Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 927
  • Last Modified:

a dns server authoritative

Hi
I have a remote site connected to our main site via cisco VPN, I can ping both sites by name and IP Address but when I am trying to get DNS on the remote site to connect to the main site I get the server is not authoritative for the required zone. My DNS server on the main site is working fine it is only a local DNS server, I have checked SOA and it does state that it is the authoritative server. What am I missing as I'm lost now.
Thank you in advance for any help
0
dances1960
Asked:
dances1960
1 Solution
 
rscottvanCommented:
A few questions:

What device are you doing DNS queries from?  
Can you post the network configuration of the relevant devices?  (IP Addresses, Masks, Gateways and DNS servers.  DHCP or fixed IP.)
Is DNS traffic permitted through the tunnel?
0
 
jasonlcssCommented:
Have you checked that all the relevant ports are opened bi-directionally on the cisco?
0
 
dances1960Author Commented:
Hi

the ports on the cisco are open for both sites and i can ping both ip address and dns name, the main site is 192.168.0.0 and the remote is 192.168.10.0 the servers are 192.168.0.15 and remote 192.168.10.235. I can remote desktop from each site to the other.
The gateway in the main office is 192.168.0.86 and remote is 192.168.10.86.
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
rscottvanCommented:
I'm confused...  you said you can ping by name from either end.  That implies DNS resolution is working.  

Your symptom is an error message:  "the server is not authoritative for the required zone"

What do you do that precipitates that error?  (Please be specific, i.e. "I type ping billy.bob from a PC in the main site.  Billy.Bob is a server in the remote site.")

Also, a recap to be sure I have the topology correct...  
Main Site
Router inside IP: 192.168.0.86
DNS Server:  192.168.0.15

Remote Site
Router inside IP:  192.168.10.86
DNS Server:  192.168.10.235

What OS is running on the servers?  
Is this Windows Active Directory?  If yes, are the servers Domain Controllers?
What DNS Domains are hosted on each server?
What DNS Domain is each server in?
0
 
briandunkleCommented:
Are you trying to do a zone transfer, as in the second place is trying to be a secondary dns server for it? If so, you'll need to list both servers as nameservers in the zone file along with allowing transfers from the primary to the secondary.  
0
 
dances1960Author Commented:
Hi
I can ping from either side to the other but when I try to connect the dns from the remote site to main site I get the server is not authoritative message?
I have checked the topology as you asked and it is as stated
the OS on the main site is 2003 DC with AD and the remote site is a 2008 member server which has been on the domain in the main office for a week or too but only while building it, the reason for member server is I was going to use TMG but ended up not being allowed to buy it. should I take the server back to the main office and make it a DC with AD?
In answer to Brain I have the servers names in both zones with transfers allowed but still no joy.

0
 
rscottvanCommented:
"when I try to connect the dns from the remote site"

I don't understand what this means.  

It sounds like you're trying to configure the Server 2003 DC to allow DNS zone transfers to the 2008 member server.  Is that correct?

If yes, in the DNS console on the 2003 server, right-click each zone and select properties.  Click the Zone Transfers tab and fill in the information for the server 2008 server.  Also make sure the far end server is added to the Name Servers tab for each zone.

On the Server 2008 Server, are you setting up the zones as Secondary Zones?  I don't have a server I can play with right in front of me, but if you didn't set it up as secondary zones, you'll need to delete all the zones and re-create them as secondary zones.  Configure each zone to receive updates from the 2003 server.
zone-transfer.JPG
0
 
rscottvanCommented:
After more thought, I imagine you have created the zones on the 2008 server as Primary zones.  Since the server is not a Domain Controller, it cannot be a Primary.  If this is right, delete the zones and re-add them as secondary zones.
0
 
dances1960Author Commented:
hi rscottvan
I have deceided to make this a DC in the main office and then transfer it to the remote office and then try and get the link up, thankyou for all your help so far and I shall report how I went on tomorrow.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now