Avatar of VMCity
VMCity
 asked on

DNS Resolution NOT working through VPN

I am trying to set up an internal DNS resolution. Here is the situation.
Company A acquired company B.
Both companies have their own internal wiindows AD/DNS servers.
I setup VPN between A and B..

I can ping company B PC's by IP's from company A
I can ping company A PC's by IP's from company B


The issue is:
 I cannot ping company B PC's by host name from company A
I cannot ping company A PC's by host name from company B

Where should this be configured?
1-From windows DNS servers from both A and B?
2-From  both firewalls used to setup the VPN between company A and B?

Thanks in advance....
DNSTCP/IPWindows Server 2008VPNRouters

Avatar of undefined
Last Comment
VMCity

8/22/2022 - Mon
footech

When you say host name, do you mean only the host name, or the FQDN (host name plus domain).
If only the host name, you should test with the FQDN, and the better tool to test name resolution is nslookup.
If you try something like the following from a machine in companyA (notice the trailing dot), do you get a correct result?
nslookup host.companyB.com.

Open in new window

SOLUTION
Ivan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
DrDave242

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
VMCity

ASKER
Footech..here is the result of the nslookup test you requested:

 
C:\Users\Administrator>nslookup host.companyB.com.
Server:  UnKnown
Address:  192.168.5.10   ------>  local DNS server of companyA from where the nslookup is been run

*** UnKnown can't find nslookup host.companyB.com: Non-existent domain

 Thanks,
Ivan

Hi,

your dns server does not know of domain dns, and that is why it is failing. You need to use stub or conditional forwarder, that will tell dns server from companyA where dns for company is located, and vice versa.

Regards,
Ivan.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
VMCity

ASKER
Ivan thanks for your reply..

Assuming I go with a stub zone, it is correct that, one stub zone will have to be created on each company's DNS server?

Thanks,
SOLUTION
Ivan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
footech

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
VMCity

ASKER
Thanks DrDave242 for your detailed answer and the links....

Is a stub zone or conditional forwarders a requirement in order to have userA from companyA authenticate with companyB  Active directory server as if userA was created in companyB hence be able to use companyB ressources?
VMCity

ASKER
Footech , can you please point me to an online ref for an example of such a GP configuration?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
DrDave242

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
footech

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
DrDave242

Lot of helpful answers here. I feel a little dirty giving myself more points, so please object if you'd rather see them allocated differently.
VMCity

ASKER
Hi DrDave242,

I do not remember distributing points. From your last message I believe someone else did. Can you explain how this works?
I didn't do it because i was still waiting till after implementation (maybe there is a time limit i am not aware of). I did it a couple of days ago and it worked. Thank you to for all of you.
It is only after implementation that I understood what "footech" was really talking about (I was more focused on just getting it to work than the convenience part of just being able to use the host name without the DNS suffix between).

If you do not mind I would add 40 points to "feetech".

All of you have been great.

Thank you
footech

@VMCity - When a question is abandoned, experts who have participated in the thread can give recommendations on how the question should be closed.  If no recommendations are received, then a cleanup volunteer will take action as they see appropriate.  A question is considered abandoned if there hasn't been any comment in 14 days (I think I'm remembering the number of days correctly).  I'm fine with the points distribution - no need to reopen the question again to redistribute.  Thanks.
Your help has saved me hundreds of hours of internet surfing.
fblack61
VMCity

ASKER
Thanks for the clarification. I was not aware of these details.