Need to forward request for a domain to another DNS server

  • Thread starter Thread starter Sameh Ahmed
  • Start date Start date
S

Sameh Ahmed

Hello there
have a domain called domain1.local that has it's own DNS server 10.0.0.1 and
there's another domain domain2.local and it's DNS server is 10.0.0.2.
What I want to do is to make 10.0.0.1 the primary DNS server for both
domains, in the following way:
10.0.0.1 holds only a NS record pointing to domain2.local without so
requests are directed to the 10.0.0.2 server when domain2.local records are
needed.
I created a zone on 10.0.0.1 called domain2.local and has only one host
record pointing to 10.0.0.2 and configured the start of authority and the
name server to point to this record (10.0.0.2).
Now when I use NSLOOKUP to ask 10.0.0.1 about records in domain2.local it
says "Non-existent domain"
Any ideas on what I am doing wrong?
Regards
Sameh
 
In
Sameh Ahmed said:
Hello there
have a domain called domain1.local that has it's own DNS server
10.0.0.1 and there's another domain domain2.local and it's DNS server
is 10.0.0.2. What I want to do is to make 10.0.0.1 the primary DNS server
for both
domains, in the following way:
10.0.0.1 holds only a NS record pointing to domain2.local without so
requests are directed to the 10.0.0.2 server when domain2.local
records are needed.
Click to expand...

To accomplish the above, if this is Windows 2003, just create a conditional
forwarder for domain2.local and provide 10.0.0.2 as the forwarder. If this
is Windows 2000, unfortunately conditional forwarding is not available.
I created a zone on 10.0.0.1 called domain2.local and has only one
host record pointing to 10.0.0.2 and configured the start of
authority and the name server to point to this record (10.0.0.2).
Click to expand...

How did you create the zone? Is it a secondary zone? If so, did the records
populate when it transferred?
Now when I use NSLOOKUP to ask 10.0.0.1 about records in
domain2.local it says "Non-existent domain"
Click to expand...

That is just a message saying 10.0.0.1 does not have a PTR in the reverse
zone for that subnet. So that leads to a simpel question, do you have a
reverse zone for 10.0.0.x?? If so, create a PTR for 10.0.0.1. If not, then
create the Reverse zone, and create the PTR and that message will go away.



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
hello Ace
well, I created a primary zone.
does that mean that there is no way using Win 2000 to make a DNS server act
like an ISP DNS server?
like people have their own NS servers but the NS records of the domains on
the root servers point to the ISP servers and those in their turn point to
the right NS server when requested?
Thanks
a lot.
Regards
Sameh

"Ace Fekay [MVP]"
 
In
Sameh Ahmed said:
hello Ace
well, I created a primary zone.
does that mean that there is no way using Win 2000 to make a DNS
server act like an ISP DNS server?
like people have their own NS servers but the NS records of the
domains on the root servers point to the ISP servers and those in
their turn point to the right NS server when requested?
Thanks
a lot.
Regards
Sameh
Click to expand...

People useWindows DNS for nameservers on the Internet all the time. I have
two of them myself. But what you are trying to do, based on your original
post, is just forward a request for a specific domain name to another DNS
server.

Isn't that what you were saying? Correct me and please elaborate if I am
wrong.

Now if you want to host a domain name on the Internet, there are mulitple
steps behind that, starting with registering your nameserver with the
Registrar. Goto www.networksolutions.com to read more info on how to do
that. The Regstrar REQUIRES a minimum of two nameservers to host any
specific domain name and their PUBLIC IP addresses. Keep in mind, if you are
behind a NAT, this may not work because NAT will only redirect an incoming
port requests to one IP. If you have two DNS behind the NAT for this, it
won;t work. You'll need two PUBLIC IPs. In this scenario, you will also need
another DNS server to host your PRIVATE IPs. You cannot mix public and
private IPs under the same domain name in DNS. It just will not work.

Ace
 
Regarding the first registration step and the NAT issue and the public IPs,
this is already taken care of.
No private IPs are being used for that.
So the root servers when requested to anotherdomain.com point to
ns1.domain.com and ns2.domain.com.
What I want, is to make ns1.domain.com and ns2.domain.com forward request to
ns1.anotherdomain.com or ns2.anotherdomain.com when asked for
www.anotherdomain.com for example.
Thank you for your time
Regards
Sameh




"Ace Fekay [MVP]"
 
Sameh Ahmed said:
Regarding the first registration step and the NAT issue and the public IPs,
this is already taken care of.
No private IPs are being used for that.
So the root servers when requested to anotherdomain.com point to
ns1.domain.com and ns2.domain.com.
What I want, is to make ns1.domain.com and ns2.domain.com forward request to
ns1.anotherdomain.com or ns2.anotherdomain.com when asked for
www.anotherdomain.com for example.
Click to expand...

That isn't really the way that "forwarding" works.

Forwarding (to a DNS server) means that IT (that
same DNS server must go do the lookup by asking
the forwarder not by telling the "client" (which might
be even another DNS server to go there.)

On an ITERATIVE request such lookups are not
expected or done (the requesting client is saying,
tell me if you know, otherwise, tell me what you
know that will help, but if the request is already
at the same level it isn't going to go lookup again
with a different server -- clients expect that ALL
authoritative servers will give the same answer.)

Also most DNS servers are (and SHOULD BE) set
up to refuse to perform recursive requests on behalf
of (external) clients.

If you want a DIFFERENT set of servers to handle
the requests, then TELL the parent to use them (that
is, enter the correct servers with the parent.)

Whyever would you want to tell the parent the WRONG
servers?
 
Not the wrong servers
simply if you want to distribute load or simply restrict access to only 1
server (or a farm) instead of several.
 
Sameh Ahmed said:
Not the wrong servers
simply if you want to distribute load or
Click to expand...


Register the extra servers with the parent zone.

That is the way it is properly done.
simply restrict access to only 1
server (or a farm) instead of several.
Click to expand...

This is not a function of DNS.
 
Actually the main reason for me needing to know how that is done; is that I
have several virtual machines running on my machine hosting several AD
environments, and for some reason, I need to restart or to change the DNS
servers order back and forth to be able to resolve the SRV records for each
domain.
So I wanted to point my NIC to only one virtual DNS server, that would point
them to the right records.
This is to make is totally clear why I wanted to do that.
Regards and thanks for your time.
Sameh
 
Sameh Ahmed said:
Actually the main reason for me needing to know how that is done; is that I
have several virtual machines running on my machine hosting several AD
environments, and for some reason, I need to restart or to change the DNS
servers order back and forth to be able to resolve the SRV records for each
domain.
So I wanted to point my NIC to only one virtual DNS server, that would point
them to the right records.
This is to make is totally clear why I wanted to do that.
Click to expand...

Probably, due to misconfiguration (or mis-design
really) of your DNS setup.

VM's are really no different in terms of troubleshooting
such things (after the VM is working on the VNet or
whatever) than anything else.

You have to treat them like they are regular machines
to simplify the troubleshooting.

Describe your "network" and you intention and we
can work through it.

This misunderstanding frequently happens when
someone posts a question without giving the REAL
reason for the question.

We spend a lot of time explaining why the question
is mis-directed and then slowly the real question(s)
emerge....
 
Thanks
1 physical machine
192.168.0.2
2 Virtual machines
192.168.0.3 domain1.local
192.168.0.7 domain2.local

DNS server order
192.168.0.3 not a root server
192.168.0.7 not a root server
62.139.105.166 ISP Server
that's the main setup
I develop an app that runs on the physical machine that needs to connect to
Active directory on both machines in the same time.
Regards
Sameh
 
Sameh Ahmed said:
Thanks
1 physical machine
192.168.0.2
2 Virtual machines
192.168.0.3 domain1.local
192.168.0.7 domain2.local

DNS server order
192.168.0.3 not a root server
192.168.0.7 not a root server
62.139.105.166 ISP Server
that's the main setup
I develop an app that runs on the physical machine that needs to connect to
Active directory on both machines in the same time.
Click to expand...

Ok, so if it is two domains (each with their own
DNS server set) there are two basic ways to get
resolution:

1) Put them in a hierarchy
2) Have each DNS server (set) hold "cross
secondaries" for the other DNS zone(s)

#1 works best when you have only one tree of
zones/domains OR (in a lab etc) don't need
Internet connectivity.

#2 is a general solution -- if each set of DNS
servers can resolve the other DNS zones directly
by being a secondary for those other zones then
it just works.
 
what do you mean by put them in a hierarchy, how do I do that?
I used the second option and it works fine
thank you for your time.
 
Sameh Ahmed said:
what do you mean by put them in a hierarchy, how do I do that?
I used the second option and it works fine
thank you for your time.
Click to expand...

Well, they would have to BE in a hierarchy
or you would have to add the parent domain
to join them into a single hierarchy.

If you use public (Internet) names this is impracticable
since it would eliminate Internet name resolution.

In a private name space you could add the local.
zone above a.local and b.local, or even just having
a parent-child relationship, a.local and child.a.local.

But all this is something you have to plan ahead for
unless you are willing to give up general Internet
resolution.
 
In
Sameh Ahmed said:
what do you mean by put them in a hierarchy, how do I do that?
I used the second option and it works fine
thank you for your time.
Click to expand...

Sameh,

If you had Windows 2003, you can create conditional forwarders to forward
specific name requests. As for nameserver registration, the two domains you
want to forward to another is supposedly supposed to be on that server,
where the actual content of the zone is on that server, so frowarding is not
indicated, but I don;t see why it cannot be done.

So regarding the original question:
What I want, is to make ns1.domain.com and ns2.domain.com forward request
to
ns1.anotherdomain.com or ns2.anotherdomain.com when asked for
www.anotherdomain.com for example.
Click to expand...

As Herb said, just make a secondary of the zone on the registered name
server and you should be good to go.

btw- Why are you pointing to an ISP's DNS server in your configuration?
Look:
192.168.0.3 not a root server
192.168.0.7 not a root server
62.139.105.166 ISP Server
Click to expand...

That will not get you your desired results and will cause problems in
resolution. Keep your machines pointed to your own DNS and setup a forwarder
to 62.139.105.166. This configuration is an industry highly recommended
'best practice" and will eliminate possible issues. If AD was involved here,
numerous errors can result with your current config.

Ace
 
dear Herb and Ace
thanks a lot
I used the secondary zones setup and it just works fine.
All this is in my home network, and wanted this for tests and so on.
Thanks a lot
Regards
Sameh
"Ace Fekay [MVP]"
 
Sameh Ahmed said:
dear Herb and Ace
thanks a lot
I used the secondary zones setup and it just works fine.
All this is in my home network, and wanted this for tests and so on.
Click to expand...

For tests it's a bit more complicated since
they tend to "test around the edges" (odd
situations, big systems, etc.)

The key to tests is CLEAR UNDERSTANDING
of the basics so that you can solve most any
real world or straight problem and then the odd
rules for those weird questions.
 
Sameh Ahmed said:
dear Herb and Ace
thanks a lot
I used the secondary zones setup and it just works fine.
All this is in my home network, and wanted this for tests and so on.
Thanks a lot
Regards
Sameh
Click to expand...

My pleasure...

Ace
 
Back
Top