Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Resolution in Child Domain

Posted on 2009-05-13
4
Medium Priority
?
518 Views
Last Modified: 2012-05-06
I'm running a Windows 2003 SP2 Environment with a newly created child domain. I'm having issues with DNS resolution from my parent - child domain. I can ping child domain workstations (from parent domain) using their IP address or by Fully qualified domain name. I'm unable to ping via netbios name though.

On the other hand I'm able to ping netbios names from the child - parent domain. I don't think that I have setup DNS correctly in the child domain and DNS isn't one of my strengths. Can someone point me in the right direction? Any ideas on what would be causing this? Thank you!
0
Comment
Question by:bsc77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24374728

Hey,

It's working exactly as it should.

To be able to resolve by Host Name only the client system must have one of two things configured:

1. A DNS Suffix Search List that includes each domain you want to search.

Typically the client will have a Primary DNS Suffix of "domain.com", so when you ping "host" you get a reply from host.domain.com. The suffix is automatically appended by the DNS Client.

So when you ping "HostInChild" then to have it resolve by host name alone you would need a DNS Suffix of "child.domain.com" so the query becomes "HostInChild.child.domain.com".

You can see the current DNS Suffix Search List by typing "ipconfig /all".

The DNS Suffix Search list can be configured in a number of places. Manually under TCP/IP settings, Advanced and DNS. Or through Group Policy.

2. A WINS Server or Relayed Broadcast

WINS holds a database of all names in a network (they have to register with the WINS server in the same way as with DNS). You can ping by host name only if you can resolve the name using WINS.

Alternatively you can relay Broadcast (although I cannot possible recommend you do). The system will craft a "Who Has <Name>" request and spam it to the entire network, hoping for a response.

Other stuff: GlobalNames

If you happen to be using Windows 2008 you can enable GlobalNames support which allows resolution by host name only to every host configured in the GlobalNames zone. But I bet you're not using 2008?

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24374794

Oops... forgot to include the location of the Group Policy.

You will find it under:

Computer Configuration \ Administrative Templates \ Network \ DNS Client

There's a policy called "DNS Suffix Search List".

Then if your PC had a Primary DNS Suffix of domain.com, and a DNS Suffix Search List of "child1.domain.com,child2.domain.com" it would lookup the IP as follows:

nslookup host

nslookup tries: host.domain.com
nslookup tries: host.child1.domain.com
nslookup tries: host.child2.domain.com

The order is important if you have hosts of the same name across domains.

I forgot to mention resolution up the tree. In TCP/IP settings / Advanced / DNS there is an option (a tick box) that allows a client to search parent domains. The text is "Append parent suffixes of the primary DNS suffix". That makes the client do this:

Primary DNS Suffix: child1.domain.com

nslookup host

nslookup tries: host.child1.domain.com
nslookup tries: host1.domain.com

It doesn't try host.com, there's a setting that limits that buried in the registry.

Chris
0
 

Author Comment

by:bsc77
ID: 24375069
Thank you so much Chris, that worked like a charm. Just added the suffix's in my network connection and I'm golden! Have a great day, thanks again.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question