Windows 2000 DNS and child domains

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have an issue with our DNS and child domain setup. We have the root domain
and around 5 - 6 child domains. From each of the child domain we are able to
“nslookup†to any servers or workstations of root domain but not to any other
child domain.

From the root domain we cannot “nslookup†to any of the child domains. But
it just resolves the child domain name correctly.

DNS is running on the root and on all the respective child domains as AD
integrated with secure updates only. I tried to delegate 1 child domain from
the root domain and that didn’t solve the issue.

The servers are running Windows 2000 with SP4. But if we try to put the FQDN
it’s resolving from the root domain or child domain. But that’s not the right
way to work, isn't it?

Any help highly appreciated....let me know if you need any further details
Alex
 
In
kmalex74 said:
We have an issue with our DNS and child domain setup. We
have the root domain and around 5 - 6 child domains. From
each of the child domain we are able to "nslookup" to any
servers or workstations of root domain but not to any
other child domain.

From the root domain we cannot "nslookup" to any of the
child domains. But it just resolves the child domain name
correctly.

DNS is running on the root and on all the respective
child domains as AD integrated with secure updates only.
I tried to delegate 1 child domain from the root domain
and that didn't solve the issue.

The servers are running Windows 2000 with SP4. But if we
try to put the FQDN it's resolving from the root domain
or child domain. But that's not the right way to work,
isn't it?

Any help highly appreciated....let me know if you need
any further details Alex
Click to expand...

Under Win2k, you shouldn't have a child zone in the prent DNS, unless the
parent DNS is doing all resolution for the forest. DNS replication does not
work betweeen the parent domain and the child domains. This was changed
under Win2k3, which permits forest wide replication.

Follow this KB article make sure each of the child domains are delegated in
the parent zone to their respective DNS servers.
Then on the child DNS set a forwarder to the parent DNS, and check the box
"Do not use recursion" on the Forwarders tab.

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;255248&sd=RMVP
 
Thank you very much for replying.

Yes we dont have child zone in the parent DNS server. "Do not use recursion"
on the Forwarders tab is already done on all the child domains.

Also al the child domain DNS are forwarding to the Parent DNS server. I
enabled delegation for one of the child domains but still the issue is same.
We cannot "Nslookup" from the parent domain to the child domain.

Anything else to look further, thanks in advance.

Alex
 
In
kmalex74 said:
Thank you very much for replying.

Yes we dont have child zone in the parent DNS server. "Do
not use recursion" on the Forwarders tab is already done
on all the child domains.

Also al the child domain DNS are forwarding to the Parent
DNS server. I enabled delegation for one of the child
domains but still the issue is same. We cannot "Nslookup"
from the parent domain to the child domain.

Anything else to look further, thanks in advance.
Click to expand...

You need a delegation for all child domains on the parent DNS zone.
 
Sorry to trouble you again with this.

Yes enabling delegation for all the child domains can be done. But for the
already enabled child domain the "nslookup" doesn't resolve from the parent
domain. I mean the issue is same and there is no difference between the
delegation enabled ones and the one without that. I didn’t see any result
which I expect it (the delegated ones) to do.

Thanks.........
 
In
kmalex74 said:
Sorry to trouble you again with this.

Yes enabling delegation for all the child domains can be
done. But for the already enabled child domain the
"nslookup" doesn't resolve from the parent domain. I mean
the issue is same and there is no difference between the
delegation enabled ones and the one without that. I
didn't see any result which I expect it (the delegated
ones) to do.
Click to expand...

The delegation is what is needed and should work, can you show post an
output from nslookup -d2 to the parent DNS for a name in the child domain?
 
Please see the query response for Singapore server (child domain) done from
the parent domain. Practically it should look in sin.X.com but, it seems to
look in X.com.
singapore-fs
Click to expand...
Server: DNS.X.com
Address: 10.1.1.3

------------
SendRequest(), len 42
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
singapore-fs.X.com, type = A, class = IN

------------
------------
Got answer (105 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
singapore-fs.X.com, type = A, class = IN
AUTHORITY RECORDS:
-> X.com
type = SOA, class = IN, dlen = 40
ttl = 3600 (1 hour)
primary name server = DNS.X.com
responsible mail addr = admin
serial = 3706
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
 
In kmalex74 <[email protected]> commented
Then Kevin replied below:


It looks like you are querying for a host name, if the host name is in the
child domain like 'singapore-fs.child.X.com' and you want to query for just
host names, you will need to add the child domain to the DNS suffix search
list.
If I am misunderstanding what I'm seeing what is the child name, is it like
'child.X.com'?

Can you get an answer with a FQDN in the child domain?
 
Yes you are absolutely right adding the DNS search suffix for child domain, I
am able to do "nslookup" to child domains (any host) from parent domain.

Of course the FQDN use to work without any issues.

Thank you very much for your help.
 
In
kmalex74 said:
Yes you are absolutely right adding the DNS search suffix
for child domain, I am able to do "nslookup" to child
domains (any host) from parent domain.

Of course the FQDN use to work without any issues.

Thank you very much for your help.
Click to expand...

Your problem is going to be getting the child DNS suffix search list out to
your clients.
You can do this with a GPO for XP clients, the only way you can do this with
DHCP is to put the child name in option 015, which will send it out to the
DHCP clients in the form of a connection Specific DNS suffix which adds it
to the DNS suffix search list. The problem with this is all the DHCP clients
that support DDNS registration will try to register in the child DNS zone.
 
Back
Top