Hello all. I am sure that someone with a good DNS background etc. might be able to give me a hand. I have a one forest network containing two separate leaf domains (domain A, and domain B). Each of these domains have a DNS forwarder pointed to an external DNS server to get to the internet for microsoft updates etc., this works fine. The DC in domain A can ping the DC in domain B. The DC in domain B cannot ping the DC in domain A (ping request cannot find host dc01.a.local) . There is definitely a DNS issue, and I am having an issue with the trust (DNS issue). I need to be able to set up a trust between these two domains. Both servers are Server 2008 and are in a mockup. I am in a pickle and need to get this resolved.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Need assistance with DNS/Trust issue.
- Thread starter zalaska
- Start date
Please post the IPCONFIGs of both servers.
Generally speaking, the DNS servers in one domain need to know where to go to resolves names in the other domain, and since the domains are internal (assuming) then the external DNS doesn't know anything about it (which is as it should be). You just need to tell each domain/DNS server where to go.
I typically use stub zones in this situation. Create a stub zone on the DNS server for DomainA that points to the DNS servers for DomainB. Create a sub zone on the DNS server for DomainB that points to the DNS servers for DomainA. After that they should be able to resolve just fine. What this will do is cause the DNS server in one domain to contact the DNS servers in the other domain any time that it needs to resolve a name. For smaller networks this is more than sufficient, but with larger networks it can result in a lot of additional DNS traffic.
In those larger networks you will probably want to use a secondary zone instead of a stub zone. A server with secondary zone gets a copy of the zone file from the primary DNS server so that it does not have to constantly query other DNS servers for the correct information, but by doing so you increase the chances of the zone data being outdated.
________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
Generally speaking, the DNS servers in one domain need to know where to go to resolves names in the other domain, and since the domains are internal (assuming) then the external DNS doesn't know anything about it (which is as it should be). You just need to tell each domain/DNS server where to go.
I typically use stub zones in this situation. Create a stub zone on the DNS server for DomainA that points to the DNS servers for DomainB. Create a sub zone on the DNS server for DomainB that points to the DNS servers for DomainA. After that they should be able to resolve just fine. What this will do is cause the DNS server in one domain to contact the DNS servers in the other domain any time that it needs to resolve a name. For smaller networks this is more than sufficient, but with larger networks it can result in a lot of additional DNS traffic.
In those larger networks you will probably want to use a secondary zone instead of a stub zone. A server with secondary zone gets a copy of the zone file from the primary DNS server so that it does not have to constantly query other DNS servers for the correct information, but by doing so you increase the chances of the zone data being outdated.
________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
- Status
