Child domain DNS problem

[Jack]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi

I setup a test environment for a parent and child domain testing. As my firm
is going to implement VPN connection with a remote office.

I have three computer on the testing environment, the first one is a win2k
server which is the DC and exchange server for the parent domain, the second
one is a win2k server which is the DC for the child domain and the last
computer is a winxp pro which is a client computer in the child domain.

I setup a route between the parent and child domain to simulate the VPN
connection. I have no problem to add the child domain to the forest and the
exchange is working fine for the both parent and child domain.

For the DNS setting, I setup a delegation for the child domain on the parent
domains DNS server when I join the child to domain to the forest.

When this process complete I add secondary zone into the child domain's DNS
server and which is point to the parent domain's DNS server, and I do the
same thing in the parent domain's DNS server to add the child's domain DNS
into secondary zone. Then I connect the child domain to the internet which
is connected to a broadband router, I setup a forwarder in the child
domain's DNS server and add the ISP's DNS in there.

However, when I try to make a connection to internet from child domain's
server or client computer, it fail.
I run a tracert, the result show that the name resolution request has been
forwarded to the parent domain's DNS server. Therefore, the name can't be
resolve.
It looks like the forwarder is not working.

Is anyone have ideas on why the forwarder is not functioning?

Thanks

Jack

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

How did tracert show you that the query was forwarded to the parent DNS
server?

>>> Is anyone have ideas on why the forwarder is not functioning?
Did you remember to delete the "." zone on the DNS servers? The forwarders
option will not be available unless you delete the "." zone. Also, without
doing this, no external record will be resolved (OK, Kevin, I know, I know
)

Do you want the Child DNS server to do the resolution or do you want it to
forward all non-local queries to the Parent DNS server? You configure
forwarding on the "Forwarders" tab in DNS (on the Servername's Properties
tab). If you want the child to do the lookup directly, don't put anything on
the "forwarders" field, otherwise enter the IP address of the parent DNS
server, or even that of your ISP.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"Jack" <tak22@hotmail.com> wrote in message
news:#OSiJAqpEHA.2864@TK2MSFTNGP12.phx.gbl...
> Hi
>
> I setup a test environment for a parent and child domain testing. As my
firm
> is going to implement VPN connection with a remote office.
>
> I have three computer on the testing environment, the first one is a win2k
> server which is the DC and exchange server for the parent domain, the
second
> one is a win2k server which is the DC for the child domain and the last
> computer is a winxp pro which is a client computer in the child domain.
>
> I setup a route between the parent and child domain to simulate the VPN
> connection. I have no problem to add the child domain to the forest and
the
> exchange is working fine for the both parent and child domain.
>
> For the DNS setting, I setup a delegation for the child domain on the
parent
> domains DNS server when I join the child to domain to the forest.
>
> When this process complete I add secondary zone into the child domain's
DNS
> server and which is point to the parent domain's DNS server, and I do the
> same thing in the parent domain's DNS server to add the child's domain DNS
> into secondary zone. Then I connect the child domain to the internet which
> is connected to a broadband router, I setup a forwarder in the child
> domain's DNS server and add the ISP's DNS in there.
>
> However, when I try to make a connection to internet from child domain's
> server or client computer, it fail.
> I run a tracert, the result show that the name resolution request has been
> forwarded to the parent domain's DNS server. Therefore, the name can't be
> resolve.
> It looks like the forwarder is not working.
>
> Is anyone have ideas on why the forwarder is not functioning?
>
> Thanks
>
> Jack
>
>
>

 

[Jack]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Deji

Thanks for you advice!

I already delete the "."zone. I know that if the "." is on the DNS server
the forwarder will not working.

The tracert result show that first hop is the IP address of the parent
domain's DNS server
Then all packet lost after the point. ( as the parent domain's hasn't
connection to internet )

I would like the Child DNS to do the resolution ( with in the same forest )
and forward all non-local queries( internet request ) to ISP DNS server.
Is it possibe to setup something like that on my current structure.

Thanks

Jack

"Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
news:OfJPfcrpEHA.324@TK2MSFTNGP11.phx.gbl...
> How did tracert show you that the query was forwarded to the parent DNS
> server?
>
> >>> Is anyone have ideas on why the forwarder is not functioning?
> Did you remember to delete the "." zone on the DNS servers? The forwarders
> option will not be available unless you delete the "." zone. Also, without
> doing this, no external record will be resolved (OK, Kevin, I know, I know
> )
>
> Do you want the Child DNS server to do the resolution or do you want it to
> forward all non-local queries to the Parent DNS server? You configure
> forwarding on the "Forwarders" tab in DNS (on the Servername's Properties
> tab). If you want the child to do the lookup directly, don't put anything
on
> the "forwarders" field, otherwise enter the IP address of the parent DNS
> server, or even that of your ISP.
>
> --
> Sincerely,
>
> Dèjì Akómöláfé, MCSE MCSA MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - COMPLETE SPAM Protection
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
>
>
> "Jack" <tak22@hotmail.com> wrote in message
> news:#OSiJAqpEHA.2864@TK2MSFTNGP12.phx.gbl...
> > Hi
> >
> > I setup a test environment for a parent and child domain testing. As my
> firm
> > is going to implement VPN connection with a remote office.
> >
> > I have three computer on the testing environment, the first one is a
win2k
> > server which is the DC and exchange server for the parent domain, the
> second
> > one is a win2k server which is the DC for the child domain and the last
> > computer is a winxp pro which is a client computer in the child domain.
> >
> > I setup a route between the parent and child domain to simulate the VPN
> > connection. I have no problem to add the child domain to the forest and
> the
> > exchange is working fine for the both parent and child domain.
> >
> > For the DNS setting, I setup a delegation for the child domain on the
> parent
> > domains DNS server when I join the child to domain to the forest.
> >
> > When this process complete I add secondary zone into the child domain's
> DNS
> > server and which is point to the parent domain's DNS server, and I do
the
> > same thing in the parent domain's DNS server to add the child's domain
DNS
> > into secondary zone. Then I connect the child domain to the internet
which
> > is connected to a broadband router, I setup a forwarder in the child
> > domain's DNS server and add the ISP's DNS in there.
> >
> > However, when I try to make a connection to internet from child domain's
> > server or client computer, it fail.
> > I run a tracert, the result show that the name resolution request has
been
> > forwarded to the parent domain's DNS server. Therefore, the name can't
be
> > resolve.
> > It looks like the forwarder is not working.
> >
> > Is anyone have ideas on why the forwarder is not functioning?
> >
> > Thanks
> >
> > Jack
> >
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

The tracert shows you your Default Gateway and the rest of the hops you have
to cross to get to the destination. Unless this DNS server is also a router
(e.g. ISA server), it should not be showing up in your tracert.

>>> Is it possibe to setup something like that on my current structure.
Yes. You just put in the IP address of your ISP DNS server on the
"Forwarders" tab of your child DNS server. However, I would seriously
recommend that you let the child forward to your parent and let you parent
forward to the ISP. If you were using Win2K3 DNS, there is conditional
fowarding available whereby you can configure the Child to forward external
queries to the ISP and forward parent records to the parent DNS server.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Jack" <tak22@hotmail.com> wrote in message
news:#v4bUnrpEHA.2696@TK2MSFTNGP15.phx.gbl...
> Hi Deji
>
> Thanks for you advice!
>
> I already delete the "."zone. I know that if the "." is on the DNS server
> the forwarder will not working.
>
> The tracert result show that first hop is the IP address of the parent
> domain's DNS server
> Then all packet lost after the point. ( as the parent domain's hasn't
> connection to internet )
>
> I would like the Child DNS to do the resolution ( with in the same
forest )
> and forward all non-local queries( internet request ) to ISP DNS server.
> Is it possibe to setup something like that on my current structure.
>
> Thanks
>
> Jack
>
> "Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
> news:OfJPfcrpEHA.324@TK2MSFTNGP11.phx.gbl...
> > How did tracert show you that the query was forwarded to the parent DNS
> > server?
> >
> > >>> Is anyone have ideas on why the forwarder is not functioning?
> > Did you remember to delete the "." zone on the DNS servers? The
forwarders
> > option will not be available unless you delete the "." zone. Also,
without
> > doing this, no external record will be resolved (OK, Kevin, I know, I
know
> > )
> >
> > Do you want the Child DNS server to do the resolution or do you want it
to
> > forward all non-local queries to the Parent DNS server? You configure
> > forwarding on the "Forwarders" tab in DNS (on the Servername's
Properties
> > tab). If you want the child to do the lookup directly, don't put
anything
> on
> > the "forwarders" field, otherwise enter the IP address of the parent DNS
> > server, or even that of your ISP.
> >
> > --
> > Sincerely,
> >
> > Dèjì Akómöláfé, MCSE MCSA MCP+I
> > Microsoft MVP - Directory Services
> > www.readymaids.com - COMPLETE SPAM Protection
> > www.akomolafe.com
> > Do you now realize that Today is the Tomorrow you were worried about
> > Yesterday? -anon
> >
> >
> > "Jack" <tak22@hotmail.com> wrote in message
> > news:#OSiJAqpEHA.2864@TK2MSFTNGP12.phx.gbl...
> > > Hi
> > >
> > > I setup a test environment for a parent and child domain testing. As
my
> > firm
> > > is going to implement VPN connection with a remote office.
> > >
> > > I have three computer on the testing environment, the first one is a
> win2k
> > > server which is the DC and exchange server for the parent domain, the
> > second
> > > one is a win2k server which is the DC for the child domain and the
last
> > > computer is a winxp pro which is a client computer in the child
domain.
> > >
> > > I setup a route between the parent and child domain to simulate the
VPN
> > > connection. I have no problem to add the child domain to the forest
and
> > the
> > > exchange is working fine for the both parent and child domain.
> > >
> > > For the DNS setting, I setup a delegation for the child domain on the
> > parent
> > > domains DNS server when I join the child to domain to the forest.
> > >
> > > When this process complete I add secondary zone into the child
domain's
> > DNS
> > > server and which is point to the parent domain's DNS server, and I do
> the
> > > same thing in the parent domain's DNS server to add the child's domain
> DNS
> > > into secondary zone. Then I connect the child domain to the internet
> which
> > > is connected to a broadband router, I setup a forwarder in the child
> > > domain's DNS server and add the ISP's DNS in there.
> > >
> > > However, when I try to make a connection to internet from child
domain's
> > > server or client computer, it fail.
> > > I run a tracert, the result show that the name resolution request has
> been
> > > forwarded to the parent domain's DNS server. Therefore, the name can't
> be
> > > resolve.
> > > It looks like the forwarder is not working.
> > >
> > > Is anyone have ideas on why the forwarder is not functioning?
> > >
> > > Thanks
> > >
> > > Jack
> > >
> > >
> > >
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:O2ON4FzpEHA.516@TK2MSFTNGP09.phx.gbl,
Deji Akomolafe <noemail@akomolafe.com> made a post then I commented below
> The tracert shows you your Default Gateway and the rest of the hops
> you have to cross to get to the destination. Unless this DNS server
> is also a router (e.g. ISA server), it should not be showing up in
> your tracert.
>
>>>> Is it possibe to setup something like that on my current structure.
> Yes. You just put in the IP address of your ISP DNS server on the
> "Forwarders" tab of your child DNS server. However, I would seriously
> recommend that you let the child forward to your parent and let you
> parent forward to the ISP. If you were using Win2K3 DNS, there is
> conditional fowarding available whereby you can configure the Child
> to forward external queries to the ISP and forward parent records to
> the parent DNS server.
>
>
> Dèjì Akómöláfé, MCSE MCSA MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon

I would suggest to keep the forwarder to the parent. That's how the child
will resolve the parent and the rest of the infrastructure, that is if I
understand that Jack's delegation to the child is configured correctly.

Conditional forwarding, great feature in Win2003!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================