markithomas
asked on
Can only ping by FQDN between two different domains
I have two different sites connected via an IPSec LAN to LAN VPN. I am able to browse shares, printers, terminal services etc but only by IP and FQDN. At each site there is a dns server and that resolves names for the internet and LAN resources local to each site. the DNS set up has forwarders pointing to each office DNS server, and I have added secondary zones which are copies of the others primary zones, but still I can only ping by FQDN. eg ping server1 timesout, ping server1.domain.com gets a reply.
I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!
Thanks
I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!
Thanks
is this tunnel using software or hardware?
Try and configure Reverse lookup zones also, and see how it goes.
CHeers
CHeers
ASKER
the tunnel is a hardware tunnel
ASKER
I created reverse zone but can only create a stub zone, it won't create a secondary and still can only ping to the server.domain.com
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, that seems to work after a quick test, is there a way to update the dns suffixes automatically with dhcp? I don't fancy changing all the machines individually. I don't fancy the idea of WINS, it seems a bit retro, like going back to NT 4 but if thats what it takes then thats what it needs.
look in the settings of the Hardware and make sure icmp is turned on.
Not with DHCP, sorry; this applies to Server 2003, but might work with XP clients as well:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785
If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553
As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785
If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553
As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
split points :)