DNS issue

[floppyraid]

sooooooo.

ive got a 2003 server doing DNS and DHCP. its in one vlan.

i have clients in a different vlan.

the clients can ping the 2003 server just fine by IP, BUT, only some of them can ping it by name.

when i go into the DNS forward lookup zone, i see very few host A records populated there for the nodes in the other VLAN.

on top of that------- the same clients that cannot ping the DNS server by name *can* browse the internet just fine, and their *only* nameserver is the 2003 server.

thats the part i really really dont understand. obviously the DNS box is supplying those clients with DNS information. so why is it not supplying them with its own IP when they try to ping it by name? and why doesnt the DNS forward lookup zone have the new clients listed as host A records?


also---

i can have a computer on the same VLAN as the 2003 DNS server, and it can ping it by name fine, but, it cannot ping the hostnames by name of the clients in the other VLAN-- the very same ones that do in fact have an entry in the forward lookup zone on the DNS server. why not? obviously if they have a host A record in there, the DNS server should be supplying them with the IP. if i try to ping them by IP it works fine.


any ideas would be very appreciated

 

[drewdown]

What happens when you try to ping? No response or could not find host?

Do you have anything configured on the local machines as far as DNS suffixes go? If you do and its different from the zones configured on the DNS server you won't be able to resolve names. Also static or dynamic IP's? What is DHCP giving our for DNS IP addresses?

 

[Lemon13]

microsoft browsing relies on netbios, and thats not routeable, so you would need a layer 3 device to be able to browse between 2 vlan´s

http://en.wikipedia.org/wiki/NetBIOS

M. Knorr

MCSE, MCTS, MCSA, CCNA

 

[floppyraid]

im starting to realize what happened.

we just created these vlans about a week ago, before this the entire network was flat.

we have alot of students with laptops, many of which do not run an OS that is capable of joining the domain. so here is somewhat of the conclusion ive come to so far --

when they (everyones computers) were on the same subnet as the DNS/DHCP/AD and RRAS/Proxy box, they were able to resolve their internal hostnames because it was a layer 3 broadcast packet that was asking every node on the same subnet "who has this hostname/netbios name?"

but when i moved those laptops and (domain joined) workstations to a new vlan and subnet, they were no longer able to get a response from their IP layer broadcast asking for a response to their hostname queries.-- however, this explains my confusion as to why in the world the (domain joined) workstations were still able to ping the servers by hostname, while the other (non domain joined) computers on the exact same subnet were not able to.

so heres my question: how do we best resolve this issue?


do we allow the vlans to "forward net directed broadcasts", in essence undoing alot of the layer 3 segmentation by allowing IP layer broadcasts to flow across subnets

or

do we somehow find a different way to put hosts like the servers in the path of the net directed broadcasts (for example, by multihoming them and placing them physically in each VLAN/Subnet, or, with an 802.1q NIC)

or

do we find someway of allowing laptops that arent joined to the domain to authenticate the same way as domain joined computers in DNS and thus get added to the DNS servers host records?

-----
"What happens when you try to ping? No response or could not find host?"

could not find host

"Do you have anything configured on the local machines as far as DNS suffixes go?"

no. well, not on any of the machines that are not joined to the domain, no. any of the machines that are joined to the domain have the normal xxxxx.local suffix


"If you do and its different from the zones configured on the DNS server you won't be able to resolve names. Also static or dynamic IP's? What is DHCP giving our for DNS IP addresses?"

dynamic IPs. the DHCP server is giving out its own address as the DNS ip, because it is both DHCP and DNS.

from inside of the other VLAN/Subnet, i can ping the DNS server by IP just fine (our layer 3 switch is routing the vlans correctly), but i cannot ping it by hostname.

if i do an nslookup, i cannot resolve any of the hostnames that are for sure in DNS, but oddly enough, i can resolve the overall .local

pasted below:
----


> google.com
Server: UnKnown
Address: 10.0.2.2

Non-authoritative answer:
Name: google.com
Addresses: 74.125.45.100, 74.125.67.100, 74.125.53.100

> xxxxxx.local
Server: UnKnown
Address: 10.0.2.2

Name: xxxxxx.local
Addresses: 10.10.10.1, 10.0.2.2, 10.0.2.3, (public IP removed)

 

[drewdown]

Well google.com and an internal hostname are handled differently. Your DNS has root hints that it can query for external zones currently not configured on your DNS server.

They shouldn't have to be part of the domain to resolve names on the domain, as long as their DNS server is set to your internal DNS server it should work.

If your zone is set to secure updates only it will not allow the non-domain computers update their hostname and/or resolve names inside the domain. Check DHCP > scope > properties > DNS.