We're in the process of setting up AD for a perimeter network. The issue I'm running into is around DNS, specifically around reverse lookup zones. The perimeter domain will be a separate forest from the domain that currently has an AD integrated reverse zone that covers the IP range for the perimeter network. The issue is that if we make the new AD/DNS servers secondaries for the reverse zone, they can't update them. If they're not secondaries, we will have different information for that zone in 2 different DNS environments. Also, all DNS entries for the perimeter network and anything in the other AD domain on this network range would be manually added to DNS. No dynamic updates.
So I've thought of a couple of options.
- Manually enter the DNS entry on the perimeter DNS and then also add it to the other DNS environment as a PTR record. Make the reverse zone a secondary zone in the new environment. Downside is that's it's 2 steps
- Make the non-perimeter DNS servers primary/ad integrated for the perimeter domain. the issue is that the perimeter servers will not be able to connect to the DNS servers in this environment, though the domain controllers would.
So I really have 2 questions. First, are there any other options? Second, if I went with option 2 above, would it cause any issues if I then made the domain controllers in the perimeter network secondaries for their domain? Would any server that was joining this domain have issues because of that? Again, there is no dynamic registration.
Thanks,
Rich