Configuring DNS on a branch office DC not working

Firstly, yes, I have read a few other threads on this issue but I am still having issues and hoped for direct help.

I need to prepare a DC for a branch office, about 50 users, over in Europe.  We are a US based company with 125 users.

Issue:  I created a new DC in a new subnet for the branch office.  DNS does not import the AD DNS information for forward lookup zones.  It only shows the reverse lookup zones.  When I create a new DC on my own network and install DNS it usually has all DNS information already populated from the AD.

Config:  Main site:  2 DC's running WIndows 2003 Server w/ AD integrated DNS. 192.168.200.x network.
New site:  DC is built as a VMware virtual machines on ESX 3.5.  172.20.20.x network.  Cheap home router being used to interlink both networks until new Checkpoint firewalls arrive.
Here's what I have done so far:
1, created a new Site in the AD.
2, I created a new subnet of 172.20.20.0/24 in the Sites container.
3, in the Inter-Sites Transport I modified the DEFAULTIPSITELINK to include both sites
4, built a 2003 server on my ESX 3.5 server.  IP address 172.20.20.7
5, configured a 2nd IP address in the 172.20.20.x net on the nic for my main site DC(192.168.200.7).  Why?  This was needed to allow bidirectional communication since I am using a cheap home router.  This allowed my main site DC to ping the new DC in a different subnet.  I verified both servers could ping each other before continuing.
6, installed DNS, WINS and DHCP on new server that will become DC for new site.
7, DCPromo'ed new server(172.20.20.7) to become new DC for new site
When I open DNS, all that shows is the reverse lookup zones.  If I try to create a zone with the same name it tells me that there is already a zone with that name.
After a few hours of troubleshooting, I gave up and DCpromoed the box back down to a server and tried again with same results.

Question time:
1st, Is a single domain with 2 sites the correct path to go down to minimize site to site traffic? (we will have 4mb connection and they have 2mb)
2nd, If yes, am I going about configuring DNS the correct way?  Should I see all DNS information show up on my new DC and something just is not working correctly OR is this the way it works if a DC is in another subnet and I have to configure that site manually?????

Thanks!!
Relay700Asked:
Who is Participating?
 
tismetooConnect With a Mentor Commented:
The answers to questions 1 and 2 are probably yes:
Single domain with 2 sites sounds correct - although would need to know a lot more about your org to be sure.
DNS sounds like it is set up correctly.
I think the issue you have is putting the 172. address on your primary DC. Sites and Services shows the DC as being still in the main site, but the 172 address may be confusing the issue.
Stick with the correct addressing and verify the routing is working correctly on the cheap router. Then use replmon to see what is going on with replication of the domaindns zone. DCDIAG may also point us in the direction of the issue if you can post the results.
0
 
Relay700Author Commented:
Our Checkpoint firewalls have arrived so we will try to put the real stuff in place and see if that helps.

Primary question though is whether or not DNS should reflect the entire zone, including Forward Lookup zones.  Should it look the same as our primary site's DNS or does this need to be configured dirrerently?
0
 
tismetooCommented:
Depends if the forward lookup zones are AD integrated or not - if they are then the new DC should have the same zones. If they aren't AD integrated you will have to set up stub or secondary zones to ensure they land on the new DC.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Relay700Author Commented:
Thanks for your help so far!

Update:  We have installed a Checkpoint UTM firewall and configured a VPN tunnel between the two networks as it will be in the real world.  No difference in the DNS.  We removed DNS again and dcpromoed the new DC back to a member server.  Rebooted and then installed DNS and dcpromoed back to a DC with no change in results.
All I get in the DNS is just the reverse lookup zones and not the forward lookup zones.
Routing appears to be fine as their are no DNS errors and the DC's can easily ping each other via IP, name and FQDN.

Any other ideas???????
0
 
Relay700Author Commented:
BTW, our DNS zones are AD integrated.
0
 
tismetooConnect With a Mentor Commented:
What is dcdiag showing for the new DC?

Use the replmon util and find out what the status of the domaindns partition is. What happens when you try and synchronise domaindns from each DC?
0
 
Relay700Author Commented:
DCdiag all tests pass.
dcdiag /test:DNS shows only a root server error but all tests pass.

Working on the replmon now.

Thanks for help!
0
 
Relay700Author Commented:
replmon shows all replication working correctly.
A forced replication specifically with DomainDNSZones shows attempt was successful.
0
 
tismetooCommented:
Replication successful from both sides - ie. performed from each server - branch and HQ? And they still don't show in the DNS server console?
0
 
Relay700Author Commented:
Update:  Something we did seemed to have corrected it.
I came in the morning to find that it is now showing a Forward Lookup Zone n the DNS console.

Thanks for all you help!!!!
0
 
Relay700Author Commented:
THanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.