Solved

Can only ping by FQDN between two different domains

Posted on 2006-11-08
11
340 Views
Last Modified: 2010-03-18
I have two different sites connected via an IPSec LAN to LAN VPN.  I am able to browse shares, printers, terminal services etc but only by IP and FQDN.  At each site there is a dns server and that resolves names for the internet and LAN resources local to each site.  the DNS set up has forwarders pointing to each office DNS server, and I have added secondary zones which are copies of the others primary zones, but still I can only ping by FQDN.  eg ping server1 timesout, ping server1.domain.com gets a reply.

I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!

Thanks
0
Comment
Question by:markithomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 17903937
is this tunnel using software or hardware?
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 17904515
Try and configure Reverse lookup zones also, and see how it goes.

CHeers
0
 

Author Comment

by:markithomas
ID: 17904965
the tunnel is a hardware tunnel
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:markithomas
ID: 17905072
I created reverse zone but can only create a stub zone, it won't create a secondary and still can only ping to the server.domain.com

Thanks
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 17905238
A reverse lookup zone won't help you anything here. Your problem is that the client doesn't know which DNS suffixes it should check.
One way is to add the DNS suffix of the respective other domain on the clients in the Advanced settings of the TCP/IP properties (in the DNS tab). Make sure you add the client's own primary domain suffix in the list as first entry. Test this on a client before you roll it out.
Another possibility, if the host names in both domains are unique, is to use a WINS server for each site (and let the clients point to it) and let them replicate with each other.
0
 

Author Comment

by:markithomas
ID: 17905476
thanks, that seems to work after a quick test, is there a way to update the dns suffixes automatically with dhcp?  I don't fancy changing all the machines individually.  I don't fancy the idea of WINS, it seems a bit retro, like going back to NT 4 but if thats what it takes then thats what it needs.
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 17905952
look in the settings of the Hardware and make sure icmp is turned on.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17906290
Not with DHCP, sorry; this applies to Server 2003, but might work with XP clients as well:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785

If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553

As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as  you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 19406880
split points :)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question