DNS Across subnets

Discussion in 'DNS Server' started by Glenn, Aug 12, 2006.

  1. Glenn

    Glenn Guest

    Background: I have four VLANS. Each VLAN has it's own Windows 2003 Server
    that functions as a DHCP server along with WINS and DNS. They are all part
    of the same domain, and each a GC.

    VLAN1 gives out ips of 10.0.x.x
    VLAN2 gives out ips of 10.1.x.x
    VLAN3 gives out ips of 10.2.x.x
    VLAN3 gives out ips of 10.3.x.x

    On VLAN3, I have a copier/printer that has a built in web interface. I've
    assigned it a static IP of 10.2.0.5. In the DNS server on VLAN3, I made an
    entry for that machine. So now, if someone goes into Internet Explorer and
    types "COPIER", it resolves to 10.2.0.5 and displays the Web Interface.
    However, that only works for the computers that are physically connected to
    VLAN3 (as untagged). If I go to a computer on any of the other VLANS, I get
    a page that says "The requested URL could not be retrieved".

    When I look at the DNS running on the other servers, everything is
    replicated.

    What am I not doing that is preventing this from working on all VLANS?
     
    Glenn, Aug 12, 2006
    #1
    1. Advertisements

  2. Glenn

    Anthony Guest

    What you have described should work.
    1) When you ping "copier" from VLAN2, is the domain suffix appended? If yes,
    is it resolved. If it is resolved, is there a reply? Does
    http://copier.mydomain.com also not work, or just http://copier?
    2) Are you using a proxy server? Is there a firewall or access list between
    the subnets?
    Anthony
     
    Anthony, Aug 12, 2006
    #2
    1. Advertisements

  3. Glenn

    Glenn Guest

    When I ping it from vlan2 it does resolve and the domain suffix is appended.
    http://copier.mydomain.com does in deed work. It's just the http://copier
    that doesn't work. I do have a firewall on my network, and actually the
    error page that comes up appears to be generated by the firewall. However,
    i believe the firewall is setup to allow all internal traffic.
     
    Glenn, Aug 12, 2006
    #3
  4. Glenn

    Anthony Guest

    Can you post the whole error message?
    Can you set your IE browser to not use the proxy server (if it does)?
    Anthony
     
    Anthony, Aug 12, 2006
    #4
  5. Glenn

    Glenn Guest

    IE does not use a proxy server. Here's the error message: (By the way, I
    don't use caching on the firewall)

    The requested URL could not be retrieved

    ----------------------------------------------------------------------------
    ----

    While trying to retrieve the URL: http://phones/

    The following error was encountered:

    Unable to determine IP address from host name for phones
    The dnsserver returned:

    Name Error: The domain name does not exist.
    This means that:

    The cache was not able to resolve the hostname presented in the URL.
    Check if the address is correct.
    Your cache administrator is webmaster.
     
    Glenn, Aug 12, 2006
    #5
  6. Glenn

    Anthony Guest

    If you get those results to the ping and http consistently from any machine
    in VLAN2, then:
    - DNS is set up correctly
    - the domain suffix is set up correctly in the client tcp/ip properties
    It looks to me as though your Squid web proxy is not handling local requests
    correctly.
    Anthony
     
    Anthony, Aug 12, 2006
    #6
  7. Glenn

    Herb Martin Guest

    Appending the suffix is PURELY a local (client) side effect and
    has nothing to do with the actual DNS resolution by the server
    (only what question is actually asked by the client.)
    Does the short host name "copier" exist in the default zone
    (suffix) for the client?

    If not, register it either manually or automatically.
    Well, you can prove that by asking DIRECT questions with
    fully qualified names (full names ENDING in a ".") and using
    a specific DNS server, e.g.,

    nslookup copier.domain.com. IP.of.DNS.Server

    Or:

    nslookup copier.somedomain.com. IP.of.DNS.Server

    If either of these don't work but should work, then go to the
    authoritative server and make sure it has the required name
    and IP.

    Ping is for testing connectivity. NSlookup is for explicitly
    testing name resolution.
     
    Herb Martin, Aug 13, 2006
    #7
  8. Glenn

    Herb Martin Guest


    Adding things to the suffix list will never help you
    resolve a name that is without a suffix nor will help
    you register that copier name.

    Odds are "copier" has NEVER been registered in the
    appropriate zone.

    He can do this either manually or perhaps automatically
    (e.g., by DHCP server.)

    Many people avoid using DHCP for printer addresses
    which typically need to be fixed, but it is trivial to just
    build a RESERVATION for such machines and the
    DHCP server MAY be able to do the registration for
    them in that case.
     
    Herb Martin, Aug 15, 2006
    #8
  9. Glenn

    Anthony Guest

    Did you get this fixed? Just to elaborate: from a simple networking point of
    view your http://copier is having the domain name appended and being
    resolved correctly by DNS. If you were just routing to the copier VLAN the
    request would be answered. But you are going through a web proxy, Squid.
    Squid is looking at the header of the http request and instead of saying
    "that must be local" it is saying "never heard of that domain". It is a
    misconfiguration in Squid that is causing your request to fail. That's my
    guess as to what is wrong,
    Anthony
     
    Anthony, Aug 15, 2006
    #9
  10. Glenn

    Herb Martin Guest

    IF that full name (and this is the first clear indication I have seen of
    this)
    were registered in the zone of the client's domain it should resolve when
    the base name is used alone.

    If it doesn't then the way to test is to try the full name explicitly as a
    TRUE FQDN (which means appending a "." to the end):

    ping copier.mydomain.com.
    nslookup copier.mydomain.com.

    If this works it strongly implies a problem with appending the (correct)
    zone name.

    The (proper) fix for this is to go to the SYSTEM CONTROL panel and
    set the machine's correct name suffix.

    (Note this can also be set in the NIC properties but that is generally only
    needed for multihome machines and may not give you the desirve results
    unless the SYSTEM control panel is correct.)

    Then go to the NIC->IP Properties and make sure that the check box
    to append DNS suffix (and maybe parent if it is a deep name like
    subdomain.domain.com). You can also add in any unrelated DNS
    names that are present on your network AND which have resource
    needed by your users frequently.


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Aug 15, 2006
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.