We have a windows 2003 forest with 3 domains.DNS is Activedirectory integrated, and replication is to All DNS servers in de Active Directory Forest.All de Zones are in every DNS server in every domain.Problem: Users in domain Amsterdam want to access a webpage in domain Brussel.Solution: Adda A record off the page in Domain Amsterdam.This works. But i just want to understand something.If Server1 resides in Domain Brussel.test.com, but i add a dns entry for this server in domain Amsterdam.test.com, then if i ping this server from the Amsterdam domain, the FQDN is server1.Amsterdam.test.com, what offcourse is wrong because the server is in the Brussel.test.com domain.But still i can access the webpage in domain Brussel from clients in Domain A. I think the ipadress is resolved and connection is made.Is this the solution for this issue, are do you have a better solution.Thanx

Hello Biga :If you use IIS as you webserver , In my opinion you can put a HOST HEADER in the properties of you webpage that is a special name like "Portal" then you can create a Zone in your dns environment named like " .Local " , after that you can put an A Record for that webpage in the dns zone that refers to the webpage , in this case if someone in any domain environment types " Portal.local " it will be redirected to that webpage.remember to create an active directory integrated zone so the zone transfer will be secure and much faster because it is replicated via active directory replication.In my opinion this will be more usefull.Theses are some guidlines fo that :http://www.visualwin.com/host-header/http://www.techzonez.com/forums/showthread.php?t=21371i hope it will be helpful. Network is my LOVE

Hi Mohammad,The part of IIS and the HostHeader is info i can use.But a few mouths ago we changed the zone replication scope on all DNS servers from "To All DNS servers in the Active Directory Domain" to "To all DNS servers in the Active Directory Forest"Ithought having all zones on every DNS server in every domain, i don't have to addA records for accessing resources in another domain.On all DNS servers in Amsterdam the forward lookup zone have the Amsterdam and Brussel zone.But still if i don't create the A record i can not access/ping the page or server in the other domain.The question is what is the purpose of the "To all DNS servers in the Active Directory Forest" replication scope vs the other replication option.I'm not an DNS guru. Just try to understand diffrent DNS options.Thanx

Hi Biga_b, For your better understanding of DNS zone replication scope, I have included a TechNet online documents as followed. This describe clearly the purpose of the "To all DNS servers in the Active Directory Forest" replication scope and other replication option. DNS zone replication in Active Directory Zone replication scope Description All DNS servers in the Active Directory forest Replicates zone data to all DNS servers running on domain controllers in the Active Directory forest. Usually, this is the broadest scope of replication. All DNS servers in the Active Directory domain Replicates zone data to all DNS servers running on domain controllers in the Active Directory domain. This option is the default setting for Active Directory-integrated DNS zone replication in the Windows Server2003 family. All domain controllers in the Active Directory domain Replicates zone data to all domain controllers in the Active Directory domain. If you want Windows2000 DNS servers to load an Active Directory zone, this setting must be selected for that zone. All domain controllers in a specified application directory partition Replicates zone data according to the replication scope of the specified application directory partition. For a zone to be stored in the specified application directory partition, the DNS server hosting the zone must be enlisted in the specified application directory partition. For more information, see Create a DNS application directory partition and Enlist a DNS server in a DNS application directory partition. Use DNS Application Directory Partitions Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi David,Thanx for the info, but i readhavethis article and other DNS articles.But i can really find an answer to my question.I know that all zone data are replicated to all dns servers when choosing the first replication scope option.But i was hoping that when i use this option, i didn't have to create records inone domain to access resources in another domain within the same forest.What is the purpose of having all zones on a dns server??I can't find an article explaining this option. Only that it is the broadest replication scope, and generate more network traffic.Thanx

Hi Biga_b, Once you have all the zones in all DNS server, for example: you have replicated Brussel.test.com zone information to the DNS server (DNS1) of Amsterdam.test.com domain. The DNS1 has the server1 A record in Brussel.test.com zone. In this case, when the DNS client in Amsterdam.test.com domain try to access the Server1, it will search for the Server1 A record in Amsterdam.test.com zone, and if there is no corresponding A record of Server1, in sequence it will search the Server1 A records in Brussel.test.com zone. As DNS1 of Amsterdam.test.com has got the replicated DNS zone information via "All DNS servers in the Active Directory Forest" Zone replication option. This can help the DNS client in Amsterdam.test.com domain can successfully resolve the Server1.Brussel.test.com This is the explanation for you. Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights.

Thank you very much David. That's the explanation i was looking for, and that is exactly what i thought.Soif you're statement is correct,then there is something wrong with my dns config.If i want to ping Server1(NetbiosName)in Brussel from a client in Amsterdam, i don't get a reply.If i ping Server1.Brussel.test.com(FQDN) i do get a reply.And if i create a A record for Server1 in the Amsterdam zone, offcourse i get a reply, but then the FQDN is wong, although things are working. Like in my case, i can access the webpage in Brussel from Amsterdam.So the problem is resolving the netbios name.Anotherway i know how to solve this, without creaing the A record,is to add the Brussel DNS suffix to the NIC properties of the client in Amsterdam. Then i can resolve the netbios name.But like you said, having all the zones on the DNS1 server in Amsterdam, i shouldn't have to do the things i describe.So what could be wrong with my DNS config????? Thanx

Hi Biga_b,What I have described is the DNS server side configuration that make it works,I am sorry thatI forgot to mention the DNSclient sidebehavior.From you description, I think you have been awared of the needed DNS clientsideconfigurationwhich can co-opearate with DNSserver side to works like youwish.Anotherway i know how to solve this, without creaing the A record,is to add the Brussel DNS suffix to the NIC properties of the client in Amsterdam. Then i can resolve the netbios name.What you have configure with DNS client is right. If you have add Brussel.test.com as DNS suffix search list in NIC propertiy on Client, the resolver adds those DNS suffixes in order and does not try any other domain names. For example, if the Append these DNS suffixes (in order) box includes the names "Brussel.test.com" and "Amsterdam.test.com"and when you submit the unqualified, single-label query "server1", the DNS resolver queries in order for the following FQDNs:server1.Bruseel.test.comserver1.Amsterdam.test.comThis can ensure that DNS client can successuflly search for the Server1 in DNS forward lookup zones on Amsterdam DNS server.For more information, please check Configuring Query SettingsHope this explanation is helpful.Best Regards,David ShenThis posting is provided "AS IS" with no warranties, and confers no rights.

Thanx again. I appreciate your output.Most of the things you confirmed for me.But there is still one questionthrough this post that is not answered.What is the advantage of "To all DNS servers in the Active Directory Forest" option if still i have to create an A record or add DNS suffix to the client NIC properties.Thanks for being patient with me David.

Hi Biga_b, The "To all DNS servers in the Active Directory Forest" option is only available for Active Directory Integrated-Zone type. For using this option, We can take advantage of AD replication because the DNS zone information contains as an application partition in AD database. Therefore, generally we don't have to create any records on DNS server if it is also a domain controller. The advantage of "To all DNS servers in the Active Directory Forest" is that it can automatically replicate all its DNS zone information to all DC/DNS server, this can help administrator to decrease the administration workload and ensure DNS service running in co-operate network. For your reference, I have list some DNS online resource. These documents describe more information about DNS and Active Directory. How DNS Works Use DNS Application Directory Partitions Active Directory-Integrated Zones Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights.

"Therefore, generally we don't have to create any records on DNS server if it is also a domain controller."That's it. This is my confusion. All of our DC's are DNS servers. All configured with the "To all DNS servers in the Active Directory Forest" option.In my case if i don't create a record,or add theBrussel DNS suffix to the NIC properties of the DC in Amsterdami can't ping/resolve server1/DC1 in brussel.test.comfrom amsterdam.test.com by it's netbios name.And that's why i think that despite everything is working fine in our forest, that DNS is probably not configured optimal.Thanx