Solved

DNS Forwarders

Posted on 2013-06-12
15
353 Views
Last Modified: 2013-06-14
Hello Guys.. I have 2 domain controllers in my test lab on windows server 2003 (dc): techlabtest.com(acts as dns server) and test.com(acts as dns server)...Dns has already been configured on each of them.

On Techlabtest:
ip address: 192.168.1.2
subnet: 255.255.255.0
gateway: 192.168.1.1 (from my isp)
dns: 192.168.1.2 ( this dc acts as my dns server)

On Test.com:
ip address: 192.168.1.4
subnet: 255.255.255.0
gateway: 192.168.1.1
dns: 192.168.1.4 (this dc acts as my dns server)

I have configure both forward and reverse lookup zone on each domain controllers.  From any client for the different domain i can resolve my server name etc etc...means so far it's ok...

Now i need to configure a trust relationship between Techlabtest.com and Test.com...I think before i do that i need to configure forwarders something like that or conditional forwarders.
Please help me on that..
So far on Test.com command prompt...i type nslookup serverone i.e the computer name of my domain controller Techlabtest.com, it can't resolve...i want it to resolve...and vice versa..

Please help....
Thanks
0
Comment
Question by:techlabtest
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 8

Expert Comment

by:vaderj
Comment Utility
If i recall, you have to go into the DNS service configuration and in the properties of the server configure it to propagate or allow reading from one server to another.  Unfortunatly i dont have access to an AD DNS server at the moment
0
 

Author Comment

by:techlabtest
Comment Utility
R u talking about forwarders?
0
 
LVL 8

Expert Comment

by:vaderj
Comment Utility
What I'm taking about is more like replication which might be better in your circumstance - so instead of forwarding the request, the server handles it itself because it has the entry from the original dns server
0
 
LVL 8

Expert Comment

by:vaderj
Comment Utility
0
 

Author Comment

by:techlabtest
Comment Utility
Is there any other solution apart from replication?
0
 
LVL 4

Expert Comment

by:rajivkumar07
Comment Utility
First of all, You are on the same network. You should be able to ping both DCs from each other just fine. Can you?

Turn ur firewalls off. If you cant!

If I understood it correctly, on each DC, you are pointing to its own DNS. Right?

You dont need forwarder at this time if you dont wanna have a redundant DNS server to resolve the queries or you wanna access internet.

Just create a trust and see the output.
0
 
LVL 8

Expert Comment

by:vaderj
Comment Utility
I just reread your description and correct me if I am wrong:

You have two separate AD domains, each with their own, single, DC running Win2k3(R2?).
Each domain accesses the same internet gateway, but both domains are on the same subnet. If their Domain functional level is Win2k, I would consider raising to Win2k3.
I also believe that all you should need to do, as long as they are in the same forest (you may need to configure this) then settings up the interdomain two-way trust should be enough
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 39

Expert Comment

by:footech
Comment Utility
You need to configure it so that each DC can resolve the information for the other domain.  This can be done a few different ways:
 - set up forwarders to the other domain's DNS for that particular domain name
 - configure secondary zones (and allow transfers from the other domain's DNS)
 - configure stub zones (which point at the other domain's DNS)
My first choice would be stub zones, since they can update their information automatically if the nameservers on the other side change.  Second choice would be forwarders, and third would be secondary zones.

On Test.com DNS, create stub zone for TechLabtest.com and point it at 192.168.1.2.  Then do the reverse for the TechLabTest domain.
0
 

Author Comment

by:techlabtest
Comment Utility
Thanks all for your comments...Only creating a trust wont be enough...Definitely, i need to configure dns (which i don't like) ...What i want? From my test.com domain, i want to resolve domain name of the other server i.e Techlabtest.com and vice versa..

Footech...your comments seems to be ok..Can you please give me the steps how to do it as i very weak in dns....

Thanks...
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
To create the stub zone.
Right-click Forward Lookup Zone > New Zone > next > Select Stub zone > Leave replication scope at default - "to all dns servers running on domain controllers in this domain" > enter the name of the domain for zone name > enter IP of the DC/DNS for domain name entered on the previous window, you can uncheck the box for "use the above servers to create a local list of master servers" (it'll work either way) > Finish.
Do the same on the other domain, just changing the domain (zone) name and IP used.
0
 

Author Comment

by:techlabtest
Comment Utility
Footech:  still note working..can't resolve techlabtest on test

Thanks
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
If it's not working there was a mistake made.  Can you please provide screenshots of the stub zones from both sides?
0
 

Author Comment

by:techlabtest
Comment Utility
Yes..i need to reload it...

From serverone i.e techlabtest domain, when i do nslookup test.com, it resolves...and from the other it dont work..
Please see attached file.

Thanks
DNS.rtf
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
OK.  Looks like you did everything right.  According to your screenshot, from test.com DC techlabtest.com resolves just fine, it's just not returning the local IP.  Most likely this is due to caching.  Try clearing the DNS server cache on test.com (or you could just reboot the DC).
0
 

Author Comment

by:techlabtest
Comment Utility
Yes you r right.  Excellent.  Thanks a lot
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now