AHH DNS is making me CRAZY

Ok I am trying to setup a virtual test lab as indicated in several posts. I am trying to mimic the setup Everlife had in the post about Simulating RRAS tasks. Here is what I have done... setup 3 w2k3 servers,

1. (DC) is a DC for domain lab.int. It is also hosting the Primary Forward AD integrated zone for lab.int, and also 2 primary Reverse AD integrated zones for the 2 subnets I am using. (10.0.0.0 /24 and 10.0.1.0 /24)

2. (RRAS) is a RRAS server using RIP for routing

3. (CHILDDC) is a RRAS server using RIP for routing. It is hosting the Primary Foward zone for child.lab.int, and a stub zone for lab.int. It is hosting 2 stub zones for the reverse lookups as well.

When I am on the Childdc & RRAS servers I can ping everything by hostname and IP alike, no problems. But when I am DC I can only ping hostnames in lab.int. I cant ping the childdc server by hostname, only by IP address.

This is preventing me from promoting Childdc to a domain controller for a new child domain. What am I missing here??

Find more posts tagged with

Comments

slinuxuzer

Look at the dc for lab.int look under the zone lab.int and there should be a sub folder named child. If there isnt this is your problem.

If there is see if the A records your trying to resolve to are in that child zone, if this sub folder isn't there then setup conditional forwarding as a test to see if you can get resolution to the child domain.

Is the child domain in a differnt subnet? if so you need to ping computer.child.lab.int (fully qualified domain name) pinging just by machine name won't work if the machines are in different subnets.

This is becuase when you ping by flat netbios name "DC" you are using broadcast resolution, and if you use the FQDN you force dns resolution. Broadcast traffic will be confined to the local subnet and will not (under normal circumstances) cross a router or any other layer three device.

Also remeber to Ipconfig /flushdns after you have had a negative response otherwise you will get the negatively cached record out of the local dns resolver cache until your reboot or the record expires.

Hope this helps!

royal

slinuxuzer wrote:

This is becuase when you ping by flat netbios name "DC" you are using broadcast resolution, and if you use the FQDN you force dns resolution. Broadcast traffic will be confined to the local subnet and will not (under normal circumstances) cross a router or any other layer three device.

This is partially correct. Starting in Windows 2000 which gives preference to the dns client over netbios, if you try pinging by a netbios name, the dns client will try resolution first and always use the dns suffix search list and append that to the ping. It'll append the primary dns suffix if there is no custom dns suffix search list. If the dns client fails, it'll hand over control to the netbios client. So technically, even if you're pinging a netbios name, it'll still look through dns first.

Also, slinuxuzer is correct about the problem. Your parent domain doesn't have a delegation or stub zone for the child domain so how would it be able to resolve anything in the child domain's authoritative dns servers if it doesn't know where it is?

slinuxuzer

yeah, I used to know that about the resolution order, thats why when you ping by netbios names sometimes you get back a reply with the FQDN.

Tommy_D

Ok I am confused now... if its just a stand alone server right now, what would its FQDN be? childdc.child.lab.int ? I try this but get nothing. What you said makes sense, only why does everything work from the RRAS server and not the DC server? The RRAS and DC are on the 10.0.0.0 subnet and the ChildDC server is on the 10.0.1.0 subenet

Tommy_D

Or did I just miss the step where I am supposed to use the main DNS server on my ChildDC, make it a domain controller, THEN setup DNS on the child DC?

royal

Have your DC for lab.int host a stub zone for child.lab.int.

You can then create an A record in whichever DNS zone you want as they will be able to query each other.

Tommy_D

Ok I got it to work. After reading some KB, it appears the step I missed is delegating the domain inside the original lab.int dns forward lookup zone. Does that sound correct? 1 more question, I have secondary reverse zones setup on the Childdc, do I HAVE to have these there, or is the primary enough?

royal

That's what we just told you to do 3 times!

Tommy_D

I missed the term, "delegation". I have never had to do this before on the job, lol I am feeling so lost.

I am just trying to make sure and do it "Microsoft Way" that way I can know how to approach the test questions.