Host Name Resolution from Parent Domain to Member Server on Child Domain
We have a parent domain, abc.local.
We recently created a child domain dev.abc.local.
The member machines in questions are VMWare guests machines.
The VMWare host continues live on abc.local.
We want the domainadmin.abc.local to rdp to membermachine.dev.abc.loca
This appears to work when attempting to connect to somemachine.dev.abc.local but not othermachine.dev.abc.local
All machines were configured the same.
The internet protocol version 4 (TCP/IPv4) is used in every case.
TCP/IPv4 properties are set to use static IP address, subnet mask, and default gateways. In addition, a preferred DNS server and an alternate DNS server are specified.
Advanced settings show the assigned static ip address and default gateway under the IP settings tab.
Under the DNS tab, the primary dns server address (the dns address for dev.abc.local) is listed first and the alternate dns server address (the dns address for abc.local) is listed second.
Under the section for the resolution of unqualified names the defaults are selected which are 1) Append primary and connection specific DNS suffixes and 2) Append parent suffixes for the primary DNS suffix.
Finally, the check box is selected for the option to Register this connection's addresses in DNS.
Why are we able to rdp from the parent domain (abc.local) to a machine on the child domain (dev.abc.local) using the unqualified hostname and others require the FQDN?
We recently created a child domain dev.abc.local.
The member machines in questions are VMWare guests machines.
The VMWare host continues live on abc.local.
We want the domainadmin.abc.local to rdp to membermachine.dev.abc.loca
This appears to work when attempting to connect to somemachine.dev.abc.local but not othermachine.dev.abc.local
All machines were configured the same.
The internet protocol version 4 (TCP/IPv4) is used in every case.
TCP/IPv4 properties are set to use static IP address, subnet mask, and default gateways. In addition, a preferred DNS server and an alternate DNS server are specified.
Advanced settings show the assigned static ip address and default gateway under the IP settings tab.
Under the DNS tab, the primary dns server address (the dns address for dev.abc.local) is listed first and the alternate dns server address (the dns address for abc.local) is listed second.
Under the section for the resolution of unqualified names the defaults are selected which are 1) Append primary and connection specific DNS suffixes and 2) Append parent suffixes for the primary DNS suffix.
Finally, the check box is selected for the option to Register this connection's addresses in DNS.
Why are we able to rdp from the parent domain (abc.local) to a machine on the child domain (dev.abc.local) using the unqualified hostname and others require the FQDN?
> We want the domainadmin.abc.local to rdp to membermachine.dev.abc.loca
> This appears to work when attempting to connect to somemachine.dev.abc.local but not othermachine.dev.abc.local
Please "ping somemachine" and see if you get back a ping message like this:
Otherwise look at "ipconfig /displaydns" and see if you have anything listed for somemachine.
The only way this will really work is if you configure and publish a DNS suffix for dev.abc.local. DNS suffix devolution (Append parent suffixes) works when going from dev.abc.local to abc.local, but not the other way around (as the DNS client has no means of establishing what any other label should be).
Chris
> This appears to work when attempting to connect to somemachine.dev.abc.local but not othermachine.dev.abc.local
Please "ping somemachine" and see if you get back a ping message like this:
Pinging somemachine [1.2.3.4] with 32 bytes of data:
Pinging somemachine.dev.abc.local [1.2.3.4] with 32 bytes of data:
Otherwise look at "ipconfig /displaydns" and see if you have anything listed for somemachine.
The only way this will really work is if you configure and publish a DNS suffix for dev.abc.local. DNS suffix devolution (Append parent suffixes) works when going from dev.abc.local to abc.local, but not the other way around (as the DNS client has no means of establishing what any other label should be).
Chris
In parent domain add new GPO at domain level and in GPO navigate to computer config\administrative templates\network\dns client and enable dns suffix search list
In search list add domain.com as 1st entry and add child.domain.com as 2nd entry separated by comma
This will ensure that for unqualified name child domain also get queried and if name available you will get name resolution
In search list add domain.com as 1st entry and add child.domain.com as 2nd entry separated by comma
This will ensure that for unqualified name child domain also get queried and if name available you will get name resolution
Chris Dent: pinging somemachine returns somemachine.abc.local when it should return somemachine.dev.abc.local.
I'm aware of that, but you will need to implement a search list as I said in the first place to be able to query names using simple labels in child domains.
If you find any resolve already (as you said was the case with somemachine) they must either have records in the parent zone or be resolving using another name resolution service.
Chris
If you find any resolve already (as you said was the case with somemachine) they must either have records in the parent zone or be resolving using another name resolution service.
Chris
Chris, thank you for your input. Something is getting lost in translation between our responses I think.
I don't understand what you mean when you say, implement a search list.
I don't understand what you mean when you say, implement a search list.
Mahesh's instructions show you how to implement the search list which will let you resolve host names only in the child domain from the parent.
Chris
Chris
In parent domain add new GPO at domain level and in GPO navigate to computer config\administrative templates\network\dns client and enable dns suffix search listThis won't help with the current situation, though, since the parent domain's suffix will be appended first. When you run ping client1, for example, from the abc.local domain, the FQDN client1.abc.local will be attempted first. If there's a record in DNS with that FQDN (which appears to be the case for some hostnames, as Chris pointed out), it'll be returned in response to that query, and client1.dev.abc.local will never be attempted.
In search list add domain.com as 1st entry and add child.domain.com as 2nd entry separated by comma
You can switch the order of the suffixes in the list so that dev.abc.local gets appended first, but that's still not completely ideal, as you're then stuck with the opposite problem: you won't be able to access machines in abc.local from that domain using only hostnames if there are also machines in dev.abc.local with those same hostnames. Whether or not this is a problem for you depends on your environment.
There's no perfect solution to this, as far as I can tell, other than making sure that every machine across both domains has a unique hostname (in other words, making sure that for each machine named x.abc.local, there's no machine named x.dev.abc.local and vice versa).
Using a GlobalNames zone is another option, but it's still not going to be perfect if there are matching hostnames across the domains.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial