DNS with child domains

  • Thread starter Thread starter James F
  • Start date Start date
J

James F

Maybe someone can help clear this up for me. I'm not
really up on DNS and this sort of got dropped on me. We
have 3 child domains, each with their own dns servers. I
want to be able to go to any ws and ping the other ws
without have to use the fqdn. I can do this from the child
domains but not from the parent. I know this has to do
with the dns search suffix list, but no idea what to do.
I also saw in one post that I should enable scavenge stale
records on my reverse lookup. When I select that on the
parent domain I get a message:
You have chosen to enable aging on this Standard Primary
zone. This will modify the zone file format. The zone
transfer to secondary servers will be unaffected. The zone
file saved on the Primary server may not be loaded by non-
windows 2000 DNS servers.
Is this ok to allow this?
When I do a nslookup from the child domains, I get non-
authoriative answers, any ideas

With Mail Alias -> mail mail.internal.vctx.org
C:\>nslookup
Default Server: health1.health.internal.vctx.org
Address: 10.13.2.5
mail
Click to expand...
Server: health1.health.internal.vctx.org
Address: 10.13.2.5
Non-authoritative answer:
Name: mail.internal.vctx.org
Address: 10.10.0.33
dcview03
Click to expand...
Server: health1.health.internal.vctx.org
Address: 10.13.2.5
Name: dcview03.internal.vctx.org
Address: 10.10.0.190
exit
Click to expand...

Without Alias in child domain
C:\>nslookup
Default Server: health1.health.internal.vctx.org
Address: 10.13.2.5
mail
Click to expand...
Server: health1.health.internal.vctx.org
Address: 10.13.2.5
Name: mail.internal.vctx.org
Address: 10.10.0.33
Aliases: mail.health.internal.vctx.org
dcview03
Click to expand...
Server: health1.health.internal.vctx.org
Address: 10.13.2.5
Non-authoritative answer:
Name: dcview03.internal.vctx.org
Address: 10.10.0.190
 
James F said:
Maybe someone can help clear this up for me. I'm not
really up on DNS and this sort of got dropped on me.
Click to expand...

[The 'solution' is marked below by *** so keep reading but relax that there
is
help below.]

The misunderstanding originates from the differences between DNS
itself and the way (especially small networks) use DNS in support of Win2000
domains.

It also originates from confusing "Lookup DNS" from "Zones which resolve DNS
names authoritatively."

Technically these are two distinct functions of DNS servers -- but many
servers do
both. Some experts even insist that "lookup" (caching only) servers be
separated
from "authoritative" servers for various reasons including security. (I am
not in that
camp but I do understand that there are advantages to separation -- and some
disadvantages.)
We have 3 child domains, each with their own dns servers. I
want to be able to go to any ws and ping the other ws
without have to use the fqdn. I can do this from the child
domains but not from the parent.
Click to expand...

Usually it works the other way around. Somehow your child DNS
servers are "recursing" or "forwarding to another server which" does
the actual recursion to find the parent DNS. (They work.)

***
It's easy to make the parents find the children so you should be ok:
Just add delegation record in the parent that point to the child zones
and their DNS servers.

Since "right click" in a (parent) DNS zone gives a menu entry for "add
delegation" this is trivially easy now that you know about it.
I know this has to do
with the dns search suffix list, but no idea what to do.
Click to expand...

This is not the purpose of this setting. This setting just saves typing
those
additional suffixes by searching EACH of them for "unterminated" names.

Technically a DNS name is NOT a "Fully Qualified Domain Name" (FQDN)
unless you add the terminating "." DOT.
I also saw in one post that I should enable scavenge stale
records on my reverse lookup. When I select that on the
parent domain I get a message:
Click to expand...

That is about REMOVING records and should generally be left at the defaults.
(You can screw up a domain/DNS this way.)
 
Sorry I got confused, we are able to ping all the ws in
the child domains, it's when we do a nslookup that we get
a response that our server was unable to find the machine.
This all started as a result of some our our ws's in child
domains were unable to locate our mail server. Outlook was
asking them for a username and password. The problem
seemed to be their dns server wasn't resolving our mail
server. We seemed to solve the problem by adding an alias
in their dns records. I don't know if that is the right
way, or if we should be adding a MX record, or will all
this go away if we do like you suggested about delegation.
You are saying to add delegation records in the parent dns
server for all the child domains. I'm unsure about that
since it says it helps you delegate authority for a
subdomain to another zone. What exactly does this allow to
happen?
 
You only need MX records for Mail Exchange with OTHER SMTP
server (you likely need the MX but not for the clients.) Clients use
the SMTP server with which they are configured.

"Other SMTP servers" use the MX record to "find the responsible
email server" (or cross check it for defensive reasons.)

The rest became pretty unclear what problems you have now.
 
Back
Top