Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS Forwarders

Posted on 2013-06-12
15
Medium Priority
?
362 Views
Last Modified: 2013-06-14
Hello Guys.. I have 2 domain controllers in my test lab on windows server 2003 (dc): techlabtest.com(acts as dns server) and test.com(acts as dns server)...Dns has already been configured on each of them.

On Techlabtest:
ip address: 192.168.1.2
subnet: 255.255.255.0
gateway: 192.168.1.1 (from my isp)
dns: 192.168.1.2 ( this dc acts as my dns server)

On Test.com:
ip address: 192.168.1.4
subnet: 255.255.255.0
gateway: 192.168.1.1
dns: 192.168.1.4 (this dc acts as my dns server)

I have configure both forward and reverse lookup zone on each domain controllers.  From any client for the different domain i can resolve my server name etc etc...means so far it's ok...

Now i need to configure a trust relationship between Techlabtest.com and Test.com...I think before i do that i need to configure forwarders something like that or conditional forwarders.
Please help me on that..
So far on Test.com command prompt...i type nslookup serverone i.e the computer name of my domain controller Techlabtest.com, it can't resolve...i want it to resolve...and vice versa..

Please help....
Thanks
0
Comment
Question by:techlabtest
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 9

Expert Comment

by:vaderj
ID: 39242254
If i recall, you have to go into the DNS service configuration and in the properties of the server configure it to propagate or allow reading from one server to another.  Unfortunatly i dont have access to an AD DNS server at the moment
0
 

Author Comment

by:techlabtest
ID: 39242261
R u talking about forwarders?
0
 
LVL 9

Expert Comment

by:vaderj
ID: 39242280
What I'm taking about is more like replication which might be better in your circumstance - so instead of forwarding the request, the server handles it itself because it has the entry from the original dns server
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 9

Expert Comment

by:vaderj
ID: 39242284
0
 

Author Comment

by:techlabtest
ID: 39242311
Is there any other solution apart from replication?
0
 
LVL 4

Expert Comment

by:rajivkumar07
ID: 39242336
First of all, You are on the same network. You should be able to ping both DCs from each other just fine. Can you?

Turn ur firewalls off. If you cant!

If I understood it correctly, on each DC, you are pointing to its own DNS. Right?

You dont need forwarder at this time if you dont wanna have a redundant DNS server to resolve the queries or you wanna access internet.

Just create a trust and see the output.
0
 
LVL 9

Expert Comment

by:vaderj
ID: 39242380
I just reread your description and correct me if I am wrong:

You have two separate AD domains, each with their own, single, DC running Win2k3(R2?).
Each domain accesses the same internet gateway, but both domains are on the same subnet. If their Domain functional level is Win2k, I would consider raising to Win2k3.
I also believe that all you should need to do, as long as they are in the same forest (you may need to configure this) then settings up the interdomain two-way trust should be enough
0
 
LVL 41

Expert Comment

by:footech
ID: 39242946
You need to configure it so that each DC can resolve the information for the other domain.  This can be done a few different ways:
 - set up forwarders to the other domain's DNS for that particular domain name
 - configure secondary zones (and allow transfers from the other domain's DNS)
 - configure stub zones (which point at the other domain's DNS)
My first choice would be stub zones, since they can update their information automatically if the nameservers on the other side change.  Second choice would be forwarders, and third would be secondary zones.

On Test.com DNS, create stub zone for TechLabtest.com and point it at 192.168.1.2.  Then do the reverse for the TechLabTest domain.
0
 

Author Comment

by:techlabtest
ID: 39245285
Thanks all for your comments...Only creating a trust wont be enough...Definitely, i need to configure dns (which i don't like) ...What i want? From my test.com domain, i want to resolve domain name of the other server i.e Techlabtest.com and vice versa..

Footech...your comments seems to be ok..Can you please give me the steps how to do it as i very weak in dns....

Thanks...
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 39245401
To create the stub zone.
Right-click Forward Lookup Zone > New Zone > next > Select Stub zone > Leave replication scope at default - "to all dns servers running on domain controllers in this domain" > enter the name of the domain for zone name > enter IP of the DC/DNS for domain name entered on the previous window, you can uncheck the box for "use the above servers to create a local list of master servers" (it'll work either way) > Finish.
Do the same on the other domain, just changing the domain (zone) name and IP used.
0
 

Author Comment

by:techlabtest
ID: 39246886
Footech:  still note working..can't resolve techlabtest on test

Thanks
0
 
LVL 41

Expert Comment

by:footech
ID: 39247075
If it's not working there was a mistake made.  Can you please provide screenshots of the stub zones from both sides?
0
 

Author Comment

by:techlabtest
ID: 39247279
Yes..i need to reload it...

From serverone i.e techlabtest domain, when i do nslookup test.com, it resolves...and from the other it dont work..
Please see attached file.

Thanks
DNS.rtf
0
 
LVL 41

Expert Comment

by:footech
ID: 39248220
OK.  Looks like you did everything right.  According to your screenshot, from test.com DC techlabtest.com resolves just fine, it's just not returning the local IP.  Most likely this is due to caching.  Try clearing the DNS server cache on test.com (or you could just reboot the DC).
0
 

Author Comment

by:techlabtest
ID: 39248507
Yes you r right.  Excellent.  Thanks a lot
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question