We have multiple sites in NV, TX, PA and NY. NV site is the primary site with AD and DNS server for all the users/hosts in NV. NV is also connected to TX, PA and NY through VPN. Currently, TX, PA and NY site use NV AD and DNS to reach hosts in NV. Now we want to create local AD and DNS in all three sites (PA, TX and NY). However, we still want all sites to reach NV site with DNS names. I think that part can be tackled with Zone Transfer from NV to PA, TX and NY. The most important part is to create local entries for hosts in three remote sites. Main site doesn't need to know anything about remote site's local entries. How can I achieve this? Could this be done using a child domain on main site or child domain on local site? Currently, we are in planning phase but I can do some testing and have the same domain as main site (abcxyz.com) on PA site (abcxyz.com). I created a new secondary DNS zone in PA and enabled zone transfer between PA and NV. And that works fine. However, I cannot figure out how to add local entries for PA site.
--->>> Old Text
Sorry for the confusion if someone cannot understand what I am trying to achieve.
Site A has domain abcxyz.com. Site A has 2 AD servers with DNS enabled for hosts entries. Those 2 DNS server have AD integrated Primary Zone for abcxyz.io. The subnet for this site is 10.0.0.0/16 (if that matters).
We have another site, Site B. Site B currently has one AD server with the same domain as Site A (abcxyc.com). Site A and Site B are connected via IPSec tunnel. DNS service has been enabled on Site B's AD server with AD integrated Secondary Zone. Site B is in the 10.1.0.0/16 subnet.
Right now all DHCP clients point to Site B's DNS server can resolve Site A's hosts in 10.0.0.0/16 subnet because I have enabled Zone-Transfer between Site A's 2 AD DNS server and Site B's AD DNS Server.
Now the problem is I cannot create any DNS entries for Site B's Forward Lookup Zone > abcxyz.com as this is a Secondary Zone. I can create Site B's DNS entries (example ubntu1.abcxyz.com -> 10.1.100.100) in Site A AD DNS Server and can Request Update From Master Server or wait for Refresh Interval. After the update, I am seeing DNS entry for ubntu1.abcxyz.com in Site B DNS and can resolve it successfully.
This is not the desired solution because Site A in future will connect to multiple different sites, and if zone-transfer is enabled between Site A and remote sites, all DNS entries will be propagated everywhere. So ubuntu1.abcxyz.com will be propagated throughout the organization across multiple sites.
What we want is for Site B to create its own DNS entries which will remain local to its site. No other site needs to know or learn about these entries. But every site must know Site A's DNS entries. For that to happen, how do I implement the domain? Should I include all the sites under one domain, and then create child domains or sub-domains? Is there any other solution for this? I apologize as I am not an AD expert so I may be misusing some terms.