Link to home
Start Free TrialLog in
Avatar of Meshman333
Meshman333

asked on

Forest trusts and DNS

Hi!   I'm trying to establish a forest trust, 2 way between 2 forests on our network.  I know my DNS isn't configured properly for this.

I have mydomain.com, our existing domain and a new one called mydomain.ca.  I need to add a conditional forwarder to each DNS server so one forest will resolve to the other (I assume).  So I go to mydomain.com's DNS server and try to add a forwarder to our new domain.  I enter mydomain.ca and the internal address for its DNS server.  It tells me the specified DNS server is not authoritative for this domain.  Well, it is.  However I'm wondering if it's trying to resolve the public address of mydomain.ca.

This is where I get confused, between public and private addressing.  How does it know the difference?  If I do an nslookup of mydomain.ca from mydomain.com, it returns an external address.  If I do the same thing from within mydomain.ca, I get an internal address.  

I guess my question is, how do I properly get mydomain.com to see mydomain.ca as an internal address and not an external one so I can add the forwarder?

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Tony Massa
Tony Massa
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Meshman333
Meshman333

ASKER

" I would enter the conditional forwarder using the internal/LAN IP address of the DNS server for mydomain.ca and see if that helps."

That's what I'm trying to do.  I'm on the DNS server for mydomain.com.  I choose to add a forwarder.  I enter the domain name "mydomain.ca" and for an IP, the internal address 192.168.72.13.  When it tries to resolve it tells me this DNS server is not authoritative for this domain.  But it is...  It's the primpary DNS server and AD FSMO role holder for mydomain.ca.

"dnscmd /ZoneAdd mydomain.ca /DsForwarder 192.168.1.2.251 192.168.1.3"

What are the trailing IP's for?

Thanks!
"dnscmd /ZoneAdd mydomain.ca /DsForwarder 192.168.1.2.251 192.168.1.3"

Strange, this worked.  I created the trust no problem after this.  Thanks!  (dont' know why it wouldn't work in the GUI)