Solved

DNS for 2003/2008 trust

Posted on 2013-06-06
5
388 Views
Last Modified: 2013-06-09
I am creating a trust between two domains over a vpn. The ports seem to be ok but I am unable to lookup the remote domain. The forwarders are in place. When I do an nslookup on one domain and set the server as the other domain it gives me the below and then fails to return details for a machine that I know exists on the remote network.

> server 192.168.0.1
192.168.0.1in-addr.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server:  [192.168.0.1]
Address:  192.168.0.1
0
Comment
Question by:Sid_F
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Andrej Pirman earned 500 total points
ID: 39224915
First, open ports.
Inbound port TCP 53 (for zone transfer) and UDP 53 (for dns query) should be opened on server firewall.

Then use nslookup, for example:
192.168.0.1 / server1 = you
192.168.0.2 / server2 = the other server

nslookup
lserver 192.168.0.2
server 2
#should return answer
xy machine name
# shoul return IP of that machine, if not, then XY machine might not have an entry in server2 DNS zone

Open in new window

0
 
LVL 6

Author Comment

by:Sid_F
ID: 39225004
Ok I have those ports open. Any idea why I get the output from my original post as normally when I use the command

nslookup
server 192.168.0.1

it will return the server name or else fail but not sure why the output shows?
0
 
LVL 40

Expert Comment

by:footech
ID: 39228465
That's weird.  It appears the output includes an SOA record when you change which name server you're using.  I haven't been able to duplicate what you're seeing and I've never heard of that happening before.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39229141
Doh ports were not opened correctly on both sides! working now thanks
0
 
LVL 18

Expert Comment

by:Andrej Pirman
ID: 39233485
Great to hear you solved the problem!

BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using

So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)

And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com


you get the correct answer:
Server:  first.dns.com
Address:  1.1.1.1

Non-authoritative answer:
Name:    third.dns.com
Address:  1.2.3.4


Then you switch to bad.dns.com
server bad.dns.com

and query for third.dns.com again:
third.dns.com

you get timeout!

Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com

it will fail, because, the LAST DNS does not answer - it is bad!

But if you would continue with
lserver first.dns.com

it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question