0

AD DS Setup:

Single forest with single domain contoso.com
There are some DNS Servers inside:
DNS-MAIN-01
DNS-SATELLITE-OFFICE-01
DNS-SATELLITE-OFFICE-02
...
DNS-SATELLITE-OFFICE-NN

Every DNS server has Forwarders that are pointed to local ISP's DNS servers (because local ISP DNS servers provide GeoIP). Internal DNS zones are stored in AD.

I need to create a conditional forwarder for some DNS zone held by foreign DNS server DNS-FOREIGN-01 that is accessible only from DNS-MAIN-01.

There is a way to explicitly set non-AD-stored CF on each DNS-SATELLITE-* server to forward to DNS-MAIN server, and on DNS-MAIN server - create a CF to forward to DNS-FOREIGN-01 server

Is there any way to avoid explicitly creating CF on each DNS-SATELLITE and make CF AD-Stored, but override AD-Stored CF on DNS-MAIN server ?

filimonic
  • 323
  • 3
  • 13

1 Answers1

1
  1. Yes, you can create a conditional forwarder that isn't AD-replicated.
  2. No, I can't think of any way you can make it AD-replicated except on one DC.
  3. If you're concerned about deploying new DCs and them not having the conditional forwarder, you could create a startup script GPO that checks for the conditional forwarder and then creates it if it's missing, except on your DNS-MAIN server. Just have a line in the script that exits if it's running on DNS-MAIN.
LeeM
  • 1,218
  • 9
  • 13
  • By the way, the reason I know you can create non-ad-replicated CFs is because a colleague of mine did so by accident and I found it literally *yesterday*. So this is serendipitous. – LeeM Sep 09 '20 at 01:45