Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS name resolution issue

Posted on 2011-03-07
9
Medium Priority
?
364 Views
Last Modified: 2012-05-11
I have two DNS server, is also a global catalog server both in different forest, so
DC1 = FOREST 1, domain name = domain-1.com
DC2 = FOREST 2, domain name = domain-2.com
I have a primary AD integrated zone for domain-1.com in DC1 &
I have a primary AD integrated zone for domain-2.com in DC2
I added domain-1.com as secondary zone in DC2 &
I added domain-2.com as secondary zone in DC1

I have one host A record called “me > 10.240.42.110” in domain-1.com
My WS is residing in domain-2.com when I try to resolve – nslookup me ; I don’t get IP associated with it.

How can I make this configuration work so I am able to resovle the name to IP and IP to name using the secondary dns.
0
Comment
Question by:immipathan
8 Comments
 
LVL 3

Expert Comment

by:dmf415
ID: 35063010
make sure the computer you are using that is doing the nslookup has both DNS servers configured in the tcp/ip properties.
0
 
LVL 6

Accepted Solution

by:
Draxonic earned 1336 total points
ID: 35063171
dmf415, he doesn't need both DNS servers configured if he has both zones on both servers (excepting of course that it's good to have redundancy)

Try pinging "me.domain-1.com" instead of just pinging "me"

If that works, configure the DNS suffix search order on the client to domain-2.com, domain-1.com.

You will then be able to ping "me" without the suffix.


0
 
LVL 6

Assisted Solution

by:Draxonic
Draxonic earned 1336 total points
ID: 35063194
Also, to resolve IP to name, you will need a reverse DNS zone for the address space.

http://support.microsoft.com/kb/323445
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 23

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 664 total points
ID: 35063553
Draxonic is correct. You'll need to setup the DNS suffix search list on all the computers. You can do this through group policy. http://technet.microsoft.com/en-us/library/bb847901.aspx
0
 
LVL 27

Expert Comment

by:Steve
ID: 35072161
@immipathan

The problem here is that you are trying to look up a DNS record for 'me.domain-1.com' by typing 'me'
When resolving individual names/addresses, the system automatically ads the correct domain name to the end of it to create a FQDN.

As you are performing the lookup on the DNS server that looks after the domain 'domain-2-com' you are effectively looking for a record called 'me.domain-2.com' which doesn't exist, instead of me.domain-1.com

Either add the secondary DNS suffix as advised above or add a DNS record for me to the domain-2.com DNS and point it to the IP of me.domain-1.com
0
 
LVL 23

Expert Comment

by:Jeremy Weisinger
ID: 35072225
"...or add a DNS record for me to the domain-2.com DNS and point it to the IP of me.domain-1.com"

I wouldn't recommend doing this for two reasons:
1) The administrative overhead of manually creating DNS records for all computers in the other domain and there would be the potential for confusion as to where the computer is administered

2) Computer names would need to be unique across both domains and thus also increasing the administrative burden.
0
 
LVL 6

Expert Comment

by:Draxonic
ID: 35194393
immipathan, were we able to answer your question?
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 35489734
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question