Setting up trusted domain over internet

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

We have two different subnets that are connected over the internet via site to site vpn

Subnet 1 : 175.16.1.0 ( HQ) ( Domain A
subnet 2: 175.16.2.0 ( Remote location) ( Domain B

I can ping any machines from either subnet by IP but not by name. What do I have to so
to setup trusted domain. From both the DC I can ping by IP but not name. Please advise

Thanks
Singh
 
are you using private or public ip addresses for the workstations?

are the computers from both sites on your server's dns?

do you have both listed in AD Sites?
 
Computers are using private IP for Workstation.

Both sites have AD and DNS. The AD in HQ is called headquater.com and all computers in that subnet and
site are in their DNS.
While AD and DNS in Remote location has its own AD called HQ.com and all computers in that csubnet
and site are in their DNS.

Thanks !
 
Singh said:
Computers are using private IP for Workstation.

Both sites have AD and DNS. The AD in HQ is called headquater.com and all computers in that subnet and
site are in their DNS.
While AD and DNS in Remote location has its own AD called HQ.com and all computers in that csubnet
and site are in their DNS.

Thanks !
Click to expand...

Add the target's fqdn name and ip combination to the host file on each end
of the trust link (or add the target pointer directly in local DNS server).
You might also be interested in configuring the other domain's DNS server as
a forwarder in local DNS to forward queries on behalf of local clients.

The first step resolves the trust, the second provides remote domain-wide
name resolution.

Forwarders can't be configured on a DNS server that beleives itself to be
the final authority of the global internet. This requires deletion of the
root zone called ".".

Once the trust is set up, if DNS of other domain fails, look at your VPN's
default gateway's route metric. If a connection can't route to the remote
DNS server, resolution of the target domain can't be achieved.

Consider what ports are required depending on what protocol, encryption and
services you need to support. In the case you have a firewall configured.
 
Back
Top