Here is my scenario: creating a domain trust for an AD migration. Setting up DNS between DomainA.COM and DomainB.com. DomainA.com has DNS/AD servers spread across many global locations. There is a VPN tunnel between the two sites that only allows traffic between the main site of DomainA and main site of DomainB.
When I create a stub zone in DomainB, it downloads the Name Servers for DomainA from all over the globe, even locations to which DomainB is not allowed to contact based on the site to site VPN rules. Therefore, when resources try to resolve a ping to DomainA.com, for example, sometimes the request is sent to an AD/DNS server that DomainB cant contact.
How can I tell DNS in domainB to only contact the primary domain controllers in domainA, and not randomly selecting a DNS server from around the globe (and vice versa)?
-- Ron Williams http://www.r0nwilliams.com