Re: parent - child DNS in Active Directory
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Fri, 31 Oct 2008 20:03:16 -0000
hum....
I don't have a machine to test, but can you do that t the root DC/DNS and post the results
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"kbing" <kbing@xxxxxxxxxxxxxxxxx> wrote in message news:u6lXHNtOJHA.2912@xxxxxxxxxxxxxxxxxxxxxxx
Thanks. I have it setup as you said however when I run a nslookup with debug turned on it still uses the parent DNS servers to resolve external domain names.
Here is the output. Notice the primary name server resolving www.yahoo.com is d01dc1.internaldomain.com.....not the ISP's nor the child domain DNS server.
Does this mean that as long as it can reach the parent domain DNS it will use it but if it is unreachable then it only uses the forwarders defined?
The NIC card points to the localserver for DNS which has the forwarders configured for only two ISP DNS servers. An a conditional forwarder points to the parent domains DNS servers for only the parent domain.
C:\>nslookup
Default Server: d08dc1.dglobe.internaldomain.com
Address: 192.168.8.74
> set debug
> www.yahoo.com
Server: d08dc1.dglobe.internaldomain.com
Address: 192.168.8.74
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yahoo.com.dglobe.internaldomain.com, type = A, class = IN
AUTHORITY RECORDS:
-> dglobe.internaldomain.com
ttl = 3600 (1 hour)
primary name server = d08dc1.dglobe.internaldomain.com
responsible mail addr = hostmaster
serial = 123
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yahoo.com.dglobe.internaldomain.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> dglobe.internaldomain.com
ttl = 3600 (1 hour)
primary name server = d08dc1.dglobe.internaldomain.com
responsible mail addr = hostmaster
serial = 123
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yahoo.com.internaldomain.com, type = A, class = IN
AUTHORITY RECORDS:
-> internaldomain.com
ttl = 3600 (1 hour)
primary name server = d01dc1.internaldomain.com
responsible mail addr = hostmaster
serial = 37107
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yahoo.com.internaldomain.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> internaldomain.com
ttl = 3600 (1 hour)
primary name server = d01dc1.internaldomain.com
responsible mail addr = hostmaster
serial = 37107
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 2, authority records = 9, additional = 9
QUESTIONS:
www.yahoo.com, type = A, class = IN
ANSWERS:
-> www.yahoo.com
canonical name = www.yahoo-ht3.akadns.net
ttl = 0 (0 secs)
-> www.yahoo-ht3.akadns.net
internet address = 209.191.93.52
ttl = 8 (8 secs)
AUTHORITY RECORDS:
-> akadns.net
nameserver = use4.akadns.net
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = usw2.akadns.net
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = asia9.akadns.net
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = za.akadns.org
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = zb.akadns.org
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = zc.akadns.org
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = zd.akadns.org
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = eur1.akadns.net
ttl = 1897 (31 mins 37 secs)
-> akadns.net
nameserver = use3.akadns.net
ttl = 1897 (31 mins 37 secs)
ADDITIONAL RECORDS:
-> za.akadns.org
internet address = 195.219.3.169
ttl = 342 (5 mins 42 secs)
-> zb.akadns.org
internet address = 12.183.125.5
ttl = 1054 (17 mins 34 secs)
-> zc.akadns.org
internet address = 124.211.40.4
ttl = 476 (7 mins 56 secs)
-> zd.akadns.org
internet address = 204.2.178.133
ttl = 3045 (50 mins 45 secs)
-> eur1.akadns.net
internet address = 195.59.44.134
ttl = 6897 (1 hour 54 mins 57 secs)
-> use3.akadns.net
internet address = 204.2.178.133
ttl = 2389 (39 mins 49 secs)
-> use4.akadns.net
internet address = 208.44.108.137
ttl = 6748 (1 hour 52 mins 28 secs)
-> usw2.akadns.net
internet address = 12.183.125.5
ttl = 6330 (1 hour 45 mins 30 secs)
-> asia9.akadns.net
internet address = 220.73.220.4
ttl = 2790 (46 mins 30 secs)
------------
Non-authoritative answer:
------------
Got answer:
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
www.yahoo.com, type = AAAA, class = IN
ANSWERS:
-> www.yahoo.com
canonical name = www.yahoo-ht3.akadns.net
ttl = 0 (0 secs)
------------
Name: www.yahoo-ht3.akadns.net
Address: 209.191.93.52
Aliases: www.yahoo.com
>
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:671A6925-6E57-4F4F-8DBA-50F470B52950@xxxxxxxxxxxxxxxx
> Hi
> -Select the DNS icon on the mmc-snapin, in the right pane you'll a option
> for forwarders, duble click it and define them.
> -Conditional forwarding will redirect requests for that condition, "Normal"
> forwarding will redirect all requests to domains not known by the server or
> not existing in the Conditional Forwarding tab.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "news.microsoft.com" <kbing@xxxxxxxxxxxxxxxxx> wrote in message
> news:%23Do0esrOJHA.144@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello,
>>
>> I'm looking for specific best practice documentation that shows the best
>> way to setup forwarders on windows 2008 domain controllers that are
>> installed in the child domain. The parent domain has windows 2003 domain
>> controllers.
>>
>> The problem is that in the DNS configuration tab for forwarders Microsoft
>> changed how that works and you can no longer specify DNS servers for "All
>> other domains" selection. Now there is a conditional forwarders which I
>> understand. I have my parent domain setup in the conditional forwarder and
>> the ISP DNS setup on the Forwarder tab.
>>
>> however, when I perform a nslookup to www.yahoo.com, the DC continues to
>> query the parent domains DNS server to get the result. I can't figure out
>> how to get the 2008 DC to use the ISP's DNS's even thought they are
>> specificied as forwarders.
>>
>> Any help is appreciated.
>>
>> Thanks.
>>
>
- References:
- parent - child DNS in Active Directory
- From: news.microsoft.com
- Re: parent - child DNS in Active Directory
- From: Jorge Silva
- parent - child DNS in Active Directory
- Prev by Date: Re: Transitive Forest trust
- Next by Date: Re: Transitive Forest trust
- Previous by thread: Re: parent - child DNS in Active Directory
- Next by thread: Time server
- Index(es):
Relevant Pages
|
