Having problem in multiple DNZ zone resolution in domain FQDN ?


I am having problem in multiple DNS resolution on my Windows AD domain with multiple DNS zones.

The domain I have:
domain.com - Unix BIND server primary (this is our email domain as well) managed by Solaris server
domainAD.com - AD domain name and the domainAD.com is managed by Windows AD-DNS integrated

Solaris DNS server which holds domain.com primary zone can transfer the data into the Domain Controllers which host the domain.com as secondary and domainAD.com as the primary.

I cannot ping server1 but with server1.domainAD.com works fine (server1 is Windows Server 2003/2008 domain joined)

I don't know why I must include the FQDN for every query and servername that I type otherwise it won't resolve to the proper IP
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
kevinhsiehConnect With a Mentor Commented:
In order to be able to ping via just the host name, you will need both domain.com and domainAD.com in the DNS suffix search list. Under Unix it is managed in /etc/resolve.conf. You can add domain.com as a search suffix using group policies for your Windows machines.
Darius GhassemCommented:
Where are you trying to ping from?
Senior IT System EngineerIT ProfessionalAuthor Commented:
from the Windows domain it failed

as well as the linux/solaris server --> but this doesn't really matter as solaris machine must type FQDN anyway to get to windows.
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Darius GhassemCommented:
Post ipconfig /all from the Windows box.

Make sure you have DNS Suffix listed
kevinhsiehConnect With a Mentor Commented:
Sorry, it's /etc/resolv.conf for Unix.

Article ID: 294785 - Last Review: February 17, 2009 - Revision: 9.0
New group policies for DNS in Windows Server 2003

These group policies are at the following location:
Computer Configuration/Administrative Templates/Network/DNS Client

"DNS Suffix Search List
This setting determines which DNS suffixes to attach to an unqualified single-label name before you submit a DNS query for that name. An unqualified single-label name contains no dots, for example "example". This name is different from a fully qualified domain name (FQDN), for example "example.microsoft.com".

With this setting is enabled, when a user submits a query for a single-label name, such as "example", a local DNS client attaches a suffix, such as "microsoft.com". As a result, the query is changed to "example.microsoft.com" before the query is sent to a DNS server.

If you enable the DNS Suffix Search List setting, you can specify the DNS suffixes to attach before the query for an unqualified single-label name is submitted. The values of the DNS suffixes in this setting may be set using comma-separated strings, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com". One DNS suffix is attached for each submission of a query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the left value and preceding to the right.

If you enable this setting, you must specify at least one suffix. If you disable this setting, then the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. If this setting is not configured, then it is not applied to any computers and computers use their local configuration. The value of this policy may be set to the comma-separated strings of DNS suffixes. If the policy is enabled there must be at least one DNS suffix specified.

The value of this policy may be set to the comma-separated strings of DNS suffixes. Do not use spaces between the comma-separated DNS suffixes. If you add spaces, only the first DNS suffix will be applied. "

Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, it seems if the Windows DNS is hosting multiple zones no matter what, FQDN is a must to resolve properly.
Windows 2008 DNS servers have the ability to resolve unqualified queries using a new zone called GlobalNames, but all entries must be static, so you couldn't pull the zone information from BIND.

You may want to check it out.
Senior IT System EngineerIT ProfessionalAuthor Commented:
ah that sounds cool Kevin. But having to update the entry manually is too much overhead of course.

Thanks for the suggestion.
All Courses

From novice to tech pro — start learning today.