question

Dario-0182 avatar image
0 Votes"
Dario-0182 asked Dario-0182 commented

DNS Delegations

Hello

I have, I think, simple question about DNS Delegations.
My test environment contains two Windows DNS servers (2012R2), with different zone names. Can I create delegation between those two zones?

For example:
First DNS server:
sub domain: lab.example.test

will point to:

trainers.labs on second DNS server.

Is it possible?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered Dario-0182 commented

Hi @Dario-0182 ,

if I got you right:

DNS 1 - Namespace 1 = lab.example.test
DNS 2 - Namespace 2 = trainers.labs

Is this right?

If so, you can't use DNS delegation because both namespaces aren't in the same hierarchy.
DNS Zone delegation works only within the same namespace hierarchy.

A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy.

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts#delegation

For instance this delegation will work -> sharing the same namespace hierarchy:
lab.example.test
trainers.lab.example.test

If DNS1 should be able to resolve trainers.lab DNS names the DNS conditional forwarding will do the trick. Create a conditional forwarder for trainers.labs on DNS1 (use IP of DNS2 as target DNS) and if required a conditional forwarder for lab.example.test on DNS2 (use IP of DNS1 as target DNS).


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi AndreasBaumgarten,

yes you are right, namespaces, that you mentioned, are correct.

Thanks for your answer.

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @Dario-0182

Yes you can create DNS delegations between zones. Please have a look on below Microsoft article.

https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverzonedelegation?view=windowsserver2019-ps3
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.