Missing Forwarders

[Guest]

Status: Closed network, multiple domains, each with its own DNS DC. Root
zones all deleted. Root Hint Internet root addresses all deleted. All sites
use Cisco gateway routers for WAN access.

Task: Connecting a new DNS DC to adjacent established domain's dns DCs. The
forwarders list has been populated with all of these DCs IP addresses. Same
for root hints.

Problem: In DNS, when I "connect to this computer" and I enter in the
computers name, it cannot be found.

Hints: I ran network monitor during the search and found that DNS was only
querying the 1st 2 entries in the fowarders list and then stops. Remaining
fowarder IPs were never queried.

Answers: Any ideas anyone?

 

[Herb Martin]

Status: Closed network, multiple domains, each with its own DNS DC. Root
zones all deleted. Root Hint Internet root addresses all deleted. All sites
use Cisco gateway routers for WAN access.

Task: Connecting a new DNS DC to adjacent established domain's dns DCs. The
forwarders list has been populated with all of these DCs IP addresses. Same
for root hints.

Do I understand correctly you have your OWN DNS hierarchy
or does each (internal) DNS have EVERY zone for your company?

Forwarders cannot be used from a DNS server unless
that DNS server contains ALL (internal) DNS zones not
handled by the forwarders.

If the forwarders return NXDomain then no other
DNS servers will be tested (even if you were to also
be using root hints.)

[I have rigged a BIND server to refuse the request
rather than return NXDomain but that is a special case.]

Problem: In DNS, when I "connect to this computer" and I enter in the
computers name, it cannot be found.

So start with NSLookup (or a substitute command) and
test each of your DNS servers to see which is not finding
it.

Do this from both the clients and the DNS servers.

Hints: I ran network monitor during the search and found that DNS was only
querying the 1st 2 entries in the fowarders list and then stops. Remaining
fowarder IPs were never queried.

You cannot expect a DNS server to query "extra DNS servers"
in the forwarders list IF the first one(s) answer, even if that
answer is NEGATIVE (i.e., NXDomain).

Answers: Any ideas anyone?

Neither clients NOR DNS server can use a mixture of DNS
servers (for client settings NOR forwarders) from different
disparate name spaces.

Clients AND the Forwarders tab assume that ALL listed
DNS servers will return the SAME (and correct) answers.
[/QUOTE]

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Status: Closed network, multiple domains, each with its
own DNS DC. Root zones all deleted. Root Hint Internet
root addresses all deleted. All sites use Cisco gateway
routers for WAN access.

Task: Connecting a new DNS DC to adjacent established
domain's dns DCs. The forwarders list has been populated
with all of these DCs IP addresses. Same for root hints.

Do I understand correctly you have your OWN DNS hierarchy
or does each (internal) DNS have EVERY zone for your
company?

Forwarders cannot be used from a DNS server unless
that DNS server contains ALL (internal) DNS zones not
handled by the forwarders.

If the forwarders return NXDomain then no other
DNS servers will be tested (even if you were to also
be using root hints.)

[I have rigged a BIND server to refuse the request
rather than return NXDomain but that is a special case.]

Problem: In DNS, when I "connect to this computer" and I
enter in the computers name, it cannot be found.

So start with NSLookup (or a substitute command) and
test each of your DNS servers to see which is not finding
it.

Do this from both the clients and the DNS servers.

Hints: I ran network monitor during the search and found
that DNS was only querying the 1st 2 entries in the
fowarders list and then stops. Remaining fowarder IPs
were never queried.

You cannot expect a DNS server to query "extra DNS
servers"
in the forwarders list IF the first one(s) answer, even
if that answer is NEGATIVE (i.e., NXDomain).

Answers: Any ideas anyone?

Neither clients NOR DNS server can use a mixture of DNS
servers (for client settings NOR forwarders) from
different disparate name spaces.

Clients AND the Forwarders tab assume that ALL listed
DNS servers will return the SAME (and correct) answers.

He can do this without forwarders, but he will have to create a new root "."
zone, then delegate all the domains to the proper DNS server. If there is no
internet access at all this will work fine and it disables forwarders. If he
want limited internet access to only certain domains he can delegate those,
too.
The advantage to this is he can create a single root zone and transfer a
secondary zone to all other DNS servers in his forest so that he has full
control over all DNS resolution.

 

[Herb Martin]

He can do this without forwarders, but he will have to create a new root
"."

zone, then delegate all the domains to the proper DNS server. If there is no
internet access at all this will work fine and it disables forwarders. If he
want limited internet access to only certain domains he can delegate those,
too.

That's true and good advice since he doesn't need
Internet resolution.

He can also do it with cross secondaries or a similar
scheme.

The advantage to this is he can create a single root zone and transfer a
secondary zone to all other DNS servers in his forest so that he has full
control over all DNS resolution

--
Herb Martin

In

Status: Closed network, multiple domains, each with its
own DNS DC. Root zones all deleted. Root Hint Internet
root addresses all deleted. All sites use Cisco gateway
routers for WAN access.

Task: Connecting a new DNS DC to adjacent established
domain's dns DCs. The forwarders list has been populated
with all of these DCs IP addresses. Same for root hints.

Do I understand correctly you have your OWN DNS hierarchy
or does each (internal) DNS have EVERY zone for your
company?

Forwarders cannot be used from a DNS server unless
that DNS server contains ALL (internal) DNS zones not
handled by the forwarders.

If the forwarders return NXDomain then no other
DNS servers will be tested (even if you were to also
be using root hints.)

[I have rigged a BIND server to refuse the request
rather than return NXDomain but that is a special case.]

Problem: In DNS, when I "connect to this computer" and I
enter in the computers name, it cannot be found.

So start with NSLookup (or a substitute command) and
test each of your DNS servers to see which is not finding
it.

Do this from both the clients and the DNS servers.

Hints: I ran network monitor during the search and found
that DNS was only querying the 1st 2 entries in the
fowarders list and then stops. Remaining fowarder IPs
were never queried.

You cannot expect a DNS server to query "extra DNS
servers"
in the forwarders list IF the first one(s) answer, even
if that answer is NEGATIVE (i.e., NXDomain).

Answers: Any ideas anyone?

Neither clients NOR DNS server can use a mixture of DNS
servers (for client settings NOR forwarders) from
different disparate name spaces.

Clients AND the Forwarders tab assume that ALL listed
DNS servers will return the SAME (and correct) answers.

He can do this without forwarders, but he will have to create a new root "."
zone, then delegate all the domains to the proper DNS server. If there is no
internet access at all this will work fine and it disables forwarders. If he
want limited internet access to only certain domains he can delegate those,
too.
The advantage to this is he can create a single root zone and transfer a
secondary zone to all other DNS servers in his forest so that he has full
control over all DNS resolution.