Solved

DNS for 2003/2008 trust

Posted on 2013-06-06
5
380 Views
Last Modified: 2013-06-09
I am creating a trust between two domains over a vpn. The ports seem to be ok but I am unable to lookup the remote domain. The forwarders are in place. When I do an nslookup on one domain and set the server as the other domain it gives me the below and then fails to return details for a machine that I know exists on the remote network.

> server 192.168.0.1
192.168.0.1in-addr.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server:  [192.168.0.1]
Address:  192.168.0.1
0
Comment
Question by:Sid_F
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Andrej Pirman earned 500 total points
Comment Utility
First, open ports.
Inbound port TCP 53 (for zone transfer) and UDP 53 (for dns query) should be opened on server firewall.

Then use nslookup, for example:
192.168.0.1 / server1 = you
192.168.0.2 / server2 = the other server

nslookup
lserver 192.168.0.2
server 2
#should return answer
xy machine name
# shoul return IP of that machine, if not, then XY machine might not have an entry in server2 DNS zone

Open in new window

0
 
LVL 5

Author Comment

by:Sid_F
Comment Utility
Ok I have those ports open. Any idea why I get the output from my original post as normally when I use the command

nslookup
server 192.168.0.1

it will return the server name or else fail but not sure why the output shows?
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
That's weird.  It appears the output includes an SOA record when you change which name server you're using.  I haven't been able to duplicate what you're seeing and I've never heard of that happening before.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
0
 
LVL 5

Author Comment

by:Sid_F
Comment Utility
Doh ports were not opened correctly on both sides! working now thanks
0
 
LVL 18

Expert Comment

by:Andrej Pirman
Comment Utility
Great to hear you solved the problem!

BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using

So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)

And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com


you get the correct answer:
Server:  first.dns.com
Address:  1.1.1.1

Non-authoritative answer:
Name:    third.dns.com
Address:  1.2.3.4


Then you switch to bad.dns.com
server bad.dns.com

and query for third.dns.com again:
third.dns.com

you get timeout!

Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com

it will fail, because, the LAST DNS does not answer - it is bad!

But if you would continue with
lserver first.dns.com

it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now