This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.
2008 r2 DNS Conditional forwarders
When upgrading DC's to 2008 R2 (ADI DNS) conditional forwarders do not work. In the console they fail to resolve and validate with the error 'not authoritative for the namespace) my question is what are the requirements for a conditional forwarders and have they changed since 2003
I presume 2003 conditional forwarders were happy with receiving referrals from conditional forwarders and processing them
I presume 2003 conditional forwarders were happy with receiving referrals from conditional forwarders and processing them
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Also if you were going to use forwarders you should be forwarding to your ISP DNS server and the ipconfig of domain controllers should be like this.
IP: ip address
Mask: mask
Gateway: your gateway
DNS1: domaincontroller IP
DNS2: domaincontroller IP
Active directory domain controllers should only be pointing to domain controllers who are doing DNS for the domain whether your using root hints or forwarders.
IP: ip address
Mask: mask
Gateway: your gateway
DNS1: domaincontroller IP
DNS2: domaincontroller IP
Active directory domain controllers should only be pointing to domain controllers who are doing DNS for the domain whether your using root hints or forwarders.
conditional meaning you have a specific domain name or are you forwarding all non ad domain based requests.
As Mark pointed out, forwarding was used to offload load/traffic, but it was susseptible to poisoning, ...... And ....
are pointing to IPs or names?
As Mark pointed out, forwarding was used to offload load/traffic, but it was susseptible to poisoning, ...... And ....
are pointing to IPs or names?
I'm not forwarding, conditional forwarders are added for specific domains in a partner organisation. These are not resolvable from the Internet.
The DNS,you are pointing to are not authoritative for the domain according to the error you got. An alternative to forwarders is the use of stub zones that achieve a similar result. I.e. Your DNS will get the DNS responsive and will send the requests there. Another option is to setup the other domains as a secondary zones that your DNS will transfer directly from the other server who will need to be configured to allow zone transfers to your server.
Hi I agree with your thinking but stub and secondary zones are not allowed in this instance. What I am trying to find out is do the conditional forwards have to be to only servers authoritative for that zone because it can't of been the case in 2003. I'm struggling to find any Microsoft documentation to support this
2003 did not have this check. The check is to avoid domain hijacking/DNS poisoning.
You can use plain forwarders by specifying the domain there.......
While not an answer why, it covers the question you posed, and the requirement that conditional must point to anauthoritative DNS server for the domain in question, is that an issue?
I.e. Your side can not get to the authoritative servers on the other end?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/6d22c645-3e25-4e28-9c5d-815276c4446f/conditional-forwarding-with-non-authoritative-dns-server?forum=winserverNIS
You can use plain forwarders by specifying the domain there.......
While not an answer why, it covers the question you posed, and the requirement that conditional must point to anauthoritative DNS server for the domain in question, is that an issue?
I.e. Your side can not get to the authoritative servers on the other end?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/6d22c645-3e25-4e28-9c5d-815276c4446f/conditional-forwarding-with-non-authoritative-dns-server?forum=winserverNIS
Hi firewall changes can be made to allow c.fwdr to point to the authoritative server, it was more a case of understanding why pointing to a non authoritative server doesn't now work on 2008 and a supporting article from Microsoft to explain. I appreciate your comments :)
This was resolved by re creating the conditional forwarders and restarting the DNS service... It does look like the servers have to be authoritative.. Hmmm
I've requested that this question be closed as follows:
Accepted answer: 0 points for Solacement's comment #a40879052
for the following reason:
Resolution of the issue
Accepted answer: 0 points for Solacement's comment #a40879052
for the following reason:
Resolution of the issue
I believe my comments have guided you to this solution meaning making sure your conditional forwarders are. Authoritative for the conditional domain.
The conditional forwarders do not have to be authoritative for this to work, apologies for the typo in my resolution. It should of read I recreated the conditional forwarders to the same non authoritative DNS servers. It doesn't look like the servers have to be authoritative.
Also The apparent lack of Microsoft documentation supporting the need to point conditional forwarders to an authoritative server. Although the validation may fail in the wizard the conditional forwarders will work regardless as long as the server can resolve the namespace
Also The apparent lack of Microsoft documentation supporting the need to point conditional forwarders to an authoritative server. Although the validation may fail in the wizard the conditional forwarders will work regardless as long as the server can resolve the namespace
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
The functionality is not in dispute, the question dealt with when setting up the conditional forwarding the wizard failed to resolve and validate with the error dealing with the referenced servers being non-authoritative.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSA MCSE Microsoft Certified Solutions Associate & … 398 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2016 Par… 211 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
Why dont you try to enable root hints and remove your forwarders?