DNS forwarders

jskfan
jskfan used Ask the Experts™
on
DNS forwarders

I have DNS server in Domain1
I have DNS server in Domain2
2 domains are separate with no trust, just network connectivity.

Users workstations are connected to domain1, whenthe try to resolve names for computers that are domain2, they cannot.
Although in DNS of the domain1 I put under forwarders tab the IP address of the DNS located in Domain2.

any idea why this is happening?

thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Henrik JohanssonSystems engineer
Top Expert 2008
Commented:
Is the clients trying to resolve client2 or client2.domain2.local (with our without DNS-suffix).
If not adding DNS-suffix, the query will try to use the DNS Suffix Search List on the client (domain1.local and the query fails).

Author

Commented:
clients are members of Domain1.
something like Client1.Domain1.com ,client2.Domain1.com
There are servers in Domain2 ex: Server1.Domain2.com , Server2.Domain.com

From any clients in Domain1, I can ping any server in Domain2 by IP address, but can't ping it by name.
although in Domain1/Forwarders I added the IP address of the DNS of Domain2.
in my thoughts, when a client from Domain1 queries by name a server from Domain2, it will not get resolved by DNS of the DOmain1, but this DNS will forward the query to the DNS of Domain2 then the Domain2 should respond back to DNS of Domain1 and DNS of DOmain1 then gives the response to the client of Domain1. this is called a Non-authoritative response.


bluntTonyHead of ICT
Top Expert 2009

Commented:
Yes you are correct. If forwarding is set up correctly, the process shoudl happen like this:
1. A client in Domain1 attempts to resolve client.domain2.local. It asks it's local DNS server to do this.
2. The local DNS server cannot answer this question so it forwards the query to the DNS server in Domain2.
3. The DNS server in Domain2 answers the question and passes this back to the DNS server in Domain1, which in turn passes this to the client.
When you specified the DNS server of Domain2 as a forwarder, did you specifically state this as a forwarder just for Domain2?
What about connectivity between the two domains? From the DNS server in Domain1, try the following command:
nslookup client.domain2.local dnsserver.domain2.local
(where the first argument is a client machine in domain2, and the second the DNS server in domain2)
This will prove if you have DNS comms between the two servers.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
on the following link, it says tick the chech box "Enable forworders", but I don't see it in my DNS server properties/Forwarder, maybe they are referring to windwos 2000, and I am using windows 2003.

http://www.petri.co.il/images/w2k_dns12.gif
bluntTonyHead of ICT
Top Expert 2009

Commented:
To enable forwarding, you need to:
1. In the DNS console, right-click the server > Properties > Forwarders Tab
2. Add the domain name for which you want to forward queries
3. Enter the IP address for the DNS server in that domain.
(see screenshot)
 

forwader.JPG

Author

Commented:
bluntTony:

I didn't add domain name just the IP address of the DNS server in the Domain2.
do you think that could cause an issue???
I have network connectivity, which mings I can ping by ip the DNS in Domain2.
================
That been said...... I have touched anything and now it works just fine i can ping/Nslookup by name and IP, I am not sure what was blocking the request by name.

Author

Commented:
sorry .....

No  network connectivity problem, which means I can ping by  ip the DNS in Domain2.
================
That been said...... I have not touched anything and now it  works just fine i can ping and Nslookup by name and IP, I am not sure what was blocking the request by name
Head of ICT
Top Expert 2009
Commented:
Hi there,
If you simply added the IP of the other DNS server as a forwarder, then that means that ALL queries your DNS server cannot answer will be forwarded to the DNS server in Domain2. So it would actually work, but it also means that any queries for internet resources are also being passed to the DNS server in Domain2, and then in turn being passed on to internet DNS servers.
A typical setup you would use is:
1. Configure the forwarder for 'All other DNS domains' to be your ISP's DNS server.
2. Configure a forwarder for Domain2.local and point it to the IP of the DNS server in Domain2.
(and obviously do the opposite on the server in Domain2)
This would be the most efficient setup.

Author

Commented:
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial