DNS Questioss...

  • Thread starter Thread starter Robert
  • Start date Start date
R

Robert

Hello All..

If i have my own DNS server (Running W2kSP4) and i want to ping a public IP
across the internet (VPN) which record do i add into the DNS server.

Theses are 2 offices that need to establish a trust relationship between 2
domains.

the first Step is properly working DNS.

Robert
 
Not sure if I understand your question, so please correct me if I'm wrong.
You don't add anything to DNS if you just want to ping an IP. I presume you
want to ping an internal IP on the remote network to see if your VPN is
established? VPN !=DNS....first step is to establish the VPN tunnel and IP
connectivity. Name resolution comes later.
 
There are two ways for YOUR DNS servers to assist in resolution of
public names:

1) direct recursion from the root down by your server
2) forwarding to another DNS server that does the resolution

Typically the latter is better for AD supporting DNS since it is really a
security vulnerability to have an internal DNS server (maybe even a DC)
capable of visiting the entire Internet.

So usually you forward to a firewall, or ISP DNS server to do the actual
recursion from the top down (using Root Hints or aka, Cache File of the
root servers.)
 
Now that i better understand the problem...

I am tryin to setup a Trust between 2 windows 2000 servers.

domain1: domain.local domain2: tech.local

These are 2 seperate domains that each have there own AD Forest.

These domains are on the same physical network the 10.10.1.0/255.255.255.0
network

But they are completely different domains different active directory etc...

I have a one way trust established...

tech.local >> domain.local

and i need to establish the other side of the trust... domain.local >>
tech.local

So I can ping all the servers by name they resolve just fine...

I can even setup IPSEC policies between the 2 systems.... (The policies are
disabled, and I tried to establish trust before i even touched IPSEC)

I know this is some kinda of DNS issue that can be solved with a LMHOSTS
file but i just cant seem to crack it...

I would like to think that i have a basic to intermediate level of
understanding WIN2000 Server... Apparently Not... I dont see why this is
such an issue...

Any Suggestions...



Robert
 
Robert said:
Now that i better understand the problem...
I am tryin to setup a Trust between 2 windows 2000 servers.
domain1: domain.local domain2: tech.local
Click to expand...

Actually between DOMAINS (not servers) but the servers are the medium
for doing it.
These are 2 seperate domains that each have there own AD Forest.
Click to expand...

If they were the same forest you wouldn't likely need the trusts since
within
a forest they already have an effective and automatic trust.
These domains are on the same physical network the 10.10.1.0/255.255.255.0
network
But they are completely different domains different active directory
Click to expand...
etc...

That is the definition of "different domains": different AD and vice versa.
I have a one way trust established...
tech.local >> domain.local

and i need to establish the other side of the trust... domain.local >>
tech.local

So I can ping all the servers by name they resolve just fine...
Click to expand...

They find each other for trust purposes usually by NETBIOS but since you
are on a "Single cable" (IP subnet) you shouldn't have an issue since
broadcasts
will work.

With routers in between you would likely need WINS (servers)
I can even setup IPSEC policies between the 2 systems.... (The policies are
disabled, and I tried to establish trust before i even touched IPSEC)
Click to expand...

That sounds wrong unless you are using either CERTIFICATES or "Preshared
secret (password)" for the authentication. The default of Kerberos will NOT
work without the trusts (or a similar Kerberos setup.)
I know this is some kinda of DNS issue that can be solved with a LMHOSTS
file but i just cant seem to crack it...
Click to expand...

LMHosts is a NETBIOS (not DNS) feature. And it MAY be a NetBIOS issue
but shouldn't be on a single cable.
I would like to think that i have a basic to intermediate level of
understanding WIN2000 Server... Apparently Not... I dont see why this is
such an issue...
Click to expand...

It's not obvious -- but it's not very hard either once we figure out your
exact
problem.
 
Hello All,

This may help:

179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442

Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top