Making 2 root domain controllers trust each other only grants them access to each other
and not the children sub-domains.
//Configuration
1.Open the DNS manager on the first server
Expand the Forward Lookup Zones, right click on the primary zone (e.g. domain1.local) and click properties.
Go to the zone transfers section and configure the server to allow zone transfers either all servers (unsecure) or type the IP of the second server and allow access to that server.
Expand the Reverse Lookup Zones, right click on the primary zone (e.g. 10.10.10.in-addr.arpa) and click properties.
Go to the zone transfers section and configure the server to allow zone transfers either all servers (unsecure) or type the IP of the second server and allow access to that server.
Open the DNS manager on the second server.
Expand the Forward Lookup Zones, right click on the primary zone (e.g. domain2.local) and click properties.
Go to the zone transfers section and configure the server to allow zone transfers either all servers (unsecure) or type the IP of the second server and allow access to that server.
Expand the Reverse Lookup Zones, right click on the primary zone (e.g. 11.11.11.in-addr.arpa) and click properties.
Go to the zone transfers section and configure the server to allow zone transfers either all servers (unsecure) or type the IP of the second server and allow access to that server.
On the first server, create a secondary zone in the Forward Lookup Zones naming it after the domain on the second server (e.g. domain2.local).
When asked, set the master server as the IP of the second server.
In the Reverse Lookup Zone, create a secondary zone named after the primary zone of the second server (e.g. 11.11.11.in-addr.arpa).
When asked, set the master server as the IP of the second server.
On the second server, create a secondary zone in the Forward Lookup Zones naming it after the domain on the first server (e.g. domain1.local).
When asked, set the master server as the IP of the first server.
In the Reverse Lookup Zone, create a secondary zone named after the primary zone of the first server (e.g. 10.10.10.in-addr.arpa).
When asked, set the master server as the IP of the first server.
DNS should now be replicated across both domains. You can test it by pinging a FQDN computer name, (e.g. ping server.domain1.local). If you receive a response then it’s working correctly.
Two Way Trust Set Up
2.
On the first server, open Active Directory Domains and Trusts from the Administrative Tools area in Control Panel.
Right click on the domain name and click Properties.
Navigate to the Trusts tab and click New Trust at the bottom.
The Trust wizard will appear, press next and type in the FQDN address of the second server (e.g. server.domain2.local) and press next.
Choose Realm Trust and press Next.
For Trust Transitivity choose External Trust Nontransitive.
3.
For the direction choose Two-way and press Next.
Type a password for the trust twice and press Next and Next again on the next tab.
Press Finish.
On the second server, open Active Directory Domains and Trusts from the Administrative Tools area in Control Panel.
Right click on the domain name and click Properties.
Navigate to the Trusts tab and click New Trust at the bottom.
The Trust wizard will appear, press next and type in the FQDN address of the first server (e.g. server.domain1.local) and press next.
Choose Realm Trust and press Next.
For Trust Transitivity choose Nontransitive.
For the direction choose Two-way and press Next.
Type a password for the trust twice (not sure if this needs to be the same as the password on the other server, I usually set it the same) and press Next and Next again on the next tab.
Press Finish.