create a Host/Pointer record for a server on another VLAN

First, please clarify for me if you really are talking about VLANs (as in virtual LAN's used to segment broadcast traffic within a single location), or are you talking about locations connected via VPN tunnels?  I assume the latter since you discuss locations, but the way you asked the question I could be assuming wrong.

If you are talking about multiple locations connected via a secure tunnel, such as IPSEC VPN extending your LAN to a "VLAN", all you need to do is point workstations to an AD integrated DNS server, or a DNS server that is slaving off an AD DNS server.  All of the 2008 servers register themselves in DNS.

If you are talking about VLAN in the traditional sense, do you have the servers set up with multiple IP addresses and belonging to multiple VLAN segments, or with a single IP and belonging to a single VLAN segment?  The former could present problems for TCP/IP since the server would be required to register all of it's IP addresses in DNS and DNS would need to respond properly based on which VLAN is querying for the IP (NetBIOS won't care as it is broadcast based).  I am not personally aware of this capability within Microsoft DNS server.  If the latter, proceed as directed above -- all workstations pointing to AD DNS (of course workstations will then route traffic between VLAN segments to communicate with the server).

Strictly speaking from a design perspective, I would give the server a single IP address and run inter-VLAN routing for workstations utilizing that server resource.

DNS would be the way to go with Name resolution in any network. Now if you don't have DNS servers internally then you can install host files on all of your clients which is not the way to go. You can also setup WINS to have name resolution but DNS is the best way to go and it can be setup pretty easy.

They are all VLANs connected via VPN Tunnels

Each one of our branch servers handle their own DNS. Not sure if that helps.

If the clients are pointing to internal DNS servers only and the internal DNS server are replicating with the each other then you should not have any issues but they must be replicating the zones to each other.

I can ping to the server by name from inside the all the PC on that subnet. However I cannot ping by name to that server from another subnet. I made sure that on the main DNS server the forwarders are setup correctly.

OK.

First, let me step back from one of my assumptions and specifically state that all servers should be part of the same AD forest.  Exact design of your AD tree will depend on your organization, but don't go down the path of having 18 independent servers each as the root of 18 independent forests.

Servers should belong to a single VLAN at the site where it is located, and routing properly configured.  Workstations need to point to an AD integrated DNS server.  Since you have 18 sites and 18 servers, you will probably want each sever to be a DC and a DNS server for the location (I say probably because in a few environments this would not be the right design).  First DC (which will be the forest DC if you have multiple domains in your forest) should be at corporate -- or whatever you refer to as the "main" location.  All domain A records should be visible from this DNS server.

Here is some useful info on replication in Microsoft DNS that you may need, depending on how you design your AD.

http://technet.microsoft.com/en-us/library/cc772101.aspx

The forwarders are not the issue. If the other DNS server's are part of your same domain then you need to have zones created for each DNS zone on your network on your local DNS server and setup replication between them. This will allow the replication of DNS records between the subnets

Forwarders?  Sounds like you are not running a single forest, or you don't have your replication scope broad enough.

forgive me I am new at all this. Currently we have a domain X that all of our staff are running on, we also serve the public which are not domain X. Each location has their own server and subnet so that the public PC's can get IP addresses and print. That is all they are for, for now.

Our main VLAN on our network is VLAN 3903, with a subnet of 192.168.27.X. All of our main servers including AD, File Servers, Exchange and several others, are located.

The one server we just upgraded from Linux to windows is called THserv, which is on VLAN 3905 with a subnet of 192.168.13.X. We are going to be upgrading 17 more locations, all with the same VLAN but subnets ranging from 192.168.2.X to 192.168.19.X.

I am trying to ping thserv from my PC which is on 192.168.27.X and on VLAN 3903. I can ping by IP but not by name.

Thank you for the further description.

Since you have established that you can ping by IP address, we know that all of your VLAN trunking and routing is working properly.  You cannot ping by name, which leads us to DNS.

As you serve the public and internal, you obviously have to deal with DNS security related to public zones and internal zones.  No problem.

You still most likely want your severs to all be part of the same AD forest.  Like you said, the servers are for DHCP and print sharing "for now".  I have to assume you have future plans since deploying a server just for these would be serious overkill.  If the site servers are intended for public use, it makes sense (based on the very limited information I have about your network) that all VLAN 3905 servers would be one domain, and all VLAN 3903 servers on another domain (all part of the same forest).  If designing from scratch you would likely not have much in the root domain, but given where you are at right now you might decide to leave all "internal" systems in the root domain and put all "public" systems in the new domain.

By setting DNS scope correctly, you can have your 3903 systems aware of the full extent of DNS (allowing you to ping THserv by name).  For security, your 3905 systems would be limited in DNS scope to the current domain only -- don't want public folks poking around with internal addresses.


IF you do not want to go this route, another solution would be to manually set up a new DNS domain on your servers in VLAN 3903, then manually create host (A) records for the new servers you are deploying.  I don't advocate this as a good engineering solution though.

I think I might have just circled you back around to your original question (hope not).  You would create a new DNS domain and a new host record via DNS manager in Windows -- assuming you are using Windows as your DNS servers.

Do a ipconfig /all for your computer and a computer in a different subnet and post results please.

Results from my PC

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

J:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : IT
        Primary Dns Suffix  . . . . . . . : poldom
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : poldom

Ethernet adapter Wireless Network Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
        Physical Address. . . . . . . . . : 00-22-5F-60-44-FB

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Con
nection
        Physical Address. . . . . . . . . : 00-21-70-D5-24-AF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.27.172
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.27.1
        DNS Servers . . . . . . . . . . . : 192.168.27.20
                                            192.168.27.10

J:\>

Results from a PC on another subnet

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\admin>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : Public
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : HHnet

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : HHnet
        Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethern
et
        Physical Address. . . . . . . . . : 00-23-AE-78-75-84
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.4.247
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.4.1
        DHCP Server . . . . . . . . . . . : 192.168.4.2
        DNS Servers . . . . . . . . . . . : 192.168.4.2
                                            192.168.27.10
        Lease Obtained. . . . . . . . . . : Thursday, July 02, 2009 12:13:46 PM
        Lease Expires . . . . . . . . . . : Wednesday, July 08, 2009 12:13:46 PM


C:\Documents and Settings\admin>

Have you set up the AD and DNS scopes as above, or manually configured a new A record in the DNS servers for the "public" VLAN?

They both use two different DNS Suffixes which is a problem when you try to ping a name called computer because it will apply the DNS suffix to computer to make it computer.domain.com

On our main DNS server I have created forwarders to each of the new servers, and still cannot ping by name.

Are you pinging by fully qualified domain name (FQDN)?

The forwarders will not work when you have multiple domains use the FQDN like mds-cos said. If you are running on different domains then you need to setup a secondary DNS zone the servers.