You're still not making sense, to me anyway.
Let me restate our respective claims:
My claim: The first online nameserver of each network adapter is tried, in
turn, until one of them resolves the name.
Your claim: Only the first online nameserver will be attempted to resolve a
name. Once the nameserver of *any* adapter returns an IP address, or an
NXDOMAIN, resolution attempts stop. (if that is not your claim, then I
misread your point a long time ago...)
In my situation:
a.com = local AD TLD, whose AD DNS is ns.a.com, assigned to LAN adapter
b.com = remote AD TLD, whose AD DNS is ns.b.com, assigned to PPP adapter
Both ns.a.com and ns.b.com resolve public names.
Both a.com and b.com are also defined in public DNSs.
Given these results:
1. Ping a.com - public IP of a.com is returned - resolved by ns.b.com
(because ns.a.com would not have returned a public IP).
2. NSLOOKUP server.a.com using ns.b.com - returns NXDOMAIN ('set debug'
tells me so).
3. Ping server.a.com - private IP is returned - resolved by ns.a.com
My conclusions:
b.com's nameservers are tried first due to result (1) above.
a.com's nameservers are resolving names AFTER an NXDOMAIN is returned by
ns.a.com.
This proves my claim as stated above.
I won't belabor the point after your next response, whatever it happens to
be. You may have the last word.
Carl
-----Original Message-----
From: Ben Scott [mailto:[email protected]]
Sent: Saturday, December 13, 2008 2:35 PM
To: NT System Admin Issues
Subject: Re: Lose access to local domain servers when connected w/VPN to
remote / different Windows domain
On Sat, Dec 13, 2008 at 11:01 AM, Carl Houseman <[email protected]>
wrote:
> I'll let you explain them however you like!
I don't have enough information to explain anything definitively,
I'm afraid. :)
> A local LAN adapter references one Windows AD DNS - TLD= a.com
Just so you know, TLD is "Top Level Domain", which means <com.>,
<net.>, <us.>, and the like. <a.com.> or <example.com.> would be 2LD,
"Second Level Domain".
> Based on what you've said, an NXDOMAIN response was not returned - because
> the domain did exist, only the hostname was not found.
At least one of us is confused in the above. :) If I understand
what you mean correctly, it sounds like things are working exactly as
I described: A query for the 2LD domain returned DNS resource records
("domain did exist"), but the domain name for the server resulted in
NXDOMAIN ("hostname was not found").
Understand that in DNS, there is no such thing as a "hostname". All
names are domain names. <com.> is a domain name. <example.com.> is a
domain name. <server.example.com.> is a domain name.
<www.example.com.> is a domain name. NXDOMAIN is returned by a
nameserver when a query is received for a domain name which said
nameserver knows not to exist, regardless of whether said domain is a
TLD, 2LD, or the domain name assigned to a server. :)
This is in contrast to Active Directory, where a "domain name" is an
entity which groups objects (computers, users, etc.) within an AD
forest, but is not itself a single computer. AD clients use DNS
domain names to locate AD Domain Controllers. Thus, confusingly,
while every AD domain name has a DNS domain name, every AD member
computer name has a DNS domain name, too.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
