I am trying to help DNS name resolution work consistently across a company's three separate domains. These domains are also separate forests. They are physically networked together with a site-to-site VPN connection. There are forward lookup zones created that list these separate domains/forests in some of the DC/DNS servers already. These are primary zones. However, this data does not appear to be synced. I currently have to manually add A and matching PTR records for each IP device I want to add to DNS, which is time consuming and mistaken prone.
Upon further inspection, it looks like zone transfers for the parent domain are not enabled (example: on DC1 in forest1, zone transfers are not enabled and on DC2 in forest 2, zone transfers are not enabled), though they are enabled for the already existing forward lookup domains on each search for currently external domains (forward zone for forest2 on forest one allows zone transfers and vice versa)
I’d like to try and allow these separate forests to be synced in regards to DNS, but I’m not sure how to go about that. I was thinking possibly enabling zone transfers, but I’m not sure how the already existing forward lookup zones would affect this since they’re not currently synced, and these servers are both DC servers so that may interfere with how AD replicates?
We could try joining these separate forests but are trying not to go that route right away due to the time commitment involved.
References:
DNS and Forward Lookup Zones
https://community.spiceworks.com/topic/884148-combining-2-active-directory-forests
