?
Solved

DNS for 2003/2008 trust

Posted on 2013-06-06
5
Medium Priority
?
389 Views
Last Modified: 2013-06-09
I am creating a trust between two domains over a vpn. The ports seem to be ok but I am unable to lookup the remote domain. The forwarders are in place. When I do an nslookup on one domain and set the server as the other domain it gives me the below and then fails to return details for a machine that I know exists on the remote network.

> server 192.168.0.1
192.168.0.1in-addr.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server:  [192.168.0.1]
Address:  192.168.0.1
0
Comment
Question by:Sid_F
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Andrej Pirman earned 2000 total points
ID: 39224915
First, open ports.
Inbound port TCP 53 (for zone transfer) and UDP 53 (for dns query) should be opened on server firewall.

Then use nslookup, for example:
192.168.0.1 / server1 = you
192.168.0.2 / server2 = the other server

nslookup
lserver 192.168.0.2
server 2
#should return answer
xy machine name
# shoul return IP of that machine, if not, then XY machine might not have an entry in server2 DNS zone

Open in new window

0
 
LVL 6

Author Comment

by:Sid_F
ID: 39225004
Ok I have those ports open. Any idea why I get the output from my original post as normally when I use the command

nslookup
server 192.168.0.1

it will return the server name or else fail but not sure why the output shows?
0
 
LVL 41

Expert Comment

by:footech
ID: 39228465
That's weird.  It appears the output includes an SOA record when you change which name server you're using.  I haven't been able to duplicate what you're seeing and I've never heard of that happening before.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39229141
Doh ports were not opened correctly on both sides! working now thanks
0
 
LVL 18

Expert Comment

by:Andrej Pirman
ID: 39233485
Great to hear you solved the problem!

BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using

So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)

And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com


you get the correct answer:
Server:  first.dns.com
Address:  1.1.1.1

Non-authoritative answer:
Name:    third.dns.com
Address:  1.2.3.4


Then you switch to bad.dns.com
server bad.dns.com

and query for third.dns.com again:
third.dns.com

you get timeout!

Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com

it will fail, because, the LAST DNS does not answer - it is bad!

But if you would continue with
lserver first.dns.com

it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question