Solved

Should I simply manually add a DNS Forward Zone ?

Posted on 2015-02-02
5
128 Views
Last Modified: 2015-03-12
We have two facilities. Each facility has its own LAN, AD and domain. Between the two facilities is a VPN connection.
I want the facility A's users to see the facility B's hosts so I manually created a Forward Zone in the facility A's DNS server. That has been working fine for long. But it's been a pain since I have to manually maintain the new/old records from time to time.
An idea recently came to my mind: why not just add the facility B's DNS server's IP address into the facility A's computers' DNS Server Address list in the way like:

DNS Server Addresses:  (in facility A's computers)
10.10.10.15    (the facility A's DNS server)
10.10.50.121    (the facility B's DNS server)
10.10.10.16     (the facility A's 2nd DNS server)
10.10.50.122  (facility B's 2nd DNS server)

I assumed that in facility A, while trying to resolve B's host name, (of course 10.10.10.15 cannot resolve it,) it would pass over to the next 10.10.50.121 in the list for help. And of course the 10.10.50.121 would be able to resolve it since it is a facility B's DNS server.

Well, I found my assumption is not working. But why isn't it working? Did I miss anything?
Do you think I still need to go back to manually add and maintain a Forward Zone in facility A for resolving B's host names?
0
Comment
Question by:Castlewood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 40584082
You missed something.
AD members should use DNS servers for their own domain only. The DNS client only fails over to the next DNS server if the DNS server it currently uses doesn't respond at all, not if the DNS server responds with "record not found".
So first thing to do is to remove B's DNS servers on all A domain members and vice versa; you might have noticed prolonged logon times already.
Then you can either create secondary(!) zones in each domain for the respective other domain and replicate them from the other domain, or you can create a conditional DNS forwarder pointing to the DNS servers in the other domain (Properties of the DNS server, tab "Forwarders"; you need to do this on all DNS servers).
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/kb/304491
Guide with screen shots:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 
LVL 5

Assisted Solution

by:R. Toby Richards
R. Toby Richards earned 250 total points
ID: 40584094
What you should do is to add a forwarder. In DNS, right-click your DC/DNS server. Select "Properties". Click the "Forwarders" tab. Add the domain name and it's DNS servers there:

DNS.png
Also make sure that the clients have the foreign domain in the append suffixes of the NIC's TCP settings:

2015-02-02-07-23-57-Network-Connections.
You can enforce this with group policy: Computer Configuration / Administrative Templates / Network / DNS suffix search list.
0
 
LVL 4

Expert Comment

by:Manoj Bojewar
ID: 40584108
I would say best option to create  AD integrated Primary Zone DNS for Site B replicate to Site A using Primary Zone.. This way you don't require to update changes to both the sides.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40584122
You still need to make sure the clients have the foreign domain name in their DNS suffix search list.
0
 

Author Comment

by:Castlewood
ID: 40591933
Manoj Bojewar's suggestion may not work since the two domains are not in the same forest. Sorry I didn't mention it.

R. Toby Richards, I added the conditional forwarders for each side and hope side A can see side B's and vice versa. But it turns out to be that side A can see B's while side B cannot see A's. So the question is, why is the conditional forwarder not working at Side B ? Could I miss anything somewhere?
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question