Question about forest trust and DNS for Windows Server 2003 - TechRepublic
Question
January 11, 2007 at 09:47 PM
tkwhuang

Question about forest trust and DNS for Windows Server 2003

by tkwhuang . Updated 19 years, 6 months ago

As a newbie to the windows server 2003, I am hoping someone could help me clarify the following issue.

After reading a few books and the article by Brien M. Posey about designing Active Directory namespaces (http://articles.techrepublic.com.com/5100-6345_11-5098072.html), I am a little confused about the establishment of the one-way forest trust.

Assuming there are two AD forests named abc.com and abc.local, where the .com is the external and .local is for internal. To my understanding, a one-way trust can only be established when both external and internal DNS servers hold information about one another. I have no problem with the idea of setting up a secondary zone of abc.com in the internal DNS server, but when adding a secondary zone of abc.local to the external DNS server wouldn’t it become a potential security problem? Or is there another way to setup this one-way trust?

Any clarification would be greatly appreciated!

This discussion is locked

All Comments