4. Multi-domain Environments

If you have a forest with more than one domain, or you need to set up trusts between two domains in different forests, some extra work may be required to make sure that names can be resolved between the domains.

The problem is that you have two private domains for which no information is held in the public DNS, and each has its own self-contained DNS which contains no information about the other domain.

Solutions to this problem have not been tested, so we advise setting up a trial environment if this is what you need to do. There are a number of possible approaches as follows. In general you should adopt one of the following approaches.

  1. Where both domains are in the same forest, change the replication for the DNS zones to replicate [To all DNS servers in the Active Directory forest] (Windows 2003 and above).
  2. Configure the DNS servers for domain A to forward queries for zone B to the DNS servers for domain B and vice versa.
  3. Where you have two separate forests, configure secondary zones for domain A on the domain B DNS servers and vice versa.

If you have one domain that is using an existing external name, and a second that is using a private internal name, the solution is likely to be similar, but your main problem is ensuring that the internal names can be resolved; the external names should take care of themselves.

In all cases you need to ensure that your firewall configuration is correct, allowing all DNS servers to be able to query each other.

