Solved

Can only ping by FQDN between two different domains

Posted on 2006-11-08
11
342 Views
Last Modified: 2010-03-18
I have two different sites connected via an IPSec LAN to LAN VPN.  I am able to browse shares, printers, terminal services etc but only by IP and FQDN.  At each site there is a dns server and that resolves names for the internet and LAN resources local to each site.  the DNS set up has forwarders pointing to each office DNS server, and I have added secondary zones which are copies of the others primary zones, but still I can only ping by FQDN.  eg ping server1 timesout, ping server1.domain.com gets a reply.

I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!

Thanks
0
Comment
Question by:markithomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 17903937
is this tunnel using software or hardware?
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 17904515
Try and configure Reverse lookup zones also, and see how it goes.

CHeers
0
 

Author Comment

by:markithomas
ID: 17904965
the tunnel is a hardware tunnel
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 

Author Comment

by:markithomas
ID: 17905072
I created reverse zone but can only create a stub zone, it won't create a secondary and still can only ping to the server.domain.com

Thanks
0
 
LVL 85

Accepted Solution

by:
oBdA earned 250 total points
ID: 17905238
A reverse lookup zone won't help you anything here. Your problem is that the client doesn't know which DNS suffixes it should check.
One way is to add the DNS suffix of the respective other domain on the clients in the Advanced settings of the TCP/IP properties (in the DNS tab). Make sure you add the client's own primary domain suffix in the list as first entry. Test this on a client before you roll it out.
Another possibility, if the host names in both domains are unique, is to use a WINS server for each site (and let the clients point to it) and let them replicate with each other.
0
 

Author Comment

by:markithomas
ID: 17905476
thanks, that seems to work after a quick test, is there a way to update the dns suffixes automatically with dhcp?  I don't fancy changing all the machines individually.  I don't fancy the idea of WINS, it seems a bit retro, like going back to NT 4 but if thats what it takes then thats what it needs.
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 17905952
look in the settings of the Hardware and make sure icmp is turned on.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 17906290
Not with DHCP, sorry; this applies to Server 2003, but might work with XP clients as well:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785

If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553

As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as  you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 19406880
split points :)
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question