Child domain DNS problem

[Jack]

Hi

I setup a test environment for a parent and child domain testing. As my firm
is going to implement VPN connection with a remote office.

I have three computer on the testing environment, the first one is a win2k
server which is the DC and exchange server for the parent domain, the second
one is a win2k server which is the DC for the child domain and the last
computer is a winxp pro which is a client computer in the child domain.

I setup a route between the parent and child domain to simulate the VPN
connection. I have no problem to add the child domain to the forest and the
exchange is working fine for the both parent and child domain.

For the DNS setting, I setup a delegation for the child domain on the parent
domains DNS server when I join the child to domain to the forest.

When this process complete I add secondary zone into the child domain's DNS
server and which is point to the parent domain's DNS server, and I do the
same thing in the parent domain's DNS server to add the child's domain DNS
into secondary zone. Then I connect the child domain to the internet which
is connected to a broadband router, I setup a forwarder in the child
domain's DNS server and add the ISP's DNS in there.

However, when I try to make a connection to internet from child domain's
server or client computer, it fail.
I run a tracert, the result show that the name resolution request has been
forwarded to the parent domain's DNS server. Therefore, the name can't be
resolve.
It looks like the forwarder is not working.

Is anyone have ideas on why the forwarder is not functioning?

Thanks

Jack

 

[Deji Akomolafe]

How did tracert show you that the query was forwarded to the parent DNS
server?
Did you remember to delete the "." zone on the DNS servers? The forwarders
option will not be available unless you delete the "." zone. Also, without
doing this, no external record will be resolved (OK, Kevin, I know, I know
)

Do you want the Child DNS server to do the resolution or do you want it to
forward all non-local queries to the Parent DNS server? You configure
forwarding on the "Forwarders" tab in DNS (on the Servername's Properties
tab). If you want the child to do the lookup directly, don't put anything on
the "forwarders" field, otherwise enter the IP address of the parent DNS
server, or even that of your ISP.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Jack]

Hi Deji

Thanks for you advice!

I already delete the "."zone. I know that if the "." is on the DNS server
the forwarder will not working.

The tracert result show that first hop is the IP address of the parent
domain's DNS server
Then all packet lost after the point. ( as the parent domain's hasn't
connection to internet )

I would like the Child DNS to do the resolution ( with in the same forest )
and forward all non-local queries( internet request ) to ISP DNS server.
Is it possibe to setup something like that on my current structure.

Thanks

Jack

 

[Deji Akomolafe]

The tracert shows you your Default Gateway and the rest of the hops you have
to cross to get to the destination. Unless this DNS server is also a router
(e.g. ISA server), it should not be showing up in your tracert.
Yes. You just put in the IP address of your ISP DNS server on the
"Forwarders" tab of your child DNS server. However, I would seriously
recommend that you let the child forward to your parent and let you parent
forward to the ISP. If you were using Win2K3 DNS, there is conditional
fowarding available whereby you can configure the Child to forward external
queries to the ISP and forward parent records to the parent DNS server.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Ace Fekay [MVP]]

In

The tracert shows you your Default Gateway and the rest of the hops
you have to cross to get to the destination. Unless this DNS server
is also a router (e.g. ISA server), it should not be showing up in
your tracert.

Yes. You just put in the IP address of your ISP DNS server on the
"Forwarders" tab of your child DNS server. However, I would seriously
recommend that you let the child forward to your parent and let you
parent forward to the ISP. If you were using Win2K3 DNS, there is
conditional fowarding available whereby you can configure the Child
to forward external queries to the ISP and forward parent records to
the parent DNS server.


Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

I would suggest to keep the forwarder to the parent. That's how the child
will resolve the parent and the rest of the infrastructure, that is if I
understand that Jack's delegation to the child is configured correctly.

Conditional forwarding, great feature in Win2003!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.