If it is based on a constructed FQDN by appending some suffixes to the unqualified single-label name, then it is no different from using search suffixes and CNAMEs, so I don't really see the point and the application of the whole GNZ concept.
Thanks for your guidance.
Erszényes, I don't remember the exact setup of my scenario, since I no longer have that environment. I recreated a similar setup a couple of weeks ago however. 2 forests - GlobalNames zone created in one forest with one CNAME test record, _globalnames SRV entry in the other forest's _msdcs zone, Global Names support enabled for the DNS servers in both forests, DNS suffixes separated. I spent quite some time trying to make it work, however I could never do it - except when turning on DNS suffixes, which pretty much defeats the whole purpose of the GlobalNames zone. This makes me believe that I might have used DNS suffixes in my original setup.
So at this point I'm curious myself about the details of the implementation of somebody who made it work.