2 domains (each with DNS) on the same network, don't exchange queries 1

[toastm4n]

Hi everyone,

I have created a lab for DNS practice.

Here is my situation, I got 2 windows server 2003 computers on the same network (same subnet: 192.168.0.0/24), they're both domain controllers and they both got DNS installed. Most settings are default.

They each have a client computer connected to them, but the clients can't NSLOOKUP each other. CLIENT1 on domain DOMAIN-A.COM (CLIENT1.DOMAIN-A.COM) can't NSLOOPUP CLIENT10 on domain DOMAIN-B.COM (CLIENT10.DOMAIN-B.COM)

On top of that, the domain contollers can't NSLOOKUP each other neither.

Are the DNS servers supposed to see each other and communicate by default? Or am I to configure something?

Many thanks in advance for your help,
Toast

 

[itsp1965]

Do you have forwarding setup on each of the DNS servers? Client1.DomainA.com cannot resolve Client10.DomainB.com if there is no way to forward requests to DomainB from DomainA.

 

[theravager]

add a stub zone to each one pointing to the other

 

[lhuegele]

I think what you need to do is make sure the 2 DNS servers are set-up to allow zone transfers to each other. Transfer the zone from domain A onto the DNS server for domain B. Do the reverse for domain B onto domain A. Once the zones are transfered and synced your nslookup should work.

Good luck,

 

[toastm4n]

lhuegele:

How exactly do I transfer the zone? By setting up a stub zone as 'theravager' suggested?

 

[lhuegele]

I've never used stub zones, but it might work as well. I prefer a secondary forward lookup zone becuase it brings in all DNS records for that zone, so that the local DNS server can just resolve all requests locally. I believe with a stub zone, the DNS server has to query the other DNS server when trying to resolve A host records.

To transfer a zone, you're really just creating a secondary forward lookup zone, and then during that process you're pulling the zone in from the other DNS server (i.e. right-click on "forward lookup zones" and select "new zone"). You'll then be asked for primary, secondary, or stub.

You'll need to make sure you've given permission between the two DNS servers to allow zone transfers between each other.

Good luck,

 

[theravager]

Tranfering the zones just makes a copy of each dns servers zones on each server so they can lookup records of each.



Making a stub zone just basically tells each server if you need a record for zone *.something.com then look to the dns server with this ip address. This is the best way to do dns if you have large zones that are administered on separate servers or companies etc.

Both work perfectly, just one is better then the other in various scenarios.

 

[ShackDaddy]

The easiest would be to configure domain-specific forwarders in the forwarders area on each server so that each server would query the other for records in its domain, and for all other queries, send them to the outside. No need to create stub zones or do zone transfers.

Dave Shackelford
ThirdTier.net

 

[lhuegele]

The easiest" would depend on your perspective ShackDaddy. Forwarders, even domain-specific forwarders have always been more problematic from our perspective.

This is why we prefer the secondary zone. We will be trying the stub zone approach when the need comes up next time.

 

[gwdrsmith]

If you have forwarders pointing to an ISP DNS and you add forwarders to a 2nd domain within you same network, your DNS lookups will be slower. This is how my company was setup when I came on board. DNS will run down the list of forwarders until it finds a match for the query. Use Stub zones to perform cross domain lookups. Stub zones essentially forward the query similar to a forwarder, but only forwards the query if the domain in the stub zone matches. A forwarder would send the query over regardless.