Improve company productivity with a Business Account.Sign Up

x
?
Solved

Child Domain and dns suffixes

Posted on 2016-11-18
9
Medium Priority
?
220 Views
Last Modified: 2016-12-01
So I have a child domain and I can not ping a machine from the the parent domain with out putting in the FQDN.

and nslookup will not work unless I do the same.

So I'm thinking a DNS issue.  if I add the child domain name in the network properties of my machine I can ping and nslookup

when I run dcdiag /e /test:dns from parent domain controller I get this

at the bottome
-dns.png
0
Comment
Question by:Michael Chonlahan
  • 4
  • 3
  • 2
9 Comments
 
LVL 42

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41893879
You will have to specify which DNS suffixes should be tried.  You can specify this manually in the NIC properties of a computer, but if you need to set for multiple machines it's best to use Group Policy (under Computer > Administrative Templates > Network > DNS Client > DNS Suffix Search List).
0
 

Author Comment

by:Michael Chonlahan
ID: 41893890
Ok is there a reason why it is not automatically doing that?  on the child it automatily put that if I did a ipconfig /all it shows both but on the parent I have to put it on the nic card properties.
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 1000 total points
ID: 41901800
Ok is there a reason why it is not automatically doing that?  on the child it automatily put that if I did a ipconfig /all it shows both but on the parent I have to put it on the nic card properties.

I'm fairly certain that this is normal behavior. A member of a child domain will (by default) add the child domain's DNS suffix and any parent domain suffixes to its search list (known as DNS devolution), but this doesn't happen automatically the other way around. If you think about it, the FQDN is required to uniquely identify the machine you're trying to reach. There's no way for the OS to know if the hostname "server1" should refer to server1.parent.com, server1.child.parent.com, or something else.

As footech mentioned, Group Policy is the best way to add the child domain suffix to multiple machines.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 

Author Comment

by:Michael Chonlahan
ID: 41901801
Ok thank you I will work on setting up a group policy to add it.

Thank you all for the help
0
 
LVL 42

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41903493
Thanks, DrDave242, for jumping in.  Somehow this had slipped past me.
0
 
LVL 42

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41909199
I'm not going to object, but it would have been more appropriate to split points, as both DrDave242 and I answered some of your questions.
0
 

Author Comment

by:Michael Chonlahan
ID: 41909201
sorry did know I could do that new to this site.
0
 
LVL 27

Assisted Solution

by:DrDave242
DrDave242 earned 1000 total points
ID: 41909223
Footech's right; the points should be split. There's a way to do that after a question has been closed, as I've seen it done before, but I honestly don't know how to do it. Submit an attention request, maybe?
0
 
LVL 42

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41909256
Yes, but I'm not going to ask anyone to do that.  Just keep it in mind for the next time.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question