Al, Good questions all. The server isn't running anything to my knowledge besides DNS and WINS. I believe that it was that sites DC before they migrated to our central AD which they are just now deploying there.
I'm not getting they timeout error any more, I'm receiving a non-authorative response. (I do run the testing feature in the DNS MMC and it returned successfully on both tests, but I'm not sure if that means a true request won't time out.) I don't know why DNS1 is deployed, politics and all that. It's just became my problem when they are no longer able to find my servers and I need to provide rational to my boss as to why this server is breaking things. I can't say they that they need to remove it without giving them technical reasons as to why. I think is weird as well. When you say what about permissions, which ones are you referring to? I know that the security on this box isn't the same as the DNS servers on the DCs. I also believe that the DNS on the domain1.rootdomain.com was supposed to be AD integrated, but the DNS on the DNS1 box is obviously a secondary DNS server. (Oh, and I can access the DNS on DNS1 but not on the domain controllers using the MMC so I know the security is different, I just don't know what detail you are asking about. Charlie -----Original Message----- From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:30 AM To: [email protected] Subject: RE: [ActiveDir] DNS Issue I don't think that would solve the issue to be totally honest. I think the problem is more to do with DNS1.Domain1.rootdomain.com and possibly a time-out or other weirded out configuration. To clarify: What software is DNS1 running? Are you just timing out in your query causing the failures? Why is DNS1 deployed in the first place? What purpose does it serve in that environment? Why does DNS1 forward to a host that hosts the same domain it does? That's weird to me. I realize it hosts other domains, but it's silly and inefficient to do things that way. What about permissions? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Tuesday, August 02, 2005 10:11 AM To: [email protected] Subject: Re: [ActiveDir] DNS Issue In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues > and I was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our > domains are divided for divisions who all operate individually (with > the exception of the root of course.) We have shared resources in > each others domains that we all need to and some of our DNS isn't work > and some of it is. I know why things aren't working but at times I'm > not sure why it is. Very confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it > is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has > a number of zones configured including the _msdcs.rootdomain.com zone > (for forwarding forest traffic lookup and they forward all other > traffic to their internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers > and they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with > forwards to rootdomain.com with the IP address of the rootdomain DNS > servers and then all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they > are using the dns2.domain1.rootdomain.com server they are unable to > find all of the servers in the domain2.rootdomain.com domain. > Although I think the approach of domain1 isn't what I would consider > optimal because I prefer AD integrated DNS, I would still think that > with the extra hop these server should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com PC > queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com > dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, > cannot find it, it forwards to rootdomain.com rootdomain.com then > forwards request to dc.domain2.rootdomain.com, which returns the IP > address of srv2.domain2.rootdomain.com > > Maybe this is too confusing to put in an e-mail or maybe I didn't word > it right. But if I did, does this sound correct. > > I do know that when I have the PCs at that site1 change their DNS > servers from the dns1.domain1.rootdomain.com to > dc.domain1.rootdomain.com and try to query they are able to get to my > servers. I'm wondering if we just need to add a few more forward > lookup for the rootdomain.com or add the _msdcs.rootdomain.com to that > servers DNS? > > Wow, I'm long winded today. > > Charlie > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
