Solved

DNS server between 2 subnets

Posted on 2013-11-16
17
1,919 Views
Last Modified: 2013-11-16
I have 2 locations with 2 different subnets. There is a VPN setup between them. I have a DC in each one. How do I configure the DNS so that everybody can translate DNS across both subnets?
0
Comment
Question by:WIZU2
  • 8
  • 8
17 Comments
 
LVL 17

Expert Comment

by:BudDurland
Comment Utility
Presuming it's the same Active Directory domain in both sites, and traffic is passing from one end of the VPN to the other, you should just be able to define them both as DNS servers for the domain.

If it's two different domains, then each DNS server should be configured to be a secondary DNS to the other domain.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
everybody can translate DNS across both subnets?
Not getting your question...
If you couild explain \ simplify above please....
0
 

Author Comment

by:WIZU2
Comment Utility
I have a DC in each location. Both running DNS.

Location 1 DNS points to self then forward lookup zone to DNS server in second location and vise versa.

Right now at the 2 site I can ping to host names to computers at the first site. But the first
cant ping by host name to second site.

Also when I browse the network no computers show up on second site and no computers show up from first site

The DNS at both sites have a reverse lookup zone for only first site. Is this the issue?

I added subnets scopes for both sites.
0
 

Author Comment

by:WIZU2
Comment Utility
Also if I try to add a forward lookup zone on first site DNS server to the second site DNS server and it says that it couldn't resolve the host name either though I added an A record on that server??
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
if you have AD, then both dns must have same configuration (same ad integrated forward lookup zone must be at both ends)
Now if you ping hostnames of site 1 from site2, will it resolves to host FQDN or just single label name)
And if you ping hostnames from site2 from site1, RTOs coming with name resolved or any other error coming
0
 

Author Comment

by:WIZU2
Comment Utility
I thought forward lookup zones function so that is the local DNS cant resolve it then forwards to the other DNS server?

If I ping by host name from site 1 to site 2 with FQDN it does resolve??

Should I delete the reverse lookup zone?

Why cant second site see any computers in network locations?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Have you configured forwarder at both dns servers pointing to each other ?
You do not required any forwarder since you have same forward lookup zone at both ends.
no need to delete reverse lookup zone.
how u ping hostnames ?
for ex:
ping server1
what is the reply from both ends if you ping like above ?
0
 

Author Comment

by:WIZU2
Comment Utility
If I ping from first site to the second site

ping WS1    this fails

ping WS1.mydomain.local    this resolves
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
are your dns servers are ad integrated ?
I mean is ur forward lookup zone is active directory integrated ?
0
 

Author Comment

by:WIZU2
Comment Utility
The DNS server is also a DC
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
On both DCs at each site please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues.
Also ensure that at both site DCs set own ip address as preferred dns and another DC ip as a secondary IP address.
Also check WINS tab in advance tcp/ip settings. netbios should be enabled on both DCs
Lastly diable firewall on both DCs
0
 

Author Comment

by:WIZU2
Comment Utility
That worked thanks? I still don't know why at site 2 I don't see any PCs in my network places?

Is it possible in my network places to see all workstations between both subnets?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Are you able to see site 2 computers in my network places on DC2 ?
If not check below servcies on DC
TCP/IP NetBIOS Helper
Computer browser
workstation

It may create problem between two subnets if NetBIOS broadcast is getting blocked between routers or firewalls.
0
 

Author Comment

by:WIZU2
Comment Utility
I cant see any computers even on same subnet....workgroup is not an option either.

These are 2012/2008 servers. I couldn't find TCP/IP helper
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
have you disabled firewall on both dcs?
TCP/IP NetBIOS Helper is the lmhosts service and must be there
please restart all 3 services mentioned above if not started
if you have ant extra unused adapters exists on DCs, please disable them
Open Cmd on both servers and run nbtstat -R & nbtstat -RR
then check if you are able to view computers in my network places..

can u check one thing,
try to telnet from DC to client computers and vice versa on TCP 445 and let me know
please
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
0
 

Author Comment

by:WIZU2
Comment Utility
That worked thank you so much!!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now