Solved

Should I simply manually add a DNS Forward Zone ?

Posted on 2015-02-02
5
118 Views
Last Modified: 2015-03-12
We have two facilities. Each facility has its own LAN, AD and domain. Between the two facilities is a VPN connection.
I want the facility A's users to see the facility B's hosts so I manually created a Forward Zone in the facility A's DNS server. That has been working fine for long. But it's been a pain since I have to manually maintain the new/old records from time to time.
An idea recently came to my mind: why not just add the facility B's DNS server's IP address into the facility A's computers' DNS Server Address list in the way like:

DNS Server Addresses:  (in facility A's computers)
10.10.10.15    (the facility A's DNS server)
10.10.50.121    (the facility B's DNS server)
10.10.10.16     (the facility A's 2nd DNS server)
10.10.50.122  (facility B's 2nd DNS server)

I assumed that in facility A, while trying to resolve B's host name, (of course 10.10.10.15 cannot resolve it,) it would pass over to the next 10.10.50.121 in the list for help. And of course the 10.10.50.121 would be able to resolve it since it is a facility B's DNS server.

Well, I found my assumption is not working. But why isn't it working? Did I miss anything?
Do you think I still need to go back to manually add and maintain a Forward Zone in facility A for resolving B's host names?
0
Comment
Question by:Castlewood
5 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 40584082
You missed something.
AD members should use DNS servers for their own domain only. The DNS client only fails over to the next DNS server if the DNS server it currently uses doesn't respond at all, not if the DNS server responds with "record not found".
So first thing to do is to remove B's DNS servers on all A domain members and vice versa; you might have noticed prolonged logon times already.
Then you can either create secondary(!) zones in each domain for the respective other domain and replicate them from the other domain, or you can create a conditional DNS forwarder pointing to the DNS servers in the other domain (Properties of the DNS server, tab "Forwarders"; you need to do this on all DNS servers).
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/kb/304491
Guide with screen shots:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 
LVL 5

Assisted Solution

by:R. Toby Richards
R. Toby Richards earned 250 total points
ID: 40584094
What you should do is to add a forwarder. In DNS, right-click your DC/DNS server. Select "Properties". Click the "Forwarders" tab. Add the domain name and it's DNS servers there:

DNS.png
Also make sure that the clients have the foreign domain in the append suffixes of the NIC's TCP settings:

2015-02-02-07-23-57-Network-Connections.
You can enforce this with group policy: Computer Configuration / Administrative Templates / Network / DNS suffix search list.
0
 
LVL 4

Expert Comment

by:Manoj Bojewar
ID: 40584108
I would say best option to create  AD integrated Primary Zone DNS for Site B replicate to Site A using Primary Zone.. This way you don't require to update changes to both the sides.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40584122
You still need to make sure the clients have the foreign domain name in their DNS suffix search list.
0
 

Author Comment

by:Castlewood
ID: 40591933
Manoj Bojewar's suggestion may not work since the two domains are not in the same forest. Sorry I didn't mention it.

R. Toby Richards, I added the conditional forwarders for each side and hope side A can see side B's and vice versa. But it turns out to be that side A can see B's while side B cannot see A's. So the question is, why is the conditional forwarder not working at Side B ? Could I miss anything somewhere?
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
change home folder path 4 40
Need MS Windows 2003 R2 (32) support tools 3 38
Parse DNS log 3 36
Clearing router cache 12 13
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now