Child Domain and dns suffixes

So I have a child domain and I can not ping a machine from the the parent domain with out putting in the FQDN.

and nslookup will not work unless I do the same.

So I'm thinking a DNS issue.  if I add the child domain name in the network properties of my machine I can ping and nslookup

when I run dcdiag /e /test:dns from parent domain controller I get this

at the bottome
-dns.png
Michael ChonlahanAsked:
Who is Participating?
 
DrDave242Connect With a Mentor Commented:
Ok is there a reason why it is not automatically doing that?  on the child it automatily put that if I did a ipconfig /all it shows both but on the parent I have to put it on the nic card properties.

I'm fairly certain that this is normal behavior. A member of a child domain will (by default) add the child domain's DNS suffix and any parent domain suffixes to its search list (known as DNS devolution), but this doesn't happen automatically the other way around. If you think about it, the FQDN is required to uniquely identify the machine you're trying to reach. There's no way for the OS to know if the hostname "server1" should refer to server1.parent.com, server1.child.parent.com, or something else.

As footech mentioned, Group Policy is the best way to add the child domain suffix to multiple machines.
0
 
footechConnect With a Mentor Commented:
You will have to specify which DNS suffixes should be tried.  You can specify this manually in the NIC properties of a computer, but if you need to set for multiple machines it's best to use Group Policy (under Computer > Administrative Templates > Network > DNS Client > DNS Suffix Search List).
0
 
Michael ChonlahanAuthor Commented:
Ok is there a reason why it is not automatically doing that?  on the child it automatily put that if I did a ipconfig /all it shows both but on the parent I have to put it on the nic card properties.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Michael ChonlahanAuthor Commented:
Ok thank you I will work on setting up a group policy to add it.

Thank you all for the help
0
 
footechConnect With a Mentor Commented:
Thanks, DrDave242, for jumping in.  Somehow this had slipped past me.
0
 
footechConnect With a Mentor Commented:
I'm not going to object, but it would have been more appropriate to split points, as both DrDave242 and I answered some of your questions.
0
 
Michael ChonlahanAuthor Commented:
sorry did know I could do that new to this site.
0
 
DrDave242Connect With a Mentor Commented:
Footech's right; the points should be split. There's a way to do that after a question has been closed, as I've seen it done before, but I honestly don't know how to do it. Submit an attention request, maybe?
0
 
footechConnect With a Mentor Commented:
Yes, but I'm not going to ask anyone to do that.  Just keep it in mind for the next time.
0
All Courses

From novice to tech pro — start learning today.