Re: urgent-DNS forwarder problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hey Guys.
Thanks for the help so far.

There is a firewall between my DCs and the root domain which I'm a little
suspicious of, unfortunately I dont have access.
Using nslookup I've tried connecting to DNS servers in domains on the other
side of this firewall and also to the root domain Dc. Each time I get a dns
request timed-out.

when I try to resolve servers in the other domains, I get
"Domain non-existent" from nslookup.

"Ace Fekay [MVP]" wrote:

> In news:C207CFF4-FC39-46A3-BE96-89BB9A1AB4BA@xxxxxxxxxxxxx,
> Padraig <Padraig@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then
> commented about below:
> > Hi,
> > I've recently inherited a child domain containing 4 DCs that is part
> > of a global forest containing approx 20 other child domains.
> >
> > I am experiencing a very strange problem as follows:
> > My DNS is AD integrated.
> > 3 of my 4 domain controllers are unable to resolve addresses outside
> > of the child domain for other child domains or for the forest root
> > domain.
> > the forwarder config on all DNS servers is identical and contains two
> > options:
> >
> > 1. All other DNS domains : goes to the ISP firewall
> > 2. root domain name : goes to the forest root DC.
> >
> > All Dcs can resolve external internet addresses perfectly.
> >
> > Help please...I'm going nuts
>
> Is the forest root DC/DNS operational or any errors on it? Any firewall in
> place?
>
> How are you trying to resolve the other domains, by FQDN or by NetBIOS name?
> WINS in place?
>
> For forwarding, we usually check off "Do not use recursion" under the
> forwarding tab so it forces DNS not to use the Root hints and only use the
> forwarder to go to the parent DNS.
>
> But if you are connecting by single name (NetBIOS), and the domain is in a
> different physical subnet, then WINS is required and the forwarder will
> fail. The reason is the local DNS resolver will devolve the name based on
> the search suffix listed on a machine. In a child scenario, the search
> suffix is the child.domain.com name, as well as the domain.com parent name,
> that;s it, unless you've populated that manually or by scriptr on every
> child domain's machine. If the search suffix for the other domains are not
> listed in the machine, then a single name lookup won't work to another
> child, but FQDN will, unless you have WINS.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> If this post is viewed at a non-Microsoft community website, and you were to
> respond to it through that community's website, I may not see your reply
> unless that website posts replies back to the original Microsoft forum.
> Therefore, please direct all replies ONLY to the Microsoft public newsgroup
> this thread originated in so all can benefit or ensure the web community
> posts it back to the original forum.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Microsot Certified Trainer
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>
.

Quantcast