Re: Root domain clients cannot lookup child domain clients

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "A, Deji" <deji@xxxxxxxxxxxxx>
• Date: Fri, 10 Oct 2008 04:46:31 -0700

---

Actually, forwarding from child to parent or parent to child or from any server that can't (shouldn't) go external is not a problem. And it is not a requirement to forward to your ISP (or to anyone for that mater), if your DNS server can (is allowed to) go outside and chase referrals. Clients should typically use DNS servers in their own domain, but there is nothing bad in pointing them to any DNS server who has knowledge of the zone information for the client's domain (for example a DNS server in a root domain). I wouldn't get rid of the forwarder, but I will NOT create forwarding from the parent back to the child because then we will have the loop that you mentioned.

I think there is some other configuration problem with the OP's DNS setup, but his descriptions don't quite contain the information necessary to provide a good diagnosis. My suspicion is that the root clients are looking for clients in the child domain using netbios names. Unless the DNS suffix list on the root clients contains the FQDN of the child domain, then they will have a hard time locating those child domain computers.

The child domain computers are able to locate the root domain clients by netbios name because (again, this is pure conjecture) the parent FQDN (rootdomain.tld) is also part of the child FQDN (child.rootdomain.tld). This is happening not simply because of forwarding, but because of DNS devolution process.

If my suspicion is right, all that the OP needs to do is add child.rootdomain.tld to the list of domain suffixes on the parent domain clients. If these clients are XP and above, this can be done through a GPO setting. If they are older than XP, then this will have to be done manually or through scripting.

HTH

Deji

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message news:uJdDi8jKJHA.4324@xxxxxxxxxxxxxxxxxxxxxxx

"Guff Squirrel" <nospam@xxxxxxxxxx> wrote in message news:eiT0BMjKJHA.5232@xxxxxxxxxxxxxxxxxxxxxxx

I have a forwarder from the child dns server to one of the root domain dns server (I guess this is why it works one way)

No, that should not be there.

Should I create a forwarder to the root dns servers to the child root dns server. Is this correct?

No. Then you end up creating a loop.

All Active Directory DNS Servers within a Forest (regardless of domain) all are *already* aware of all of the Zones that exist within the Forest,...assuming AD Replication works properly,...that is one of the "jobs" of the Replication to keep maintained.

Get rid of the forwarder.

Clients should use only the DNS that is within their own Domain,...they should not use the DNS in any of the other domains in the Forest because their own DNS already posseses and is aware of all Zones in the Forest.

You should have 2 DNS in each Domain,...not 3 in one Domain and 1 in another.
Each DNS,..in its TCP/IP Config,... should point first to itself and then second to its Partner (hence, minimum 2 per domain), but it should not include DNSs from other domains because the AD Replication already covers that.

Forwarders should only point to *external* DNS Servers such as the ISP's DNS for resolving Public Internet Names.

As always,...anyone with more experience is welcome to correct anything I have in error. I don't see myself as a great AD expert but am willing to learn.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

.

---

• Follow-Ups:
  • Re: Root domain clients cannot lookup child domain clients
    • From: Phillip Windell

• References:
  • Root domain clients cannot lookup child domain clients
    • From: Guff Squirrel
  • Re: Root domain clients cannot lookup child domain clients
    • From: Phillip Windell

• Prev by Date: Re: DNS Setup - dcpromo doesn't see static ip
• Next by Date: Re: DNS Setup - dcpromo doesn't see static ip
• Previous by thread: Re: Root domain clients cannot lookup child domain clients
• Next by thread: Re: Root domain clients cannot lookup child domain clients
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: child domain did not register with parent - help ... I just noticed that on the on child B DC there is no option to log onto the ... reverse zones to replicate to each DNS server in the forest. ... (microsoft.public.windows.server.dns) Re: Child Domain DNS Woes ... There was only one DNS server, ... > 2000 Server, located in the parent domain. ... Created a new delegation on the parent DNS server for the child ... (microsoft.public.win2000.dns) Re: Need help with DNS design and settings ... On 1, are you saying the DNS server should point to itself as the primary, ... Also on #2 what's your opinion on the conditional forwarding I was told to ... >> Basically I want ANY internet query from ANY internal dns server to be ... (microsoft.public.win2000.dns) Re: Child Domain problem ... Server: pasadena.gkkcorp.com ... >> also i on parent DNS server and giving delegation to ... >Don't make more than ONE AD Integrated DNS server until ... >(A common mistake is for child DNS servers to fail to find ... (microsoft.public.win2000.active_directory) Re: Is it best to use forwarders on DNS or let server perform recursio ... recursion has my DNS server ... If I setup forwarding, I ... (microsoft.public.windows.server.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.dns  > 2008-10