| Author |
Message |
Sezgin Rafed
Guest
|
 Posted:
Sat Jan 08, 2005 7:19 pm Post subject:
DNS zone for Domain on Server in another Domain. |
|
|
Hi everyone,
The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
Server(DNS1) which is a member of another domain(DOM2). There is a two-way
external trust between DOM1 and DOM2.
The DC's and most workstations in DOM1 have trouble dynamically registering
their IP addresses(I suspect it is a security issue - may be due to
inadequate settings.)
Which settings should I check out ?
What should I do to solve the problem ?
Regards.
Sezgin Rafed |
|
| Back to top |
|
 |
Ulf B. Simon-Weidner [MVP
Guest
|
| Posted:
Sat Jan 08, 2005 7:38 pm Post subject:
Re: DNS zone for Domain on Server in another Domain. |
|
|
"Sezgin Rafed" <anonymous@anonymous.com> wrote in message
news:anonymous@anonymous.com:
| Quote: | Hi everyone,
The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
Server(DNS1) which is a member of another domain(DOM2). There is a
two-way
external trust between DOM1 and DOM2.
The DC's and most workstations in DOM1 have trouble dynamically
registering
their IP addresses(I suspect it is a security issue - may be due to
inadequate settings.)
Which settings should I check out ?
What should I do to solve the problem ?
|
Hello Sezgin,
The permissions which should be enough are mentioned in the following
message:
http://groups-beta.google.com/group/microsoft.public.windows.server.dns/msg/a3e3dbd24722b280
You could create your own group which includes the DHCP-Server, the
servers and all clients and allow set that group in the DNS-Zones
security.
I haven't tested that, but it should work. So if you are going do go
that way I'd apprechiate feedback.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org |
|
| Back to top |
|
|
Roger Abell
Guest
|
| Posted:
Sun Jan 09, 2005 3:54 am Post subject:
Re: DNS zone for Domain on Server in another Domain. |
|
|
As we are here dealing with, as OP stated, external two-way
trust, are we sure that this is not due to the secured updating
depending on Kerberos? IIRC the DNS server impersonates
the updating client while it does the LDAP calls for the record
updates.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in
message news:eQXH6dY9EHA.2568@TK2MSFTNGP10.phx.gbl...
| Quote: | "Sezgin Rafed" <anonymous@anonymous.com> wrote in message
news:anonymous@anonymous.com:
Hi everyone,
The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
Server(DNS1) which is a member of another domain(DOM2). There is a
two-way
external trust between DOM1 and DOM2.
The DC's and most workstations in DOM1 have trouble dynamically
registering
their IP addresses(I suspect it is a security issue - may be due to
inadequate settings.)
Which settings should I check out ?
What should I do to solve the problem ?
Hello Sezgin,
The permissions which should be enough are mentioned in the following
message:
http://groups-beta.google.com/group/microsoft.public.windows.server.dns/msg/a3e3dbd24722b280
You could create your own group which includes the DHCP-Server, the
servers and all clients and allow set that group in the DNS-Zones
security.
I haven't tested that, but it should work. So if you are going do go
that way I'd apprechiate feedback.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org |
|
|
| Back to top |
|
|
Sezgin Rafed
Guest
|
| Posted:
Fri Jan 14, 2005 3:09 pm Post subject:
Re: DNS zone for Domain on Server in another Domain. |
|
|
Thanks for the replies.
If we decide to move the primary and secondary DNS zones to a DNS Server on
our own Domain(without recreating the Domain), what would be the procedure
to follow ?
Regards.
Sezgin Rafed
"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in
message news:eQXH6dY9EHA.2568@TK2MSFTNGP10.phx.gbl...
| Quote: | "Sezgin Rafed" <anonymous@anonymous.com> wrote in message
news:anonymous@anonymous.com:
Hi everyone,
The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
Server(DNS1) which is a member of another domain(DOM2). There is a
two-way
external trust between DOM1 and DOM2.
The DC's and most workstations in DOM1 have trouble dynamically
registering
their IP addresses(I suspect it is a security issue - may be due to
inadequate settings.)
Which settings should I check out ?
What should I do to solve the problem ?
Hello Sezgin,
The permissions which should be enough are mentioned in the following
message:
http://groups-beta.google.com/group/microsoft.public.windows.server.dns/msg/a3e3dbd24722b280
You could create your own group which includes the DHCP-Server, the
servers and all clients and allow set that group in the DNS-Zones
security.
I haven't tested that, but it should work. So if you are going do go
that way I'd apprechiate feedback.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org |
|
|
| Back to top |
|
|
Sezgin Rafed
Guest
|
| Posted:
Fri Jan 14, 2005 3:13 pm Post subject:
Re: DNS zone for Domain on Server in another Domain. |
|
|
I have another question:
Where are the settings, which determine the Computers allowed to
register/update their DNS Records ?
I want to check the permissions related to Computers belonging to the
trusted Domain.
Regards.
"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in
message news:eQXH6dY9EHA.2568@TK2MSFTNGP10.phx.gbl...
| Quote: | "Sezgin Rafed" <anonymous@anonymous.com> wrote in message
news:anonymous@anonymous.com:
Hi everyone,
The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
Server(DNS1) which is a member of another domain(DOM2). There is a
two-way
external trust between DOM1 and DOM2.
The DC's and most workstations in DOM1 have trouble dynamically
registering
their IP addresses(I suspect it is a security issue - may be due to
inadequate settings.)
Which settings should I check out ?
What should I do to solve the problem ?
Hello Sezgin,
The permissions which should be enough are mentioned in the following
message:
http://groups-beta.google.com/group/microsoft.public.windows.server.dns/msg/a3e3dbd24722b280
You could create your own group which includes the DHCP-Server, the
servers and all clients and allow set that group in the DNS-Zones
security.
I haven't tested that, but it should work. So if you are going do go
that way I'd apprechiate feedback.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org |
|
|
| Back to top |
|
|
Carsyn Gu [MSFT]
Guest
|
| Posted:
Wed Jan 19, 2005 4:22 pm Post subject:
RE: DNS zone for Domain on Server in another Domain. |
|
|
Hi Sezgin,
Thanks for your posting.
Normally, we suggest setting up the DNS server for each domain. You can
setup the DNS server on the domain controller of DOM1.
Sincerely,
Carsyn Gu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Sezgin Rafed" <anonymous@anonymous.com>
| Subject: DNS zone for Domain on Server in another Domain.
| Date: Sat, 8 Jan 2005 15:19:21 +0200
| Lines: 19
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.181
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
| Message-ID: <uZhivSY9EHA.2900@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.windows.server.dns
| NNTP-Posting-Host: host-213-194-84-162.borusantelekom.com 213.194.84.162
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.dns:14735
| X-Tomcat-NG: microsoft.public.windows.server.dns
|
| Hi everyone,
|
| The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
| Server(DNS1) which is a member of another domain(DOM2). There is a two-way
| external trust between DOM1 and DOM2.
| The DC's and most workstations in DOM1 have trouble dynamically
registering
| their IP addresses(I suspect it is a security issue - may be due to
| inadequate settings.)
|
| Which settings should I check out ?
| What should I do to solve the problem ?
|
|
|
| Regards.
|
| Sezgin Rafed
|
|
| |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in