Re: DNS resolving issue with new child domain
From: ITOpMan (ITOpMan_at_discussions.microsoft.com)
Date: 11/17/04
- Previous message: Glenn L: "Re: Computer name"
- In reply to: Dana Brash: "Re: DNS resolving issue with new child domain"
- Next in thread: Dana Brash: "Re: DNS resolving issue with new child domain"
- Reply: Dana Brash: "Re: DNS resolving issue with new child domain"
- Reply: Dana Brash: "Re: DNS resolving issue with new child domain"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 16 Nov 2004 23:34:02 -0800
Hi..Dana, Thanks for the response. I will try and answer all your questions.
What can you tell us about your DNS setup?
Where are the servers? All child domains are internal of ISA fire wall,
10.0.0.0 for main domain and 10.0.1.0 and 10.0.2.0 for child domains (new
child domian been 10.0.2.0) ther is a router at 10.0.0.8 for 10.0.1.0 child
domain (Pix router route for new child domian added as this is our default
gateway for 10.0.0.0 domain).
Which zones are on which servers? Their are 3 DNS server on the main domain
and these have forward and reverse lookup zones as for as I'm aware no
Delegation,
What type of zones are they? all dns servers including child domians are AD
integrated
Are the servers properly configured to use themselves ONLY for DNS? Good
question not sure! all worked fine before the new child domian was added so I
would of thought this is yes.
What forwarders do you have configured? I did add forwarders on the child
domian for the main domain but errors reported error 7063 DNS so removed them.
What client are you testing from? I am testing from a my desktop using
nslookup I do the tests from all dns servers. so I am test each dns server
with the same tests.
Which DNS server is the client using? My PC is on the main domain and is
using 2 dns server primery 10.0.0.6 and 10.0.0.2 (fixed IP with DNS and
gateway added)
Perhaps I should remove the dns server on the child domain and recreate it
following your instructions?, I did try this once but as soon as I added it
again it picked up the old zone settings even when I deleted the folder
c:\windows\system32\DNS,
What is the correct way to remove dns server completely?
Hope this is enough info and i have answered all the questions, but if you
hae any more please ask.
NB: initionaly the main domain did not resolve any thing in the new child
domain but since I added the secondary zone of the child domian into the main
dns server 10.0.0.6 it does resolve. although I can not resolve ip addresses
as stated.
Brian
"Dana Brash" wrote:
> Hi Brian,
>
> nslookup's ability to resolve a hostname is not related to WINS.
> nslookup's ability to resolve IP => Domain Name is related to Reverse Lookup
> Zones being properly confiugred in DNS.
> If nslookup can resolve a hostname, then DNS is working. If you really want
> to test it, turn WINS off, you probably don't need it anyway.
> You can also try pinging back and forth using FQDN.
>
> Let's back up for a minute though..... What exactly are you actually trying
> to do when you receive an error? My understanding from your original post
> was that you can not resolve NSLookup queries from the parent to the child
> domain, but that nslookup queries from the child domain resolve parent
> domain hosts.
>
> You also mentioned that you had a router routing between the domains:
>
> > > > DC which is also acting as a router (additional NIC added) between the
> > > > domains
>
> and so I assumed that the parent was on one side and child domain was on the
> other side. I would also assume that the parent and child domains would be
> on separate subnets, which would make some logical sense as well (hence the
> need for routing). It is this router between the two subnets that needs to
> be able to pass port 53 for DNS lookup. Both subnets should be behind a
> firewall, and incoming port 53 requests should be blocked at the firewall.
> However, IF both parent and child domains are on the same subnet, then they
> both want to be using the same reverse lookup zone. You can host a
> secondary lookup zone in the child domain.
>
> What can you tell us about your DNS setup?
> Where are the servers?
> Which zones are on which servers? Forward Lookup? Reverse Lookup?
> Delegation?
> What type of zones are they? AD integrated? Primary? Secondary?
> Are the servers properly configured to use themselves ONLY for DNS? What
> forwarders do you have configured?
> What client are you testing from? Which DNS server is the client using?
>
> --
> HTH,
> =d=
>
>
> Dana Brash
> MCSE, MCDBA, MCSA
>
> dbrash@NOSPAM.gmail.com
>
> "ITOpMan" <ITOpMan@discussions.microsoft.com> wrote in message
> news:EF634D4A-781F-448B-8023-F461FE94AEBB@microsoft.com...
> > Hi...The child domain is inside the firewall so there is no issues with
> > firewall but worth asking. I have just tested nslookup from the main
> domain
> > server and this works fine now with the secondary zone resolves ntebios
> and
> > ip addresses for the child domain, But the server in the child domain
> solves
> > netbios names to ip (which i think is using wins) but can not resolve ip
> > addresses.
> >
> > all dns servers have reverse lookup zones.
> >
> > How can I test if dns is working? nslookup as i said waorks on netbios
> names
> > but can not resolve ip addresses so believe its the wins thats resolving
> the
> > netbios names.
> >
> > Any help would be greatfully recieved.
> >
> > Brian
> >
> > "Dana Brash" wrote:
> >
> > > Hi,
> > >
> > > If the parent zone and child zone are on either side of a router, you'll
> > > need to route port 53 for DNS resolution between DNS servers.
> > >
> > > If it's not simply a routing problem, this should get you on the right
> > > track...
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;255248
> > >
> > > Can the child domain perform successful DNS lookups for itself? If so,
> > > where is the child zone hosted?
> > >
> > >
> > > --
> > > HTH,
> > > =d=
> > >
> > >
> > > Dana Brash
> > > MCSE, MCDBA, MCSA
> > >
> > > dbrash@NOSPAM.gmail.com
> > >
> > > "ITOpMan" <ITOpMan@discussions.microsoft.com> wrote in message
> > > news:53F2B58E-93C4-4A10-AE4B-28442EDA1EC4@microsoft.com...
> > > > We have just added a new child domain to our network and installed a
> > > win2000
> > > > DC which is also acting as a router (additional NIC added) between the
> > > > domains, We are running DNS with AD and we can resolve nslookup
> querrys
> > > from
> > > > this child domain for the main domain but can not resolve anything
> from
> > > the
> > > > main domain for the child domains.
> > > > 'none-existing domain'
> > > >
> > > > Has any one any idea why this is happening and How we can resolve it.
> > > >
> > > > Cheer's
> > > >
> > > > I have now moved the routing to a new machine as I read some were that
> you
> > > > shpould not put routing on a DC! any way same probem with dns.
> > > >
> > > >
> > >
> > >
> > >
>
>
>
- Previous message: Glenn L: "Re: Computer name"
- In reply to: Dana Brash: "Re: DNS resolving issue with new child domain"
- Next in thread: Dana Brash: "Re: DNS resolving issue with new child domain"
- Reply: Dana Brash: "Re: DNS resolving issue with new child domain"
- Reply: Dana Brash: "Re: DNS resolving issue with new child domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
