HELP needed please with DNS

  • Thread starter Thread starter Jenny Wilson
  • Start date Start date
J

Jenny Wilson

Hi Guys,
Im hoping someone could help me with an issue Im having
with dns, im knew to win2k/win03 so its probably a no
brainer to others on this forum.

SETUP
We have a vpn office to office connection between my
company and another client we work with alot. Both sites
have their own domains and exchange servers etc etc.
When our clients come into our office sometimes for days
at a time they want to be able to logon to there own
domain from in our office. I have spoken to the guy that
set up the office to office vpn and he has informed that
all traffic protocols are enabled between sites. I can
ping the other sites address's, remote desktop etc. But
it will not resolve names ( which Im assuming will be the
same reason why it you cant logon to the other domain
from our office?)

Could someone please help me work this out, what settings
do I need to put in my win2k dns for this to work????? I
hope this makes sense, any help would be greatly
apprecited!!

Jenny
 
We have a vpn office to office connection between my
company and another client we work with alot. Both sites
have their own domains and exchange servers etc etc.
When our clients come into our office sometimes for days
at a time they want to be able to logon to there own
domain from in our office. I have spoken to the guy that
set up the office to office vpn and he has informed that
all traffic protocols are enabled between sites. I can
ping the other sites address's, remote desktop etc.
Click to expand...

Then you only likely issue is NAME RESOLUTION (probably DNS
and maybe WINS as a secondary consideration.)
But it will not resolve names ( which Im assuming will be the
same reason why it you cant logon to the other domain
from our office?)
Click to expand...

At least part of it -- you can test authentication and sharing drives
(which is the main issue for most people, other than perhaps Email,
with the net command):

net use * \\192.168.223.23\ShareName *
/user:HomeDomainOrServer\Username

(Presuming that is the server IP address and the network is routable. I use
such as this
across the internet on a regular basis.)
Could someone please help me work this out, what settings
do I need to put in my win2k dns for this to work????? I
hope this makes sense, any help would be greatly
apprecited!!
Click to expand...

Presumably you have DNS at each (alternate) location but you are unable
to resolve names from outside that site?

Simplest is to add a "Secondary Zone server" (on the existing DNS servers)
for
the OTHER DNS server set. Now anyone in either site should be able to
resolve
names for the other site's domains.

If you have Win2003 you may consider "conditional forwarding" or using "stub
zone servers" instead of a full secondary but the effect is the same and my
first cut would be the cross-Secondaries.
 
Well, it depends on how much functionality you want them to have and how much you "trust" the other site. First, you will need
name resolution. The simplest way to do this would be to configure secondaries of the remote sites DNS zone on your DNS
and vice versa. You may also have to add a DNS suffix search order that includes the DNS suffix of the other domain. This will
allow host name resolution between the two otherwise only FQDN resolution will work. This step gives you name resolution and
with basic connectivity, clients should be able to map drives to servers at the other location. They will be prompted for
credentials for each server they connect to though.

If you truely want them to be able to "logon" to their home domain, a trust between these two domains will need to be created.
Your domain will need to trust their domain so that their users can logon to your machines. Once this is setup, connectivity back
to the remote domain for their users will be seemless. This would require a bit of coordination and trust between the two
organizations

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
Hello Jenny,

There are a number of ways to do this. You each have your
own Internal DNS. You won't share resolution. You could
add their Domain to your DNS and theirs as well. You could
do a trust. Let me know if you still have issues.
Kevin
 
If you truely want them to be able to "logon" to their home domain, a
trust between these two domains will need to be created.

Not at all. If they are members of THEIR OWN domain no trusted is needed to
logon that domain.
 
Back
Top