Resolve network short names between two trusted domains in a forest

Posted on 2011-10-26
Last Modified: 2012-08-21
I have two Windows 2003 domains in a 2-way trusted forest which can resolve fully qualified domain names but cannot resolve short names.  The DNS servers in each domain has a conditional forwarder setup which point to the IP address of the DNS server(s) in the opposite domain.

The previous administrator of "Domain B" had created a reverse lookup zone for "Domain A".  In his reverse lookup zone he created two PTR records for one of my servers (we'll call ServerX)
One of the PTR records is shown as and the other PTR record is shown as  Both resolve to the same IP address in domain A  and allow him to resolve the short name for ServerX.

All well and good for ServerX unless the IP address were changed and it doesnt' do much good for any computer that doesn't have a statically assigned IP.  

I started to setup a secondary zone on each side pointing to the opposite side but couldn't do so because conditional forwardars with the same name were already in place.  I could set the secondary zones up with a different name but would rather ensure that I am going about this the right way before setting anything up.

End result I would like short names resolving for both domains from the opposite domain.  

Question by:DavidWilkins
    LVL 3

    Expert Comment

    You will not be able to setup secondary zones with the same name as a conditional forwarder in place with the same name as the name is everything - it has to be the name that clients are going to look for. SO having a secondary zone with a different name won't do anything.

    "All well and good for ServerX unless the IP address were changed and it doesnt' do much good for any computer that doesn't have a statically assigned IP."

    As a server should have a statically set IP, why is it likely to change? Clients shouldn't have a statically assigned IP unless they are printers, servers or other dedicated hardware. Clients should receive their DNS Servers from the DHCP service so chaning the server IP would also be changed in the DHCP so that it can be used as a DNS server.

    Using conditional forwarding for the two domains e.g. domain.a and domain.b with the correct DNS server entries will resolve FQDN names as it is using the clients registered domain suffix. The alternative would be to setup zone transfers between the two domains, ideally a stub zone.

    So a Foward stub zone for domain.b on Domain Server A and a stub zone for domain.a on Domain Server B. As they are stub zones they cannot be updated by clients not in their native domain or changed by the other domain's server. You can also create reverse stub zones. This would allow the servers to be authoritative for the trusted domain. You would get increased replication traffic by doing this.

    You may want to setup scavenging of stale records to match the DHCP lease on the domain servers to ensure that no stale records are in place in the primary zones that get transferred to the stub zones.
    LVL 1

    Author Comment

    As stated in my first post I had already come to the conclusion that you cannot create a secondary zone with the same name as conditional forwarder that is already in place.

    The IP addresses of our servers, routers, printers and the like are static and not "likely" to change.  The IP addresses of client machines are dynamically assigned as they should be.  I was mearly pointing out that the method the previous administrator used  to resolve short names is only good for static IP addresses and in the event (though it is not likely) the static IP address were to be changed..... the short name would no longer resolve correctly.

    I agree that utiling conditional forwarders will resolve fully qualified domain names between the two domains, this is what is currently in place and works just fine to resolve FQDN between domains.

    You mentioned setting up stub zones  Per MS "A stub zone is used to resolve names between separate DNS namespaces which may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces"

    I am trying to resolve a computer's short / netbios name from one domain to the other, that's the reason for this post.  Per you stub zone  suggestion, will I be able to resolve a computer's netbios (short) name in domain a from domain b and vice-versa?   I'm looking for DNS in each domain to be aware of  and keep up to date with DNS entries in the opposite domain.
    LVL 7

    Expert Comment

    why dont you create stub zone on the DNS servers of each sites and these zones will take care of resolving the short names of any computer in the opposite sites.
    LVL 3

    Expert Comment

    David, yes the stub zones will do what you want. As you have a trust relationship between the domains Microsoft's comment about stub zones applies to you if the domains are not child domains.
    LVL 1

    Accepted Solution

    We ended up posing this question directly to Microsoft.  At their advice we used the "Append these DNS suffixes (in order)" option located in the advanced options of the network connection properties. (tcp/ip properties, advanced tcp/ip settings, DNS tab)

    After adding the local domain followed by the remote domain we were able to successfully resolve short names from each PC we configured.  

    I did ask the Microsoft DNS technician about utilizing stub zones to apply the DNS suffixes network wide but they informed me this wouldn't accomplish what we were after.
    LVL 1

    Author Closing Comment

    As recommended by Microsoft

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
    I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now