DNS Configuration and Domain Trusts

Hey All,

My overall goal right now is configuring a domain trust between our local AD, and a cloud hosted AD server. Site to Site VPN already in place, pinging across the VPN without any trouble.

Cloud AD is Server 2012, Active Directory Level is 2008 R2, DNS is configured locally for the domain, and it is the only DNS server it uses.

Local AD is Server 2003, Active Directory Level is 2003, DNS is configured locally for the domain, and it is one of two domain DNS servers.

What I've done so far:

Configured reverse lookup zones on both AD DNS Servers, and configured Conditional Forwarders on both AD DNS Servers.

Currently, from the Cloud AD server, I'm able to ping random FQDNs on my Local AD network. Using NSLOOKUP, I can see the proper response on the Non-authoritative answer.

From my Local AD, none of the above works correctly, although I've run over the configuration a number of times, and its consistent in both of them. I have the Reverse Lookup in there (including the PTR record), I have the conditional forwarder, I can ping the other server, but I cannot resolve the FQDN of the other server. NSLOOKUPs against the Cloud Domain responds with "Non-existent domain".

The only thing I've found that shows up wrong, is that the conditional forwarded has the error message "Validation not supported" with a yellow triangle. I've been presuming this was related to the functional level mismatch, and that the stock 2003 DNS menus mention nothing about Validation.

Per-chance, could anyone point me in the right direction? I feel like I'm missing something small/silly, but I'm very close to having this whole thing figured out.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Rather than a Conditional Forwarder, have you tried a Stub or Secondary Zone to see if that works?

Do you have DNS properly configured on both ends?

troycslAuthor Commented:
Hey Will,

I'll be honest, my knowledge of DNS configuration is lacking, so I don't know exactly what "properly configured" would mean. The Cloud AD's dns is extremely simple, with just the domain information, and what I've added.

I have not tried a secondary or stub zone configuration. Should I assume that because my communication seems solid on the Cloud AD, that I'm good there and should just focus on the local AD?
Will SzymkowskiSenior Solution ArchitectCommented:
Should I assume that because my communication seems solid on the Cloud AD, that I'm good there and should just focus on the local AD?

I would agree with that statment. However I would also look at the firewall as well to see if you are getting any sort of blocked communication.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
troycslAuthor Commented:
Hey Will,

Should probably check the simple things first, instead of going into things more complicated.

Turns out it was a firewall issue. An old rule blocking out connections to the entire 10. subnetwork was intercepting my requests -_-;

Got my domain trusts working properly, dns, everything.

Thanks so much for the help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.