Question / Answer - Why

You are a net admin, your company has an internet presence of abc.com. Your network also has three AD domains named abc.local, support.abc.local and research.abc.local.

You install a server named fs1 as a member of the abc.local domain. You configure FS1 with a static IP of 192.168.1.5. You configure the server to dynamically register its DNS name.

Clients in the support.abc.local domain need to access the FS1 server. Some users in the support.abc.local domain are accustomed to using the support.abc.local suffis when accessing network resources. To accommodate these users, you want to dynamically register the name FS1.support.abc.local name in addition to the FS1.abc.local name in DNS.

What should you do?

The answer to this question is:

On the FS1 server, edit the advanced TCP/IP properties of the server’s local area network connection. Add a connection-specific suffix of support.abc.local. Apply the changes, then run ipconfig /registerdns.

I really need to understand why this is correct.

Please help

Find more posts tagged with

Comments

royal

There are 2 types of suffixes. There are primary suffixes and connection specific suffixes. If you do an ipconfig /all, you will see primary suffix. The primary suffix can be manually added as well as have it automatically be added to your system configuration upon joining a domain (default setting).

When you do an ipconfig /registerdns or when you go through the request process of a dhcp DORA (discover, offer, request, acknowledgement) and the client registers its dns, it will register its information into dns. Obviously it will register its A record into the dns server that is configured onto that computer either staticly or through dhcp. When you joined that domain, as I said, it adds the primary suffix. When the computer goes to register its A record, it will look for the primary suffix and when it creates the A record, it uses the primary suffix to know which zone to add the A record in. I'm sure that there is more to it then just "trusting" what the primary suffix is. For example, netlogon does requests which try to find domain controllers using the _record subfolders in dns.

Also, you can manually create connection-specific suffixes. This allows you to be more specific and have additional a-records. A good example of this is, you are joined to a domain through 1 network card (you have that domain's domain as primary suffix). You also have a 2nd network card that is part of a different subnet but you want your client to have an A record for the domain that the 2nd nic is connected to. If you add the connection-specific suffix for that specific nic, when you do the ipconfig /registerdns, it will also try to register an A record in dns if a dns server in your properties hosts the zone for that domain (remember you can have more than 2 dns servers if you go into advanced connection properties).

Hope this helps.

Danman32

I have a few problems with that question. Since you have 3 AD domains, you have to have at least one dedicated DC for each domain, therefore there needs to be 3 DCs on this network. Clients in the support.abc.local use which DNS server for their DNS? How is the rest of the DNS structure configured? Do all DCs have zones for all three domains and are they all AD integrated?

My understanding was that the connection based domain suffix overrides the primary domain suffix, therefore if the client only had one nic with a connection suffix, the primary one would not get registered. I'll have to check that out.

For 2K3 by the way, replication across different domains isn't a problem if the replication type is set right, but with 2K AD integrated zones, the replication only occurs within the bounds of that domain. Therefore having a zone support.abc.com on a DC that belongs to the support.abc.local will not replicate with the zone of the same name on a DC in the abc.local domain.