Solved

DNS for 2003/2008 trust

Posted on 2013-06-06
5
386 Views
Last Modified: 2013-06-09
I am creating a trust between two domains over a vpn. The ports seem to be ok but I am unable to lookup the remote domain. The forwarders are in place. When I do an nslookup on one domain and set the server as the other domain it gives me the below and then fails to return details for a machine that I know exists on the remote network.

> server 192.168.0.1
192.168.0.1in-addr.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server:  [192.168.0.1]
Address:  192.168.0.1
0
Comment
Question by:Sid_F
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Andrej Pirman earned 500 total points
ID: 39224915
First, open ports.
Inbound port TCP 53 (for zone transfer) and UDP 53 (for dns query) should be opened on server firewall.

Then use nslookup, for example:
192.168.0.1 / server1 = you
192.168.0.2 / server2 = the other server

nslookup
lserver 192.168.0.2
server 2
#should return answer
xy machine name
# shoul return IP of that machine, if not, then XY machine might not have an entry in server2 DNS zone

Open in new window

0
 
LVL 6

Author Comment

by:Sid_F
ID: 39225004
Ok I have those ports open. Any idea why I get the output from my original post as normally when I use the command

nslookup
server 192.168.0.1

it will return the server name or else fail but not sure why the output shows?
0
 
LVL 40

Expert Comment

by:footech
ID: 39228465
That's weird.  It appears the output includes an SOA record when you change which name server you're using.  I haven't been able to duplicate what you're seeing and I've never heard of that happening before.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39229141
Doh ports were not opened correctly on both sides! working now thanks
0
 
LVL 18

Expert Comment

by:Andrej Pirman
ID: 39233485
Great to hear you solved the problem!

BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using

So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)

And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com


you get the correct answer:
Server:  first.dns.com
Address:  1.1.1.1

Non-authoritative answer:
Name:    third.dns.com
Address:  1.2.3.4


Then you switch to bad.dns.com
server bad.dns.com

and query for third.dns.com again:
third.dns.com

you get timeout!

Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com

it will fail, because, the LAST DNS does not answer - it is bad!

But if you would continue with
lserver first.dns.com

it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question