Solved

DNS Forwarders

Posted on 2013-06-12
15
358 Views
Last Modified: 2013-06-14
Hello Guys.. I have 2 domain controllers in my test lab on windows server 2003 (dc): techlabtest.com(acts as dns server) and test.com(acts as dns server)...Dns has already been configured on each of them.

On Techlabtest:
ip address: 192.168.1.2
subnet: 255.255.255.0
gateway: 192.168.1.1 (from my isp)
dns: 192.168.1.2 ( this dc acts as my dns server)

On Test.com:
ip address: 192.168.1.4
subnet: 255.255.255.0
gateway: 192.168.1.1
dns: 192.168.1.4 (this dc acts as my dns server)

I have configure both forward and reverse lookup zone on each domain controllers.  From any client for the different domain i can resolve my server name etc etc...means so far it's ok...

Now i need to configure a trust relationship between Techlabtest.com and Test.com...I think before i do that i need to configure forwarders something like that or conditional forwarders.
Please help me on that..
So far on Test.com command prompt...i type nslookup serverone i.e the computer name of my domain controller Techlabtest.com, it can't resolve...i want it to resolve...and vice versa..

Please help....
Thanks
0
Comment
Question by:techlabtest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 8

Expert Comment

by:vaderj
ID: 39242254
If i recall, you have to go into the DNS service configuration and in the properties of the server configure it to propagate or allow reading from one server to another.  Unfortunatly i dont have access to an AD DNS server at the moment
0
 

Author Comment

by:techlabtest
ID: 39242261
R u talking about forwarders?
0
 
LVL 8

Expert Comment

by:vaderj
ID: 39242280
What I'm taking about is more like replication which might be better in your circumstance - so instead of forwarding the request, the server handles it itself because it has the entry from the original dns server
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 8

Expert Comment

by:vaderj
ID: 39242284
0
 

Author Comment

by:techlabtest
ID: 39242311
Is there any other solution apart from replication?
0
 
LVL 4

Expert Comment

by:rajivkumar07
ID: 39242336
First of all, You are on the same network. You should be able to ping both DCs from each other just fine. Can you?

Turn ur firewalls off. If you cant!

If I understood it correctly, on each DC, you are pointing to its own DNS. Right?

You dont need forwarder at this time if you dont wanna have a redundant DNS server to resolve the queries or you wanna access internet.

Just create a trust and see the output.
0
 
LVL 8

Expert Comment

by:vaderj
ID: 39242380
I just reread your description and correct me if I am wrong:

You have two separate AD domains, each with their own, single, DC running Win2k3(R2?).
Each domain accesses the same internet gateway, but both domains are on the same subnet. If their Domain functional level is Win2k, I would consider raising to Win2k3.
I also believe that all you should need to do, as long as they are in the same forest (you may need to configure this) then settings up the interdomain two-way trust should be enough
0
 
LVL 40

Expert Comment

by:footech
ID: 39242946
You need to configure it so that each DC can resolve the information for the other domain.  This can be done a few different ways:
 - set up forwarders to the other domain's DNS for that particular domain name
 - configure secondary zones (and allow transfers from the other domain's DNS)
 - configure stub zones (which point at the other domain's DNS)
My first choice would be stub zones, since they can update their information automatically if the nameservers on the other side change.  Second choice would be forwarders, and third would be secondary zones.

On Test.com DNS, create stub zone for TechLabtest.com and point it at 192.168.1.2.  Then do the reverse for the TechLabTest domain.
0
 

Author Comment

by:techlabtest
ID: 39245285
Thanks all for your comments...Only creating a trust wont be enough...Definitely, i need to configure dns (which i don't like) ...What i want? From my test.com domain, i want to resolve domain name of the other server i.e Techlabtest.com and vice versa..

Footech...your comments seems to be ok..Can you please give me the steps how to do it as i very weak in dns....

Thanks...
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39245401
To create the stub zone.
Right-click Forward Lookup Zone > New Zone > next > Select Stub zone > Leave replication scope at default - "to all dns servers running on domain controllers in this domain" > enter the name of the domain for zone name > enter IP of the DC/DNS for domain name entered on the previous window, you can uncheck the box for "use the above servers to create a local list of master servers" (it'll work either way) > Finish.
Do the same on the other domain, just changing the domain (zone) name and IP used.
0
 

Author Comment

by:techlabtest
ID: 39246886
Footech:  still note working..can't resolve techlabtest on test

Thanks
0
 
LVL 40

Expert Comment

by:footech
ID: 39247075
If it's not working there was a mistake made.  Can you please provide screenshots of the stub zones from both sides?
0
 

Author Comment

by:techlabtest
ID: 39247279
Yes..i need to reload it...

From serverone i.e techlabtest domain, when i do nslookup test.com, it resolves...and from the other it dont work..
Please see attached file.

Thanks
DNS.rtf
0
 
LVL 40

Expert Comment

by:footech
ID: 39248220
OK.  Looks like you did everything right.  According to your screenshot, from test.com DC techlabtest.com resolves just fine, it's just not returning the local IP.  Most likely this is due to caching.  Try clearing the DNS server cache on test.com (or you could just reboot the DC).
0
 

Author Comment

by:techlabtest
ID: 39248507
Yes you r right.  Excellent.  Thanks a lot
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question