Multi-Domain Forward Lookup Zone issue

All,

I have an interesting issue with two domain. I have domain 1 and domain 2,
there is a trust establish between both domains. I setup a secondary zone at
each domain DNS to forward a copy of the lookup zone to each other, the goal
is to be access workstations and servers using host name. Here is what's
interesting, the zones transfer back and forth with no issues and I now have
a copy of each Forward zone in different domains. I setup reserve lookup
zones to transfer between each other as well. The problem is that I could
only access or ping server/workstations using the FQDNS of the other domain,
this is the result for both domain. By now they all machines from both
locations and domains should be able to ping each other using the hostname
but is not. Anyone could share any tips in what I could be missing?

Domain 1 = company1.ny.domain.com
Domain 2 = company2.la.domain.com

Both domains are part of the same forest and the Functional level for forest
and domain is set to windows 2003.

Thanks in advance.

"Amador" <> wrote in message
news:...
> All,
>
> I have an interesting issue with two domain. I have domain 1 and domain 2,
> there is a trust establish between both domains. I setup a secondary zone
> at each domain DNS to forward a copy of the lookup zone to each other, the
> goal is to be access workstations and servers using host name. Here is
> what's interesting, the zones transfer back and forth with no issues and I
> now have a copy of each Forward zone in different domains. I setup reserve
> lookup zones to transfer between each other as well. The problem is that I
> could only access or ping server/workstations using the FQDNS of the other
> domain, this is the result for both domain. By now they all machines from
> both locations and domains should be able to ping each other using the
> hostname but is not. Anyone could share any tips in what I could be
> missing?
>
> Domain 1 = company1.ny.domain.com
> Domain 2 = company2.la.domain.com
>
> Both domains are part of the same forest and the Functional level for
> forest and domain is set to windows 2003.
>
> Thanks in advance.
>
>


You'll need to configure a Search Suffix of the other domain on each machine
that you want to resolve by simply using the hostname and not the full FQDN.

If you have many machines, you can use a scriptlet using regini in the logon
script to configure it or you can use a GPO, whcih is an option in 2003 and
newer domains.

How to configure a domain suffix search list on the Domain Name ...Windows
2000 - This article describes how to automate the process of configuring the
domain suffix search list on your Domain Name System (DNS) clients.
http://support.microsoft.com/kb/275553

New group policies for DNS in Windows Server 2003. Scroll down to "DNS
Suffix Search List"
http://support.microsoft.com/kb/294785/

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

So I do have the dns search list define for both domain and still doesn't
work.

"Amador" <> wrote in message
news:...
> All,
>
> I have an interesting issue with two domain. I have domain 1 and domain 2,
> there is a trust establish between both domains. I setup a secondary zone
> at each domain DNS to forward a copy of the lookup zone to each other, the
> goal is to be access workstations and servers using host name. Here is
> what's interesting, the zones transfer back and forth with no issues and I
> now have a copy of each Forward zone in different domains. I setup reserve
> lookup zones to transfer between each other as well. The problem is that I
> could only access or ping server/workstations using the FQDNS of the other
> domain, this is the result for both domain. By now they all machines from
> both locations and domains should be able to ping each other using the
> hostname but is not. Anyone could share any tips in what I could be
> missing?
>
> Domain 1 = company1.ny.domain.com
> Domain 2 = company2.la.domain.com
>
> Both domains are part of the same forest and the Functional level for
> forest and domain is set to windows 2003.
>
> Thanks in advance.
>
>

"Amador" <> wrote in message
news:OkI$...
> So I do have the dns search list define for both domain and still doesn't
> work.

How did you test it? You can test it with nslookup.

Can you post the following, please, to get a better idea of the config from
both sides?

Forest1:
An ipconfig /all from one of the DC/DNS servers and from a workstation

Forest2:
An ipconfig /all from one of the DC/DNS servers and from a workstation

Please preserve the names in the suffixes in order to match them up.

Also, run nslookup on a client machine and from a DC on each side (that the
additonal Search Suffix has been added to):
nslookup
> FQDN of a machine in the other forest
> Hostname of a machine in the other forest

Post the results, please.

I assume that your secondaries are populating all DNS servers on each side,
so no matter which DNS server a client is using, it will have access to the
other zone.

Ace

MY Dc's are also the DNS servers.

NY DC/DNS IP Information
Windows IP Configuration
Host Name . . . . . . . . . . . . : nydc1
Primary Dns Suffix . . . . . . . : ny.mdc.domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ny.mdc.domain.net
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : ny.mdc.domain.net
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-21-5A-EE-00-10
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.150.100.10
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.150.100.1
DNS Servers . . . . . . . . . . . : 10.150.100.10
10.153.130.8
Primary WINS Server . . . . . . . : 10.150.100.10

IP info from ThinClient in NY location

Windows IP Configuration
Host Name . . . . . . . . . . . . : CONF2
Primary Dns Suffix . . . . . . . : ny.mdc.cbs.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ny.mdc.cbs.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ny.mdc.cbs.net
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit
Ethernet #2
Physical Address. . . . . . . . . : 00-21-5A-6D-D1-9D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.150.104.109
Subnet Mask . . . . . . . . . . . : 255.255.254.0
IP Address. . . . . . . . . . . . : fe80::221:5aff:fe6d:d19d%4
Default Gateway . . . . . . . . . : 10.150.104.1
DHCP Server . . . . . . . . . . . : 10.150.100.10
DNS Servers . . . . . . . . . . . : 10.150.100.10
10.150.100.12
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Friday, February 05, 2010
7:21:46 AM
Lease Expires . . . . . . . . . . : Friday, February 05, 2010
7:36:46 AM
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling
Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled


LA DC/DNS IP Information
Windows IP Configuration
Host Name . . . . . . . . . . . . : LADC1
Primary Dns Suffix . . . . . . . : la.mdc.cbs.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : la.mdc.cbs.net
Ethernet adapter Team 1:
Connection-specific DNS Suffix . : la.mdc.cbs.net
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-21-5A-CE-49-F2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.153.130.8
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.153.130.1
DNS Servers . . . . . . . . . . . : 10.153.130.8
10.150.100.10

LA Server IP Information
Windows IP Configuration
Host Name . . . . . . . . . . . . : la-atiris-1
Primary Dns Suffix . . . . . . . : la.mdc.cbs.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : la.mdc.cbs.net
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-21-5A-CF-81-8A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.153.128.33
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.153.128.1
DNS Servers . . . . . . . . . . . : 10.153.130.8
10.153.130.10

"Ace Fekay [MVP-DS, MCT]" <> wrote in message
news:...
> "Amador" <> wrote in message
> news:OkI$...
>> So I do have the dns search list define for both domain and still doesn't
>> work.
>
> How did you test it? You can test it with nslookup.
>
> Can you post the following, please, to get a better idea of the config
> from both sides?
>
> Forest1:
> An ipconfig /all from one of the DC/DNS servers and from a workstation
>
> Forest2:
> An ipconfig /all from one of the DC/DNS servers and from a workstation
>
> Please preserve the names in the suffixes in order to match them up.
>
> Also, run nslookup on a client machine and from a DC on each side (that
> the additonal Search Suffix has been added to):
> nslookup
>> FQDN of a machine in the other forest
>> Hostname of a machine in the other forest
>
> Post the results, please.
>
> I assume that your secondaries are populating all DNS servers on each
> side, so no matter which DNS server a client is using, it will have access
> to the other zone.
>
> Ace
>
>
>
>

"Amador" <> wrote in message
news:...
> MY Dc's are also the DNS servers.
>
> NY DC/DNS IP Information
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : nydc1
> Primary Dns Suffix . . . . . . . : ny.mdc.domain.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ny.mdc.domain.net
> Ethernet adapter Local Area Connection 3:
> Connection-specific DNS Suffix . : ny.mdc.domain.net
> Description . . . . . . . . . . . : HP Network Team #1
> Physical Address. . . . . . . . . : 00-21-5A-EE-00-10
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.150.100.10
> Subnet Mask . . . . . . . . . . . : 255.255.252.0
> Default Gateway . . . . . . . . . : 10.150.100.1
> DNS Servers . . . . . . . . . . . : 10.150.100.10
> 10.153.130.8
> Primary WINS Server . . . . . . . : 10.150.100.10
>
> IP info from ThinClient in NY location
>
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : CONF2
> Primary Dns Suffix . . . . . . . : ny.mdc.cbs.net
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ny.mdc.cbs.net
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . : ny.mdc.cbs.net
> Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit
> Ethernet #2
> Physical Address. . . . . . . . . : 00-21-5A-6D-D1-9D
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 10.150.104.109
> Subnet Mask . . . . . . . . . . . : 255.255.254.0
> IP Address. . . . . . . . . . . . : fe80::221:5aff:fe6d:d19d%4
> Default Gateway . . . . . . . . . : 10.150.104.1
> DHCP Server . . . . . . . . . . . : 10.150.100.10
> DNS Servers . . . . . . . . . . . : 10.150.100.10
> 10.150.100.12
> fec0:0:0:ffff::1%1
> fec0:0:0:ffff::2%1
> fec0:0:0:ffff::3%1
> Lease Obtained. . . . . . . . . . : Friday, February 05, 2010
> 7:21:46 AM
> Lease Expires . . . . . . . . . . : Friday, February 05, 2010
> 7:36:46 AM
> Tunnel adapter Teredo Tunneling Pseudo-Interface:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling
> Pseudo-Interface
> Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
> Default Gateway . . . . . . . . . :
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
>
> LA DC/DNS IP Information
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : LADC1
> Primary Dns Suffix . . . . . . . : la.mdc.cbs.net
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : la.mdc.cbs.net
> Ethernet adapter Team 1:
> Connection-specific DNS Suffix . : la.mdc.cbs.net
> Description . . . . . . . . . . . : HP Network Team #1
> Physical Address. . . . . . . . . : 00-21-5A-CE-49-F2
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.153.130.8
> Subnet Mask . . . . . . . . . . . : 255.255.254.0
> Default Gateway . . . . . . . . . : 10.153.130.1
> DNS Servers . . . . . . . . . . . : 10.153.130.8
> 10.150.100.10
>
> LA Server IP Information
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : la-atiris-1
> Primary Dns Suffix . . . . . . . : la.mdc.cbs.net
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : la.mdc.cbs.net
> Ethernet adapter Local Area Connection 3:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP Network Team #1
> Physical Address. . . . . . . . . : 00-21-5A-CF-81-8A
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.153.128.33
> Subnet Mask . . . . . . . . . . . : 255.255.254.0
> Default Gateway . . . . . . . . . : 10.153.128.1
> DNS Servers . . . . . . . . . . . : 10.153.130.8
> 10.153.130.10


Why is the subnet mask on the DCs in NY different than the thinclient's
mask?

I am kind of surprised the Search Suffix is not devolved on these machines
posted. Normally for example of a Primary DNS Suffix of "la.mdc.cbs.net",
you would see a Search Suffix list of:
la.mdc.cbs.net
mdc.cbs.net
cbs.net

For cross forest or domain trusts and trying to resolve name by single host
name with DNS, you would also need the OTHER forest of domain's suffix
added, which was what we were talking about in the thread. So if you were
trying to communicate to nydc1.ny.mdc.domain.net from
la-atiris-1.la.mdc.cbs.net, the machine called "la-atiris-1.la.mdc.cbs.net"
would need the other suffixes added. In this example, la-atiris-1's Search
Suffix list should look like:

la.mdc.cbs.net
mdc.cbs.net
cbs.net
ny.mdc.domain.net
mdc.domain.net
domain.net

This should be reflected on all machines in that domain, and vice-versa in
the other domain.

This way when you ping nydc1, the client side resolver will try each suffix,
essentially adding the suffixes in the list one by one until it finds a hit.

But this will NOT work with all applications. It depens on the application.
If an application is strictly NetBIOS or NTLM based, it will not work and
will need NetBIOS support. In this case, since you are using WINS, you would
need to create a WINS replication partnership between the two sides.

Ace