Re: DNS resolving issue with new child domain

From: Dana Brash (dbrash_at_NOSPAM.gmail.com)
Date: 11/17/04 

Date: Wed, 17 Nov 2004 21:38:19 +0800

This would be one way to do it...
http://www.phongsaly.com/diagrams/ChildDNS.htm 

-- 
HTH,
=d=
Dana Brash
MCSE, MCDBA, MCSA
dbrash@NOSPAM.gmail.com
"ITOpMan" <ITOpMan@discussions.microsoft.com> wrote in message
news:7858998F-1F66-4B82-99F4-C0F9B7453B71@microsoft.com...
> Hi..Dana, Thanks for the response. I will try and answer all your
questions.
>
> What can you tell us about your DNS setup?
>
> Where are the servers? All child domains are internal of ISA fire wall,
> 10.0.0.0 for main domain and 10.0.1.0 and 10.0.2.0 for child domains (new
> child domian been 10.0.2.0) ther is a router at 10.0.0.8 for 10.0.1.0
child
> domain (Pix router route for new child domian added as this is our default
> gateway for 10.0.0.0 domain).
>
> Which zones are on which servers?  Their are 3 DNS server on the main
domain
> and these have forward and reverse lookup zones as for as I'm aware no
> Delegation,
>
> What type of zones are they? all dns servers including child domians are
AD
> integrated
>
> Are the servers properly configured to use themselves ONLY for DNS?  Good
> question not sure! all worked fine before the new child domian was added
so I
> would of thought this is yes.
>
> What forwarders do you have configured? I did add forwarders on the child
> domian for the main domain but errors reported error 7063 DNS so removed
them.
>
> What client are you testing from? I am testing from a my desktop using
> nslookup I do the tests from all dns servers. so I am test each dns server
> with the same tests.
>
> Which DNS server is the client using? My PC is on the main domain and is
> using 2 dns server primery 10.0.0.6 and 10.0.0.2 (fixed IP with DNS and
> gateway added)
>
> Perhaps I should remove the dns server on the child domain and recreate it
> following your instructions?, I did try this once but as soon as I added
it
> again it picked up the old zone settings even when I deleted the folder
> c:\windows\system32\DNS,
>
> What is the correct way to remove dns server completely?
>
> Hope this is enough info and i have answered all the questions, but if you
> hae any more please ask.
>
> NB: initionaly the main domain did not resolve any thing in the new child
> domain but since I added the secondary zone of the child domian into the
main
> dns server 10.0.0.6 it does resolve. although I can not resolve ip
addresses
> as stated.
>
> Brian
>
> "Dana Brash" wrote:
>
> > Hi Brian,
> >
> > nslookup's ability to resolve a hostname is not related to WINS.
> > nslookup's ability to resolve IP => Domain Name is related to Reverse
Lookup
> > Zones being properly confiugred in DNS.
> > If nslookup can resolve a hostname, then DNS is working.  If you really
want
> > to test it, turn WINS off, you probably don't need it anyway.
> > You can also try pinging back and forth using FQDN.
> >
> > Let's back up for a minute though.....  What exactly are you actually
trying
> > to do when you receive an error?  My understanding from your original
post
> > was that you can not resolve NSLookup queries from the parent to the
child
> > domain, but that nslookup queries from the child domain resolve parent
> > domain hosts.
> >
> > You also mentioned that you had a router routing between the domains:
> >
> > > > > DC which is also acting as a router (additional NIC added) between
the
> > > > > domains
> >
> > and so I assumed that the parent was on one side and child domain was on
the
> > other side.  I would also assume that the parent and child domains would
be
> > on separate subnets, which would make some logical sense as well (hence
the
> > need for routing).  It is this router between the two subnets that needs
to
> > be able to pass port 53 for DNS lookup.  Both subnets should be behind a
> > firewall, and incoming port 53 requests should be blocked at the
firewall.
> > However, IF both parent and child domains are on the same subnet, then
they
> > both want to be using the same reverse lookup zone.  You can host a
> > secondary lookup zone in the child domain.
> >
> > What can you tell us about your DNS setup?
> > Where are the servers?
> > Which zones are on which servers?  Forward Lookup? Reverse Lookup?
> > Delegation?
> > What type of zones are they? AD integrated? Primary? Secondary?
> > Are the servers properly configured to use themselves ONLY for DNS?
What
> > forwarders do you have configured?
> > What client are you testing from?  Which DNS server is the client using?
> >
> > -- 
> > HTH,
> > =d=
> >
> >
> > Dana Brash
> > MCSE, MCDBA, MCSA
> >
> > dbrash@NOSPAM.gmail.com
> >
> > "ITOpMan" <ITOpMan@discussions.microsoft.com> wrote in message
> > news:EF634D4A-781F-448B-8023-F461FE94AEBB@microsoft.com...
> > > Hi...The child domain is inside the firewall so there is no issues
with
> > > firewall but worth asking.  I have just tested nslookup from the main
> > domain
> > > server and this works fine now with the secondary zone resolves
ntebios
> > and
> > > ip addresses for the child domain, But the server in the child domain
> > solves
> > > netbios names to ip (which i think is using wins) but can not resolve
ip
> > > addresses.
> > >
> > > all dns servers have reverse lookup zones.
> > >
> > > How can I test if dns is working? nslookup as i said waorks on netbios
> > names
> > > but can not resolve ip addresses so believe its the wins thats
resolving
> > the
> > > netbios names.
> > >
> > > Any help would be greatfully recieved.
> > >
> > > Brian
> > >
> > > "Dana Brash" wrote:
> > >
> > > > Hi,
> > > >
> > > > If the parent zone and child zone are on either side of a router,
you'll
> > > > need to route port 53 for DNS resolution between DNS servers.
> > > >
> > > > If it's not simply a routing problem, this should get you on the
right
> > > > track...
> > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;255248
> > > >
> > > > Can the child domain perform successful DNS lookups for itself?  If
so,
> > > > where is the child zone hosted?
> > > >
> > > >
> > > > -- 
> > > > HTH,
> > > > =d=
> > > >
> > > >
> > > > Dana Brash
> > > > MCSE, MCDBA, MCSA
> > > >
> > > > dbrash@NOSPAM.gmail.com
> > > >
> > > > "ITOpMan" <ITOpMan@discussions.microsoft.com> wrote in message
> > > > news:53F2B58E-93C4-4A10-AE4B-28442EDA1EC4@microsoft.com...
> > > > > We have just added a new child domain to our network and installed
a
> > > > win2000
> > > > > DC which is also acting as a router (additional NIC added) between
the
> > > > > domains, We are running DNS with AD and we can resolve nslookup
> > querrys
> > > > from
> > > > > this child domain for the main domain but can not resolve anything
> > from
> > > > the
> > > > > main domain for the child domains.
> > > > >  'none-existing domain'
> > > > >
> > > > > Has any one any idea why this is happening and How we can resolve
it.
> > > > >
> > > > > Cheer's
> > > > >
> > > > > I have now moved the routing to a new machine as I read some were
that
> > you
> > > > > shpould not put routing on a DC!  any way same probem with dns.
> > > > >
> > > > >
> > > >
> > > >
> > > >
> >
> >
> >

Relevant Pages

  • Re: DNS reverse records for router
    ... how could you have another DNS server authoritative for the zone? ... If the zones are AD int then depending on the application directory partition ... DNS server A in the child domain and a DC DNS server B exists in the same ... >domain is the DNS server for that namespace and its clients register with it, ...
    (microsoft.public.windows.server.dns)
  • Re: WINDOWS RAPLICATION ISSUE
    ... , Secondary zones, Stub zones, or forest wide AD Integration ... to arrange for every DNS server to resolve ALL zones for every domain.""" ... why I am getting following erro to resolve this whAT i HAVE TO DO? ... The attempt to establish a replication link for the following writable ...
    (microsoft.public.windows.server.active_directory)
  • Re: do I need a DNS server in a child domain ?
    ... include 2 windows 2k3 servers and each one has the DNS server ... I was able to create a child domain call "Europe.company.com", ... The easiest way to get your zones to the child DCs is to change all zones on ... the parent DCs to replicate to all DNS servers in the Active Directory ...
    (microsoft.public.windows.server.dns)
  • RE: DNS Zones
    ... How do I set up DNS for a child domain? ... parent DNS server for the child DNS server. ... Windows Server 2003 has additional types of zones, ...
    (microsoft.public.windows.server.dns)
  • Re: conditional forwarding configuration issues
    ... Set up conditional forwarding for fedex.com and ups.com to point ... > DNS server and my conditional forwarding domains, but yet not resolve ... Create these Stub Zones: ...
    (microsoft.public.windows.server.dns)
Loading