techlabtest
asked on
DNS Forwarders
Hello Guys.. I have 2 domain controllers in my test lab on windows server 2003 (dc): techlabtest.com(acts as dns server) and test.com(acts as dns server)...Dns has already been configured on each of them.
On Techlabtest:
ip address: 192.168.1.2
subnet: 255.255.255.0
gateway: 192.168.1.1 (from my isp)
dns: 192.168.1.2 ( this dc acts as my dns server)
On Test.com:
ip address: 192.168.1.4
subnet: 255.255.255.0
gateway: 192.168.1.1
dns: 192.168.1.4 (this dc acts as my dns server)
I have configure both forward and reverse lookup zone on each domain controllers. From any client for the different domain i can resolve my server name etc etc...means so far it's ok...
Now i need to configure a trust relationship between Techlabtest.com and Test.com...I think before i do that i need to configure forwarders something like that or conditional forwarders.
Please help me on that..
So far on Test.com command prompt...i type nslookup serverone i.e the computer name of my domain controller Techlabtest.com, it can't resolve...i want it to resolve...and vice versa..
Please help....
Thanks
On Techlabtest:
ip address: 192.168.1.2
subnet: 255.255.255.0
gateway: 192.168.1.1 (from my isp)
dns: 192.168.1.2 ( this dc acts as my dns server)
On Test.com:
ip address: 192.168.1.4
subnet: 255.255.255.0
gateway: 192.168.1.1
dns: 192.168.1.4 (this dc acts as my dns server)
I have configure both forward and reverse lookup zone on each domain controllers. From any client for the different domain i can resolve my server name etc etc...means so far it's ok...
Now i need to configure a trust relationship between Techlabtest.com and Test.com...I think before i do that i need to configure forwarders something like that or conditional forwarders.
Please help me on that..
So far on Test.com command prompt...i type nslookup serverone i.e the computer name of my domain controller Techlabtest.com, it can't resolve...i want it to resolve...and vice versa..
Please help....
Thanks
vaderj
If i recall, you have to go into the DNS service configuration and in the properties of the server configure it to propagate or allow reading from one server to another. Unfortunatly i dont have access to an AD DNS server at the moment
ASKER
R u talking about forwarders?
What I'm taking about is more like replication which might be better in your circumstance - so instead of forwarding the request, the server handles it itself because it has the entry from the original dns server
ASKER
Is there any other solution apart from replication?
First of all, You are on the same network. You should be able to ping both DCs from each other just fine. Can you?
Turn ur firewalls off. If you cant!
If I understood it correctly, on each DC, you are pointing to its own DNS. Right?
You dont need forwarder at this time if you dont wanna have a redundant DNS server to resolve the queries or you wanna access internet.
Just create a trust and see the output.
Turn ur firewalls off. If you cant!
If I understood it correctly, on each DC, you are pointing to its own DNS. Right?
You dont need forwarder at this time if you dont wanna have a redundant DNS server to resolve the queries or you wanna access internet.
Just create a trust and see the output.
I just reread your description and correct me if I am wrong:
You have two separate AD domains, each with their own, single, DC running Win2k3(R2?).
Each domain accesses the same internet gateway, but both domains are on the same subnet. If their Domain functional level is Win2k, I would consider raising to Win2k3.
I also believe that all you should need to do, as long as they are in the same forest (you may need to configure this) then settings up the interdomain two-way trust should be enough
You have two separate AD domains, each with their own, single, DC running Win2k3(R2?).
Each domain accesses the same internet gateway, but both domains are on the same subnet. If their Domain functional level is Win2k, I would consider raising to Win2k3.
I also believe that all you should need to do, as long as they are in the same forest (you may need to configure this) then settings up the interdomain two-way trust should be enough
You need to configure it so that each DC can resolve the information for the other domain. This can be done a few different ways:
- set up forwarders to the other domain's DNS for that particular domain name
- configure secondary zones (and allow transfers from the other domain's DNS)
- configure stub zones (which point at the other domain's DNS)
My first choice would be stub zones, since they can update their information automatically if the nameservers on the other side change. Second choice would be forwarders, and third would be secondary zones.
On Test.com DNS, create stub zone for TechLabtest.com and point it at 192.168.1.2. Then do the reverse for the TechLabTest domain.
- set up forwarders to the other domain's DNS for that particular domain name
- configure secondary zones (and allow transfers from the other domain's DNS)
- configure stub zones (which point at the other domain's DNS)
My first choice would be stub zones, since they can update their information automatically if the nameservers on the other side change. Second choice would be forwarders, and third would be secondary zones.
On Test.com DNS, create stub zone for TechLabtest.com and point it at 192.168.1.2. Then do the reverse for the TechLabTest domain.
ASKER
Thanks all for your comments...Only creating a trust wont be enough...Definitely, i need to configure dns (which i don't like) ...What i want? From my test.com domain, i want to resolve domain name of the other server i.e Techlabtest.com and vice versa..
Footech...your comments seems to be ok..Can you please give me the steps how to do it as i very weak in dns....
Thanks...
Footech...your comments seems to be ok..Can you please give me the steps how to do it as i very weak in dns....
Thanks...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Footech: still note working..can't resolve techlabtest on test
Thanks
Thanks
If it's not working there was a mistake made. Can you please provide screenshots of the stub zones from both sides?
ASKER
Yes..i need to reload it...
From serverone i.e techlabtest domain, when i do nslookup test.com, it resolves...and from the other it dont work..
Please see attached file.
Thanks
DNS.rtf
From serverone i.e techlabtest domain, when i do nslookup test.com, it resolves...and from the other it dont work..
Please see attached file.
Thanks
DNS.rtf
OK. Looks like you did everything right. According to your screenshot, from test.com DC techlabtest.com resolves just fine, it's just not returning the local IP. Most likely this is due to caching. Try clearing the DNS server cache on test.com (or you could just reboot the DC).
ASKER
Yes you r right. Excellent. Thanks a lot