Parent/Child not working

  • Thread starter Thread starter T0GGLe
  • Start date Start date
T

T0GGLe

Hi,

real simple setup, really annoying problem.

Win2k - 2 domains:-
1.co.uk
2.1.co.uk
one dns server in "1" domain...named say "dns1", one dns server in "2"
domain named "dns2".

As the names suggest the "2" domain is a child of the "1" domain and
as per microsoft's instructions I have delegated responsibility for
the child domain to "dns2" and now have an entry in the forward lookup
zone in 1.co.uk that reflects this. Fine.
Now in order for names in "1" domain to resolve correctly from the "2"
domain I had to put in a root hint on "dns2" pointing to "dns1" and
now all names resolve correctly from this child domain.

However,absolutely no names for child domain resolve when queried in
the parent domain..and I don't want to put in a root hint on "dns1"
pointing to "dns2" as we already have our ISP dns addresses here for
internet access and I don't want all queries for the internet being
checked out (and unresolved) by "dns2" and the increase in load that
will incur. (am i right in this?)

Now I read that you have to append dns suffixes to every single
computer in the parent domain (in logon script) in order that names
are resolved DOWN the tree but is this really the case? Is win2k dns
really that bad?

Can anyone help me please?
 
In
T0GGLe said:
Hi,

real simple setup, really annoying problem.

Win2k - 2 domains:-
1.co.uk
2.1.co.uk
one dns server in "1" domain...named say "dns1", one dns server in "2"
domain named "dns2".

As the names suggest the "2" domain is a child of the "1" domain and
as per microsoft's instructions I have delegated responsibility for
the child domain to "dns2" and now have an entry in the forward lookup
zone in 1.co.uk that reflects this. Fine.
Now in order for names in "1" domain to resolve correctly from the "2"
domain I had to put in a root hint on "dns2" pointing to "dns1" and
now all names resolve correctly from this child domain.

However,absolutely no names for child domain resolve when queried in
the parent domain..and I don't want to put in a root hint on "dns1"
pointing to "dns2" as we already have our ISP dns addresses here for
internet access and I don't want all queries for the internet being
checked out (and unresolved) by "dns2" and the increase in load that
will incur. (am i right in this?)

Now I read that you have to append dns suffixes to every single
computer in the parent domain (in logon script) in order that names
are resolved DOWN the tree but is this really the case? Is win2k dns
really that bad?

Can anyone help me please
Click to expand...

It has nothing to do with DNS it has to do with the TCP/IP stack on the
client.How else is DNS supposed to know what forward lookup zone to find a
host name if the client does not request which domain to look in?
MSDNS does what it's supposed to do resolve names based on the request from
the client, if it did anything else then there is no telling where it will
send you.
You are going to have to add the domain to the search order.
 
In
Kevin D. Goodknecht said:
In

It has nothing to do with DNS it has to do with the TCP/IP stack on
the client.How else is DNS supposed to know what forward lookup zone
to find a host name if the client does not request which domain to
look in?
MSDNS does what it's supposed to do resolve names based on the
request from the client, if it did anything else then there is no
telling where it will send you.
You are going to have to add the domain to the search order.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
Click to expand...

Kevin,
The search order would be helpful, but I would like to make sure the
delegation was properly configured from the parent zone's DNS server to the
child zone's DNS server. You really don't need the Root hint for that in
this case, but a simple forwarder from the child DNS to the parent DNS will
work fine. IIRC, the child zone machines, will automatically populate the
search order for the parent zone. Then of course, from the parent DNS, you
would forward to the ISP.

Here's a little more info on it.
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
It has nothing to do with DNS it has to do with the TCP/IP stack on the
client.How else is DNS supposed to know what forward lookup zone to find a
host name if the client does not request which domain to look in?
MSDNS does what it's supposed to do resolve names based on the request from
the client, if it did anything else then there is no telling where it will
send you.
You are going to have to add the domain to the search order.
Click to expand...

Well I thought that DNS was a structure therefore if a request in the
parent zone was not resolved it would then send that request to the
child domains and so on and so on down the tree until the request was
resolved....? I guess if you have hundreds of child domains and so on
then this would be inefficient though.....

So we have to individually configure every single machine in the
parent domain so that it knows that there is another domain...even
though dns already knows there is another domain?
Do you know how to do this through logon scripts given that different
operating systems will be running the same logon script please? eg an
office of 20pcs alll running the same logon script but different
operating systems?

I followed this article and believe it to be set up correctly however
this solution just does not work in practise. Simply delegating a
child domain to a name server as per the MS article DOES NOT mean that
names resolve from the parent to the child (helpfully they neglect to
tell you this). They just don't - if you ping the FQDN that works fine
but names on their own just don't resolve.
There is another step required here and I suspect it's what Kevin is
talking about. ie the request from the client must include the domain
suffixes that DNS should try for resolution purposes otherwise DNS
doesn't have a clue as to where to look and will not attempt to look
any further than it's own forward lookup zone.


Oh and I tried forwarder initially from the child domain and that did
not work however a root hint did - just to let you know! :)


Thanks for your info guys and any further info/comments greatly
appreciated!
 
In
T0GGLe said:
Well I thought that DNS was a structure therefore if a request in the
parent zone was not resolved it would then send that request to the
child domains and so on and so on down the tree until the request was
resolved....? I guess if you have hundreds of child domains and so on
then this would be inefficient though.....
Click to expand...

No, it doesn't work that way, and you're right, it would be inefficient.
So we have to individually configure every single machine in the
parent domain so that it knows that there is another domain...even
though dns already knows there is another domain?
Do you know how to do this through logon scripts given that different
operating systems will be running the same logon script please? eg an
office of 20pcs alll running the same logon script but different
operating systems?
Click to expand...

Try what that article and what I suggested with changing the search suffix
for right now. It will work. I usually set it up this way for clients with
child domains and have set it up this way in a classroom scenario to
demonstrate it. Once the delegation is removed, then the parent can't find
the child. On another note, once the forwarding to the parent is removed,
then the child domians cant find the parent.
I followed this article and believe it to be set up correctly however
this solution just does not work in practise. Simply delegating a
child domain to a name server as per the MS article DOES NOT mean that
names resolve from the parent to the child (helpfully they neglect to
tell you this). They just don't - if you ping the FQDN that works fine
but names on their own just don't resolve.
Click to expand...


The FQDN here is what we're talking about. It's DNS. THis actually all works
as I mentioned above.

If you are talking about single label name resolution, and you have mutli
segmented network, then I would look at a WINS solution in addition to what
you have.
There is another step required here and I suspect it's what Kevin is
talking about. ie the request from the client must include the domain
suffixes that DNS should try for resolution purposes otherwise DNS
doesn't have a clue as to where to look and will not attempt to look
any further than it's own forward lookup zone.
Click to expand...

You mean on the parent zone machines? That could be helpful, but it depends
on what you're trying to do. Is it by single name?
Oh and I tried forwarder initially from the child domain and that did
not work however a root hint did - just to let you know! :)
Click to expand...

That is strange.
Thanks for your info guys and any further info/comments greatly
appreciated!
Click to expand...

Let us know what you think.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
In

Kevin,
The search order would be helpful, but I would like to make sure the
delegation was properly configured from the parent zone's DNS server
to the child zone's DNS server. You really don't need the Root hint
for that in this case, but a simple forwarder from the child DNS to
the parent DNS will work fine. IIRC, the child zone machines, will
automatically populate the search order for the parent zone. Then of
course, from the parent DNS, you would forward to the ISP.

Here's a little more info on it.
255248 - HOW TO Create a Child Domain in Active Directory and
Delegate the DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

From his original post it is hard to tell but it sounds to me like he is
trying to resolve hosts from the child without using the FQDN.
The search list will only help that, by appending the child DNS suffix to
all queries.
 
In
Kevin D. Goodknecht said:
In Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&[email protected]> posted a
question
Then Kevin replied below:
Click to expand...
From his original post it is hard to tell but it sounds to me like he
is trying to resolve hosts from the child without using the FQDN.
The search list will only help that, by appending the child DNS
suffix to all queries.

--
Click to expand...

I thought the same. That's what started me to think the child is on a
different subnet and started thinking WINS because of NetBIOS. When a child
domain is installed, the Primary suffix is set to say child.domain.com, the
search suffixes will be automatically set to child.domain.com and
domain.com. Basing it on that, is why I started assuming NetBIOS. If the
delegation was set properly, the child domain shows up as a gray folder
under the domain.com zone in the parent and has the info to send the query
for any child domain queries to that/those respective DNS server(s) it was
delegated to. So I guess you can say that's another reason I'm assuming
NetBIOS.

:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top