Solved

Having problem in multiple DNZ zone resolution in domain FQDN ?

Posted on 2011-09-06
8
369 Views
Last Modified: 2012-06-27
Hi,

I am having problem in multiple DNS resolution on my Windows AD domain with multiple DNS zones.

The domain I have:
domain.com - Unix BIND server primary (this is our email domain as well) managed by Solaris server
domainAD.com - AD domain name and the domainAD.com is managed by Windows AD-DNS integrated

Solaris DNS server which holds domain.com primary zone can transfer the data into the Domain Controllers which host the domain.com as secondary and domainAD.com as the primary.

I cannot ping server1 but with server1.domainAD.com works fine (server1 is Windows Server 2003/2008 domain joined)

I don't know why I must include the FQDN for every query and servername that I type otherwise it won't resolve to the proper IP
0
Comment
  • 3
  • 3
  • 2
8 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36489283
Where are you trying to ping from?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 36489371
from the Windows domain it failed

as well as the linux/solaris server --> but this doesn't really matter as solaris machine must type FQDN anyway to get to windows.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36489437
Post ipconfig /all from the Windows box.

Make sure you have DNS Suffix listed
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 36489593
In order to be able to ping via just the host name, you will need both domain.com and domainAD.com in the DNS suffix search list. Under Unix it is managed in /etc/resolve.conf. You can add domain.com as a search suffix using group policies for your Windows machines.
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 500 total points
ID: 36491013
Sorry, it's /etc/resolv.conf for Unix.

Article ID: 294785 - Last Review: February 17, 2009 - Revision: 9.0
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/kb/294785

These group policies are at the following location:
Computer Configuration/Administrative Templates/Network/DNS Client

...
"DNS Suffix Search List
This setting determines which DNS suffixes to attach to an unqualified single-label name before you submit a DNS query for that name. An unqualified single-label name contains no dots, for example "example". This name is different from a fully qualified domain name (FQDN), for example "example.microsoft.com".

With this setting is enabled, when a user submits a query for a single-label name, such as "example", a local DNS client attaches a suffix, such as "microsoft.com". As a result, the query is changed to "example.microsoft.com" before the query is sent to a DNS server.

If you enable the DNS Suffix Search List setting, you can specify the DNS suffixes to attach before the query for an unqualified single-label name is submitted. The values of the DNS suffixes in this setting may be set using comma-separated strings, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com". One DNS suffix is attached for each submission of a query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the left value and preceding to the right.

If you enable this setting, you must specify at least one suffix. If you disable this setting, then the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries. If this setting is not configured, then it is not applied to any computers and computers use their local configuration. The value of this policy may be set to the comma-separated strings of DNS suffixes. If the policy is enabled there must be at least one DNS suffix specified.

The value of this policy may be set to the comma-separated strings of DNS suffixes. Do not use spaces between the comma-separated DNS suffixes. If you add spaces, only the first DNS suffix will be applied. "

...
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 36587938
ok, it seems if the Windows DNS is hosting multiple zones no matter what, FQDN is a must to resolve properly.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36589064
Windows 2008 DNS servers have the ability to resolve unqualified queries using a new zone called GlobalNames, but all entries must be static, so you couldn't pull the zone information from BIND.

You may want to check it out.
http://www.petri.co.il/windows-DNS-globalnames-zone.htm
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 36590980
ah that sounds cool Kevin. But having to update the entry manually is too much overhead of course.

Thanks for the suggestion.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question