Sid_F
asked on
DNS for 2003/2008 trust
I am creating a trust between two domains over a vpn. The ports seem to be ok but I am unable to lookup the remote domain. The forwarders are in place. When I do an nslookup on one domain and set the server as the other domain it gives me the below and then fails to return details for a machine that I know exists on the remote network.
> server 192.168.0.1
192.168.0.1in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Default Server: [192.168.0.1]
Address: 192.168.0.1
> server 192.168.0.1
192.168.0.1in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Default Server: [192.168.0.1]
Address: 192.168.0.1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's weird. It appears the output includes an SOA record when you change which name server you're using. I haven't been able to duplicate what you're seeing and I've never heard of that happening before.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
Do you get the same output if you change to some other DNS server (for example 8.8.8.8) or is it only when you change to remote DNS over the VPN?
It shouldn't make any difference to this issue (that I can think of), but you might want to set up Stub zones for the other domain instead of Conditional Forwarders since they update their name server info automatically.
ASKER
Doh ports were not opened correctly on both sides! working now thanks
Great to hear you solved the problem!
BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using
So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)
And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com
you get the correct answer:
Server: first.dns.com
Address: 1.1.1.1
Non-authoritative answer:
Name: third.dns.com
Address: 1.2.3.4
Then you switch to bad.dns.com
server bad.dns.com
and query for third.dns.com again:
third.dns.com
you get timeout!
Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com
it will fail, because, the LAST DNS does not answer - it is bad!
But if you would continue with
lserver first.dns.com
it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
BTW...regarding nslookup, there is a difference using command "server" vs. "lserver".
lserver switches to new DNS server, but tries to resolve the given name of new server using the INITIAL DNS server, which was used when you ran nslookup
While server command does the same, except that it resolves the new DNS given server using the LAST dns server you were using
So, let's say, you have:
first.dns.com
bad.dns.com (does not work)
third.dns.com (should resolve to 1.2.3.4)
And you do this in the row:
nslookup (starting, will use "first.dns.com")
set type=a
third.dns.com
you get the correct answer:
Server: first.dns.com
Address: 1.1.1.1
Non-authoritative answer:
Name: third.dns.com
Address: 1.2.3.4
Then you switch to bad.dns.com
server bad.dns.com
and query for third.dns.com again:
third.dns.com
you get timeout!
Then the difference between "lserver" and "server" comes in.
If you continue with:
server first.dns.com
it will fail, because, the LAST DNS does not answer - it is bad!
But if you would continue with
lserver first.dns.com
it will be OK, because nslookup will not use the LAST, but rather the INITIAL dns to resolve "first.dns.com" and this is working.
ASKER
nslookup
server 192.168.0.1
it will return the server name or else fail but not sure why the output shows?