AHH DNS is making me CRAZY
Tommy_D
Member Posts: 47 ■■□□□□□□□□
Ok I am trying to setup a virtual test lab as indicated in several posts. I am trying to mimic the setup Everlife had in the post about Simulating RRAS tasks. Here is what I have done... setup 3 w2k3 servers,
1. (DC) is a DC for domain lab.int. It is also hosting the Primary Forward AD integrated zone for lab.int, and also 2 primary Reverse AD integrated zones for the 2 subnets I am using. (10.0.0.0 /24 and 10.0.1.0 /24)
2. (RRAS) is a RRAS server using RIP for routing
3. (CHILDDC) is a RRAS server using RIP for routing. It is hosting the Primary Foward zone for child.lab.int, and a stub zone for lab.int. It is hosting 2 stub zones for the reverse lookups as well.
When I am on the Childdc & RRAS servers I can ping everything by hostname and IP alike, no problems. But when I am DC I can only ping hostnames in lab.int. I cant ping the childdc server by hostname, only by IP address.
This is preventing me from promoting Childdc to a domain controller for a new child domain. What am I missing here??
:
1. (DC) is a DC for domain lab.int. It is also hosting the Primary Forward AD integrated zone for lab.int, and also 2 primary Reverse AD integrated zones for the 2 subnets I am using. (10.0.0.0 /24 and 10.0.1.0 /24)
2. (RRAS) is a RRAS server using RIP for routing
3. (CHILDDC) is a RRAS server using RIP for routing. It is hosting the Primary Foward zone for child.lab.int, and a stub zone for lab.int. It is hosting 2 stub zones for the reverse lookups as well.
When I am on the Childdc & RRAS servers I can ping everything by hostname and IP alike, no problems. But when I am DC I can only ping hostnames in lab.int. I cant ping the childdc server by hostname, only by IP address.
This is preventing me from promoting Childdc to a domain controller for a new child domain. What am I missing here??
:
Comments
If there is see if the A records your trying to resolve to are in that child zone, if this sub folder isn't there then setup conditional forwarding as a test to see if you can get resolution to the child domain.
Is the child domain in a differnt subnet? if so you need to ping computer.child.lab.int (fully qualified domain name) pinging just by machine name won't work if the machines are in different subnets.
This is becuase when you ping by flat netbios name "DC" you are using broadcast resolution, and if you use the FQDN you force dns resolution. Broadcast traffic will be confined to the local subnet and will not (under normal circumstances) cross a router or any other layer three device.
Also remeber to Ipconfig /flushdns after you have had a negative response otherwise you will get the negatively cached record out of the local dns resolver cache until your reboot or the record expires.
Hope this helps!
This is partially correct. Starting in Windows 2000 which gives preference to the dns client over netbios, if you try pinging by a netbios name, the dns client will try resolution first and always use the dns suffix search list and append that to the ping. It'll append the primary dns suffix if there is no custom dns suffix search list. If the dns client fails, it'll hand over control to the netbios client. So technically, even if you're pinging a netbios name, it'll still look through dns first.
Also, slinuxuzer is correct about the problem. Your parent domain doesn't have a delegation or stub zone for the child domain so how would it be able to resolve anything in the child domain's authoritative dns servers if it doesn't know where it is?
You can then create an A record in whichever DNS zone you want as they will be able to query each other.
I am just trying to make sure and do it "Microsoft Way" that way I can know how to approach the test questions.