Solved

Trying to perform short name name resolution for a subdomain

Posted on 2013-11-01
3
733 Views
Last Modified: 2014-01-02
A few members of my team are trying to address a use case where a user can type in the short name of server such as host1 and have it properly resolve to the FQDN/IP.  They do not want to use domain suffix at the client side.  Here is what they are trying to do exactly ---

ping host1 and get the IP address back as it is listed in lab.domain.com

host1.lab.domain.com exist in a zone on the DNS server and there is another primary zone of domain.com as well.

The client host has a FQDN of client.domain.com and the client uses the DNS server that is authorative for domain.com as well as lab.domain.com.

host1 lives in the lab.domain.com zone only.  Without using domain suffix at the client side, it would stand to reason to me that if the client where to try ping host1 from the command line that they would not get resolution.  If they used just domain.com as the suffix still nothing and finally if they included domain suffix lab.domain.com they would get a resolution.

My teammates believe they can achieve the level of functionality by eliminating domain suffix on the NIC and then using stubzones or secondary zones - their efforts have been unsuccessful.   I personally think they cannot get this done using those methods and would instead have to use suffix at the client side -- unless they wanted to hack BIND --- which is not what we are using.  This is a Windows DNS environment.

Can anyone offer any correction to my thinking and a possible resolution to provide the level of functionality desired.

Thanks,

Scott
0
Comment
Question by:BladesAway
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Assisted Solution

by:alicain
alicain earned 250 total points
ID: 39617272
As you alluded, perhaps the easiest way to do achieve this this is with an additional search suffix on the DNS tab of TCPIP settings on the clients network connection.  

In "Append these DNS suffixes" place:
domain.com
lab.domain.com

The resolver on the client will first attempt to resolved in domain.com and if/when that fails, it will go on to append lab.domain.com

You could also do this from the DNS server side by configuring selective forwarding to forward all requests to "lab.domain.com" to the DNS server that is authoritative for that zone.

Regards,
Alastair.
0
 
LVL 5

Expert Comment

by:alicain
ID: 39617312
and of course I should have included: that depending on the environment, it would be possible to create a delegation in domain.com for the zone lab.domain.com and which would allow names to be resolved via recursion.

But that may or may not be possible, for example if you want to maintain some separation between the environments, e.g. between production and lab networks.
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 39619283
I see only two ways that this would be possible.

The first is as alicain mentioned, which is for the client to append the correct DNS suffix.  This could be configured through Group Policy or even DHCP option.  Configuring forwarders or delegation would have no effect though, at least not without the proper DNS suffix at the client.  A couple reasons - 1) you mentioned that the DNS server is authoritative for both zones, so the query would never be forwarded on to another server, and; 2) even if the DNS server that is initially queried is only authoritative for the domain.com zone, unless the client made a query for host1.lab.domain.com, the server is never going to send the query on to another server.  One last thing about DNS suffixes - if the primary DNS suffix is lab.domain.com, with DNS devolution the client (if I remember right this is enabled by default in Win7+)  will automatically first query for host1.lab.domain.com and then (assuming it didn't get a hit), query for host1.domain.com.

The second way would be through the use of NetBIOS name resolution or WINS.  This means that the hostname would have to be unique in the environment.  You couldn't have both host1.domain.com and host1.lab.domain.com and expect it to work.  Essentially this is taking the DNS suffix completely out of the equation.

I know I said earlier that I see only two ways, but there are other, more manual methods that you could use for small numbers of hosts that you want it to work.  If all you care is that a query reaches the right IP, if you create an A record for host1 in the domain.com zone that points to the IP of host1.lab.domain.com it will work.  Also, you could create a CNAME record for host1 in the domain.com zone and point it at host1.lab.domain.com.

EDIT:  I wanted to mention one other option, that is similar to the NetBIOS/WINS option, but uses DNS.  If your DNS servers are 2008+, you can set up a GlobalNames zone and configure records in there.  This would be a manual process as well where you configure CNAME records in the zone for the resources desired.
http://technet.microsoft.com/en-us/library/cc816610(v=ws.10).aspx
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question