Solved

Domain Trust DNS Problems

Posted on 2014-09-05
8
1,668 Views
Last Modified: 2014-09-05
Having some trouble with an external domain trust.  The networking portion is functional as I am able to ping ip addresses in both directions but I cannot ping host names from one side of the trust but I can ping hostnames from the other.

Conditional forwarders are validated and FQDN resolved.

Two Way External
Not Transitive

Both sides are 2003 functional level

DomainA
ServerA
Server2003

DomainB
ServerB
Server2008

I am able to ping hostnames from DomainA (from any server) on DomainB however, I cannot ping hostnames on DomainA from DomainB.  I can ping ip addresses/

This trust was functional at some point in the past but disabled - I don't think zone transfers/secordary servers were used but and I swear I was able to ping hostnames in both directions just a few days ago.
0
Comment
Question by:LenCepeda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:Delete
ID: 40306665
When you say you can't ping hostnames, do you mean you can't ping the FQDN of a system in DomainA from DomainB?  Or is it only the shortname that you cannot ping?

When you perform the ping, does it resolve to the correct IP Address of the destination system?
0
 

Author Comment

by:LenCepeda
ID: 40306672
That is correct - I should I wrote I am unable to ping FQDN of a system in DomainA from DomainB.  

Yes, when I ping the FQDN it does resolve the correct ip address.  

Thank you for you quick response.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40306676
First, don't use ping to test DNS issues. Firewalls can easily block ICMP traffic and DNS as well as other traffic can work just fine. Not only is a failed ping a bad test for DNS, it may not even indicate a problem.

Use nslookup.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 7

Expert Comment

by:Delete
ID: 40306691
As a test try disabling IPv6 if it is enabled (assuming your not using anything that is reliant on IPv6).
0
 

Author Comment

by:LenCepeda
ID: 40306721
Cliff I attempted nslookup and it wasn't able to find the other domain:  

****domainB can't find server: non-existent domain


Justing,
I disabled IPv6 on serverB- no change
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40306732
Then I'd check the conditional forwarder settings. Routes between the two domains. And, if necessary, follow the DNS packets themselves to see where they are getting stopped (again, firewall can be an issue) using something like wireshark at each hop.

Don't guess at random. These are simple troubleshooting steps that can pinpoint the problem definitively.
0
 
LVL 7

Expert Comment

by:Delete
ID: 40306737
Can you clarify what you mean by
Conditional forwarders are validated and FQDN resolved.
and how you validated those items if you say now you can't resolve DNS of DomainA from DomainB.

If you in fact cannot resolve DomainA from DomainB then you will need to follow Cliff's suggestions.
0
 

Author Closing Comment

by:LenCepeda
ID: 40306753
Alright - I deleted the conditional forwarded and recreated it and poof it worked!!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question