Create SRV record for GNZ in Cross Forest


  • I am trying to follow the GNZ documentation and get single-label name resolution to work across forests.  No luck. 

    1) Created conditional forwarding between forests

    2) created two-way forest trust

    3) enabled GNZ on all DNS servers in both forests

    4) created GlobalNames zone in Forest A. 

    5) created cname record for resource in Forest A.

    6) created SRV record in Forest B.

    The instructions in the deployment guide say:

    In each of the other forests, to the forest-wide __msdcs zone which should be replicated to all DNS servers in the forest, add SRV resource records pointing to each remote domain controller DNS server that hosts a local copy of the GNZ:

    Name Field: “_globalnames._msdcs.FQDN_of_forest(n)

    Data Field: “[Priority][Weight][Port]FQDN_of_remote_DNS_server_hosting_GNZ

    so in Forest B, I am expecting to be able to type http://intranet and get resolution from the GlobalNames zone in Forest A.  The SRV record is in the root of Forest B's msdcs folder.  _globalnames.msdcs.forestb

    What am I doing wrong?

    Further reading has done little to help.  This article (  confuses me when it says to right-click the domain that's replicated across the forest- what domain are they referring to?  Forest A's domain or Forest B's? 

    Jason Yates

    Friday, May 10, 2013 10:08 PM

All replies

  • It means each forest's zones.

    I assume you've created a Search Suffix for each other's forest zones?

    Configuring DNS Search Suffixes
    Published by Ace Fekay, MCT, MVP DS on Feb 12, 2011 at 12:27 PM

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos:

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, May 13, 2013 3:04 AM
  • I did create the srv record in the other forest and it's not working.  You can see that in my list. (I actually created an SRV record in every possible location- I spent two hours testing this but still without success).   I am unsure as to exactly where to put it on account the instructions in the two documents are unclear and don't seem to agree. I do not have a search suffix defined because it shouldn't matter- I am not trying to get name resolution to work using  FQDN's - but using GNZ.  Wouldn't adding a suffix defeat the point?  The GNZ guide explains:

    "For a customer with many domains, managing a suffix search list for all clients can be cumbersome, and client query performance is also somewhat lowered when querying a single-label name with the list of domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution.

    If you cannot configure the DNS client suffix search list for all computers requiring this single-label name functionality, and you also require that single-label names for servers are global and unique, then the GNZ might be suitable. "


    Jason Yates

    Monday, May 13, 2013 3:30 PM
  • To clarify - one document has you create a new domain while the other does not.  here are the URL's:

    I'd like to hear from someone who actually got this to work. 

    Jason Yates

    Monday, May 13, 2013 3:36 PM
  • Hi Jason,

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Jeremy Wu
    TechNet Community Support

    Wednesday, May 15, 2013 9:07 AM
  • This works for me as expected.

    What's the SRV record you created?
    Do you have it working as expected within the same forest?


    Saturday, May 18, 2013 8:08 PM
  • I did some testing with a friend and we found that it didn't work across forests with conditional forwarders as the means to bridge the two non-contiguous names, but rather just plain forwarding.  We did this using four separate servers, four domains, two forests - and the results were consistent.  Nothing in the documentation suggests there's a need for a particular forwarding configuration.  I'm curious Marcin if you used conditional forwarding or stub zones or something else?

    Jason Yates

    Tuesday, May 28, 2013 2:09 PM
  • For anyone else coming across this - I've initially set my test environment using stub zones. Cross-forest GNZ did not work until I've deleted the stub zones and configured plain forwarding, just as Jason said.
    Tuesday, December 10, 2013 1:30 PM
  • Ace,

    You use GNZ when "You cannot rely on the suffix search lists on client computers to provide single-label name resolution" - as per

    So no, I haven't created search suffixes, and it doesn't work for me either.


    Thursday, May 08, 2014 12:20 PM
  • Jeremy,

    Any progress? It's been a year, sure someone from Microsoft would have come up with an answer...

    Or they can't make it work either?


    Thursday, May 08, 2014 12:21 PM
  • Albert,

    Can you provide some details on how you configured your primary DNS suffixes and suffix search lists in both forests, and where exactly you created the SRV record(s).

    I find the documentation to be confusing. If it is based on a constructed FQDN by appending some suffixes to the unqualified single-label name, then it is no different from using search suffixes and CNAMEs, so I don't really see the point and the application of the whole GNZ concept.

    Thanks for your guidance.


    Thursday, May 08, 2014 12:26 PM
  • Erszényes, I don't remember the exact setup of my scenario, since I no longer have that environment. I recreated a similar setup a couple of weeks ago however. 2 forests - GlobalNames zone created in one forest with one CNAME test record, _globalnames SRV entry in the other forest's _msdcs zone, Global Names support enabled for the DNS servers in both forests, DNS suffixes separated. I spent quite some time trying to make it work, however I could never do it - except when turning on DNS suffixes, which pretty much defeats the whole purpose of the GlobalNames zone. This makes me believe that I might have used DNS suffixes in my original setup.

    So at this point I'm curious myself about the details of the implementation of somebody who made it work.

    Friday, May 09, 2014 7:31 AM