troycsl
asked on
DNS Configuration and Domain Trusts
Hey All,
My overall goal right now is configuring a domain trust between our local AD, and a cloud hosted AD server. Site to Site VPN already in place, pinging across the VPN without any trouble.
Cloud AD is Server 2012, Active Directory Level is 2008 R2, DNS is configured locally for the domain, and it is the only DNS server it uses.
Local AD is Server 2003, Active Directory Level is 2003, DNS is configured locally for the domain, and it is one of two domain DNS servers.
What I've done so far:
Configured reverse lookup zones on both AD DNS Servers, and configured Conditional Forwarders on both AD DNS Servers.
Currently, from the Cloud AD server, I'm able to ping random FQDNs on my Local AD network. Using NSLOOKUP, I can see the proper response on the Non-authoritative answer.
From my Local AD, none of the above works correctly, although I've run over the configuration a number of times, and its consistent in both of them. I have the Reverse Lookup in there (including the PTR record), I have the conditional forwarder, I can ping the other server, but I cannot resolve the FQDN of the other server. NSLOOKUPs against the Cloud Domain responds with "Non-existent domain".
The only thing I've found that shows up wrong, is that the conditional forwarded has the error message "Validation not supported" with a yellow triangle. I've been presuming this was related to the functional level mismatch, and that the stock 2003 DNS menus mention nothing about Validation.
Per-chance, could anyone point me in the right direction? I feel like I'm missing something small/silly, but I'm very close to having this whole thing figured out.
My overall goal right now is configuring a domain trust between our local AD, and a cloud hosted AD server. Site to Site VPN already in place, pinging across the VPN without any trouble.
Cloud AD is Server 2012, Active Directory Level is 2008 R2, DNS is configured locally for the domain, and it is the only DNS server it uses.
Local AD is Server 2003, Active Directory Level is 2003, DNS is configured locally for the domain, and it is one of two domain DNS servers.
What I've done so far:
Configured reverse lookup zones on both AD DNS Servers, and configured Conditional Forwarders on both AD DNS Servers.
Currently, from the Cloud AD server, I'm able to ping random FQDNs on my Local AD network. Using NSLOOKUP, I can see the proper response on the Non-authoritative answer.
From my Local AD, none of the above works correctly, although I've run over the configuration a number of times, and its consistent in both of them. I have the Reverse Lookup in there (including the PTR record), I have the conditional forwarder, I can ping the other server, but I cannot resolve the FQDN of the other server. NSLOOKUPs against the Cloud Domain responds with "Non-existent domain".
The only thing I've found that shows up wrong, is that the conditional forwarded has the error message "Validation not supported" with a yellow triangle. I've been presuming this was related to the functional level mismatch, and that the stock 2003 DNS menus mention nothing about Validation.
Per-chance, could anyone point me in the right direction? I feel like I'm missing something small/silly, but I'm very close to having this whole thing figured out.
ASKER
Hey Will,
I'll be honest, my knowledge of DNS configuration is lacking, so I don't know exactly what "properly configured" would mean. The Cloud AD's dns is extremely simple, with just the domain information, and what I've added.
I have not tried a secondary or stub zone configuration. Should I assume that because my communication seems solid on the Cloud AD, that I'm good there and should just focus on the local AD?
I'll be honest, my knowledge of DNS configuration is lacking, so I don't know exactly what "properly configured" would mean. The Cloud AD's dns is extremely simple, with just the domain information, and what I've added.
I have not tried a secondary or stub zone configuration. Should I assume that because my communication seems solid on the Cloud AD, that I'm good there and should just focus on the local AD?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey Will,
Should probably check the simple things first, instead of going into things more complicated.
Turns out it was a firewall issue. An old rule blocking out connections to the entire 10. subnetwork was intercepting my requests -_-;
Got my domain trusts working properly, dns, everything.
Thanks so much for the help!
Should probably check the simple things first, instead of going into things more complicated.
Turns out it was a firewall issue. An old rule blocking out connections to the entire 10. subnetwork was intercepting my requests -_-;
Got my domain trusts working properly, dns, everything.
Thanks so much for the help!
Do you have DNS properly configured on both ends?
Will.