Here is the scenario. We have two seperate forests sharing a single private IP network. Both domains are running 2008 R2 servers in native mode with AD integrated DNS. Each forest has a single domain. We will call them domain1.net and domain2.net. We have created a cross-forest transitive trust between the two forests and we want to be able to resolve names between the two forests. We did the following: - created a secondary DNS zone called domain2.net on one domain controller in domain1.net and set a domain controller in domain2.net to be the master. - created a secondary DNS zone called domain1.net on one domain controller in domain2.net and set a domain controller in domain1.net to be the master. - on both of the above secondary zones we set zone transfer for to any server and set notify changes for all other domain controllers in the same domain. We do see records from each domain in the secondary zones and can resolve names on clients. My questions are: 1) Is this the most efficient way to do this, or is there a better or recommended way? 2) We only see the secondary zone on the domain controllers we created them on. Shouldn't this zone replicate to other domain controllers? If so, how do I set that up?

Hi Eric, Thanks for posting here. > Is this the most efficient way to do this, or is there a better or recommended way? Have you consider to set DNS conditions forwarder in order to implement the name resolution for both separate domains? Configure DNS Server Forwarders http://technet.microsoft.com/en-us/library/cc816856(WS.10).aspx Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you for your response Tiger. We had considered conditional forwarders as an option but had thought we would experience less WAN traffic by having the DNS servers periodically update from each other instead of all our clients querying DNS servers across the WAN.

So, I am not a fan of the secondary zone option and prefer the conditional fowarding. however, if you do have a concern with regard to bandwidth, then the secondary zone option may be your best option. Don't just assume...you should look into it. DNS traffic is quite small compared to what other modern day social applications are doing. One advantage that I enjoy about the conditional fowarding is that you can make them AD Integrated so, yes, all of your DCs will replicate this information. For the secondary zone option, NO, this is not stored in AD, but as a flat text file on your DC. you'll need to manually setup all of the secondary zones on all of your DCs. Visit anITKB.com, an IT Knowledge Base. Follow me on Facebook.