<div>
You need to create a Stub Zone and SRV Records of the other Forest.
</div>


<div>
&gt; The nslookup to that DC only works when we use the FQDN or the new IP of it, the access to shared folders in that DC using \\ also <br />
&gt;&nbsp;only works with the FQDN or new IP, mapping also. Ping works fine.<br />
<br />
Either:<br />
<br />
1. Your DNS Suffix Search List does not contain their domain name (without that you will not get the IP back using host name only for the remote domain).<br />
<br />
Or:<br />
<br />
2. You use WINS (as erniebeek suggests) and you need to fix that.<br />
<br />
Chris
</div>


<div>
erniebeek WINS is not been used.
</div>


<div>
Just thinking out loud here.<br />
<br />
Normally the network connections auto appends the primary and connection specific DNS suffixes for unqualified names (and also parent suffixes of the primary). Might have a look in that direction.
</div>


<div>
<br />
Agreed. You might run:<br />
<br />
ipconfig /all<br />
<br />
Check if that includes the DNS suffix for the server name you expect to resolve.<br />
<br />
Chris
</div>


<div>
Jbond2010 there's already a secondary forward zone configured for the other Forest.
</div>


<div>
<br />
If that didn't exist you wouldn't be able to resolve the FQDN either. It's very unlikely to be a problem with the DNS server.<br />
<br />
Chris
</div>


<div>
Chris-Dent the DNS Suffixes are included in the list, As I said, every configuration in DNS it's ok. The IP's, the suffixes, the zones, but somehow the nslookup, \\ and mapping still fails. it looks like this three tasks are looking for the old IP to run.
</div>


<div>
One other thing I did not read: did you check the hosts file (windows\system32\drivers\<wbr />etc\hosts)<wbr />?
</div>


<div>
erniebeek, we did change the hosts file, it had the old IP and we did change to the new one. In fact I thought that would be the solution to the problem, but didn't solve also.
</div>


<div>
<br />
None of them will work if the suffix is not appending.<br />
<br />
Can you run:<br />
<br />
nslookup -d servername<br />
<br />
It will show you a lot, but most importantly it will show you the process of appending each of the suffixes you have configured on the system and the response it gets to the associated query. In the output from this you're interested in a number of fields:<br />
<br />
rcode<br />
Questions<br />
Answers<br />
<br />
If you cannot find a question that includes the FQDN of the server in that output you need to check the suffixes again. If you can find the right question, but the RCode says NXDOMAIN (doesn't exist), then you need to check the DNS servers your system is using.<br />
<br />
Chris
</div>


<div>
<br />
\\ and mapping will use Hosts, nslookup will not. I advise you avoid using Hosts entirely unless you're really stuck because it only makes maintenance of this harder.<br />
<br />
Chris
</div>


<div>
As long as we're brainstorming: Do you happen to have policies in effect pushing DNS settings?
</div>


<div>
Chris Dent, when I make the nslookup -d to the DC in the other forest (the one that IP was changed)<br />
<br />
C:\Windows\system32&gt;nslook<wbr />up -d changedIPserver<br />
------------<br />
Got answer:<br />
&nbsp; &nbsp; HEADER:<br />
&nbsp; &nbsp; &nbsp; &nbsp; opcode = QUERY, id = 1, rcode = NOERROR<br />
&nbsp; &nbsp; &nbsp; &nbsp; header flags: &nbsp;response, auth. answer, want recursion, recursion avail.<br />
&nbsp; &nbsp; &nbsp; &nbsp; questions = 1, &nbsp;answers = 1, &nbsp;authority records = 0, &nbsp;additional = 0<br />
<br />
&nbsp; &nbsp; QUESTIONS:<br />
&nbsp; &nbsp; &nbsp; &nbsp; 112.91.168.192.in-addr.arp<wbr />a, type = PTR, class = IN<br />
&nbsp; &nbsp; ANSWERS:<br />
&nbsp; &nbsp; -&gt; &nbsp;112.91.168.192.in-addr.arp<wbr />a<br />
&nbsp; &nbsp; &nbsp; &nbsp; name = myserver.mydomain.co.ao<br />
&nbsp; &nbsp; &nbsp; &nbsp; ttl = 1200 (20 mins)<br />
<br />
------------<br />
Server: &nbsp;myserver.mydomain.co.ao<br />
Address: &nbsp;192.168.xx.xxx<br />
<br />
DNS request timed out.<br />
&nbsp; &nbsp; timeout was 2 seconds.<br />
timeout (2 secs)<br />
------------<br />
Got answer:<br />
&nbsp; &nbsp; HEADER:<br />
&nbsp; &nbsp; &nbsp; &nbsp; opcode = QUERY, id = 3, rcode = NOERROR<br />
&nbsp; &nbsp; &nbsp; &nbsp; header flags: &nbsp;response, auth. answer, want recursion, recursion avail.<br />
&nbsp; &nbsp; &nbsp; &nbsp; questions = 1, &nbsp;answers = 0, &nbsp;authority records = 1, &nbsp;additional = 0<br />
<br />
&nbsp; &nbsp; QUESTIONS:<br />
&nbsp; &nbsp; &nbsp; &nbsp; changedIPserver.mydomain.c<wbr />o.ao, type = AAAA, class = IN<br />
&nbsp; &nbsp; AUTHORITY RECORDS:<br />
&nbsp; &nbsp; -&gt; &nbsp;mydomain.co.ao<br />
&nbsp; &nbsp; &nbsp; &nbsp; ttl = 3600 (1 hour)<br />
&nbsp; &nbsp; &nbsp; &nbsp; primary name server = myserver.mydomain.co.ao<br />
&nbsp; &nbsp; &nbsp; &nbsp; responsible mail addr = hostmaster.mydomain.co.ao<br />
&nbsp; &nbsp; &nbsp; &nbsp; serial &nbsp;= 9406<br />
&nbsp; &nbsp; &nbsp; &nbsp; refresh = 900 (15 mins)<br />
&nbsp; &nbsp; &nbsp; &nbsp; retry &nbsp; = 600 (10 mins)<br />
&nbsp; &nbsp; &nbsp; &nbsp; expire &nbsp;= 86400 (1 day)<br />
&nbsp; &nbsp; &nbsp; &nbsp; default TTL = 900 (15 mins)<br />
<br />
------------<br />
*** Request to myserver.mydomain.co.ao timed-out<br />
<br />

</div>


<div>
erniebeek no DNS Policies at all.
</div>


<div>
<br />
We want it to get as far as this don't we?<br />
<br />
changeIPserver.remotedomai<wbr />n.com<br />
<br />
If so, you need to head to the DNS server and check the status of that Secondary zone. Refresh it, you might find it has expired. If the IP of the master has changed and the configuration of the secondary is not updated it will eventually end up in that state.<br />
<br />
Chris
</div>


<div>
Chris, couldn't the issue be related to something in the trust? maybe the change of IP caused something there and now nslookup, \\ and mapping are been afected.<br />
<br />
After the IP change I did validate the Trust successfully but maybe something is wrong. Could it be?
</div>


<div>
Have you tried running Dcdiag and Netdiag?
</div>


<div>
<br />
&gt;&nbsp;couldn't the issue be related to something in the trust? <br />
<br />
Not really, no. Name resolution operates on a different layer. You might bump into problems actually getting to \\server, but it'd come up as an authentication failure rather than a name resolution failure.<br />
<br />
Chris
</div>


<div>
JBond I did run DCdiag and dcdiag fix in all DC's no problems found.
</div>


<div>
Chris, I dont think is an authentication problem because \\ works fine if I use the IP of the server or its FQDN. 
</div>


<div>
That tells us the trust is fine.<br />
<br />
That the FQDN works does suggest that name resolution works.<br />
<br />
What else do you have in your suffix search list? I'm curious why we're getting a timeout when using nslookup.<br />
<br />
Chris
</div>


<div>
Because only half of the problem was solved.
</div>


<div>
<div class="content wysiwyg-content">
Hi. A client of our company has a Trust between two forests. The trust was ok and the two domains were working without any problem. <br />
<br />
Then the DC of one of the trusted domains had a NIC problem and the IT administrator of our Client decided to enable the other NIC in the server and also changed the IP. <br />
<br />
We did fix all DNS problems that arose after that IP change in the DC but there's a situation that we couldn't fix. <br />
<br />
The nslookup to that DC only works when we use the FQDN or the new IP of it, the access to shared folders in that DC using \\ also only works with the FQDN or new IP, mapping also. Ping works fine.<br />
<br />
We did cleared the DNS cache, flushed, reloaded, restarted but nothing did work. There are no more references to the old IP of that server in the DNS or anywhere else.<br />
<br />
We want to be able to make nslookup, \\ and mapping using the name of the server not only the FQDN or IP. <br />
<br />
I hope I was clear. Thanks.
</div>
</div>


Hi. A client of our company has a Trust between two forests. The trust was ok and the two domains were working without any problem. 

Then the DC of one of the trusted domains had a NIC problem and the IT administrator of our Client decided to enable the other NIC in the server and also changed the IP. 

We did fix all DNS problems that arose after that IP change in the DC but there's a situation that we couldn't fix. 

The nslookup to that DC only works when we use the FQDN or the new IP of it, the access to shared folders in that DC using \\ also only works with the FQDN or new IP, mapping also. Ping works fine.

We did cleared the DNS cache, flushed, reloaded, restarted but nothing did work. There are no more references to the old IP of that server in the DNS or anywhere else.

We want to be able to make nslookup, \\ and mapping using the name of the server not only the FQDN or IP. 

I hope I was clear. Thanks.

IP change in Domain Controller of a Trusted Forest

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.