 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / DNS / June 2007W2K DNS Forwarding
I could do with some help regarding DNS! We have 12 offices each on their own domain (192.168.1.0,192.168.2.0, etc) These offices are connected via vpn links. There is a server at each office that is responsible for DNS & DHCP, and are DC's among other things. The majority of the servers are running W2K Server and two or three W2003. At HQ we have a W2k Server that is the DC and responsible for DNS and DHCP. We also have a W2k server that is also responsible for DNS (secondary) and is also a mail server. We also have another W2k winproxy server which clients from all offices access the internet through via the vpns to HQ. We have just purchased a piece of software called Servicedesk that we use to scan workstations on our network. It uses DNS to do this. This is fine on our HQ network but over the VPN's it fails. What i want to know is if i configure the HQ DC to use DNS forwarding, and apply the remote branch office servers IP addresses, will i be able to resolve the workstations names back at HQ? I can ping all the servers and workstations from HQ but cannot resolve computer names. I hope this is a clear explaination of what i need to do and will be happy to answer any questions that might help!! > I could do with some help regarding DNS! > [quoted text clipped - 16 lines] > I hope this is a clear explaination of what i need to do and will be happy to > answer any questions that might help!! You can create a secondary zone on the HQ DNS Server for each of the other sites. Kurt >> I could do with some help regarding DNS! >> [quoted text clipped - 6 lines] > >Kurt Thanks for your comment, would i create a new standard primary zone? or an Active directory integrated zone? also would i need to copy the DNS records from the branch office servers to the new zones? and would i need to create a zone for each of the domains? and lastly would i still need to have forwarding pointed to each of the DNS servers to service DNS requests regarding their domains from HQ. Thanks again!! >>> I could do with some help regarding DNS! >>> [quoted text clipped - 8 lines] >forwarding pointed to each of the DNS servers to service DNS requests >regarding their domains from HQ. Thanks again!! Sorry but would i also need to create new zones for each domain in the forward AND reverse lookup zones? >>>> I could do with some help regarding DNS! >>>> [quoted text clipped - 9 lines] > Sorry but would i also need to create new zones for each domain in the > forward AND reverse lookup zones? You would create standard secondary zones (because you said each site is it's own domain). You can create both forward and reverse lookup zones as secondaries, just make sure you list the HQ DNS server as an authorized device to do a zone transfer to. ...kurt >>>>> I could do with some help regarding DNS! >>>>> [quoted text clipped - 8 lines] > >...kurt How do i do this? I have tried and keep getting an error when i create the zone it says that: "The DNS server encountered an error while attempting to load the zone. The transfer of zone data from the Master server failed." I can't see where Ilist the HQ DNS server as an authorized device to do a zone transfer to? Read inline please. In news:740795ab63d79@uwe, knsljo via WinServerKB.com <u35220@uwe> typed: >>> I could do with some help regarding DNS! >>> [quoted text clipped - 14 lines] > forwarding pointed to each of the DNS servers to service DNS requests > regarding their domains from HQ. Thanks again!! By following Kurt's recommendation, the only forwarding you may want would be to your ISP's DNS servers, because by having Secondary zones for each remote domain on each DNS server, all DNS server will be able to resolve all domains without forwarding. It is not a good idea to forward back and forth between DNS servers because if you aren't careful, you could start DNS looping. DNS loops occur when two or more DNS servers forward to each other, with each telling the other to resolve unknown names.  SignatureBest regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx =================================== >Read inline please. > [quoted text clipped - 13 lines] >or more DNS servers forward to each other, with each telling the other to >resolve unknown names. I have tried to set up a secondary zone on the main HQ DNS server's forward lookup zone and reverse lookup zone for one of the remote domains but get this error: "The DNS server encountered an error while attempting to load the zone. The transfer of zone data from the Master server failed." It creates the zone but no zone data from the remote domain's DNS server gets entered. How do i get this to work? Do i also need to create a secondary zone for the HQ DNS servers on the remote domains? Read inline please. >>>>> I could do with some help regarding DNS! >>>>> [quoted text clipped - 19 lines] > It creates the zone but no zone data from the remote domain's DNS > server gets entered. How do i get this to work? On the primary zones, you need to allow zone transfers to the IP addresses of the servers with the secondaries. > Do i also need to > create a secondary zone for the HQ DNS servers on the remote domains? I would on the Win2k servers, it isn't necessary to create secondary zones on the Win2k3 servers, on those servers you can add Conditional forwarders, with "Do not use recursion for this domain" for their remote domains. By configuring the servers this way, you can forward internet requests to your ISP's DNS servers. SignatureBest regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx =================================== >Read inline please. > [quoted text clipped - 6 lines] >On the primary zones, you need to allow zone transfers to the IP addresses >of the servers with the secondaries. >The current zones that have been created both forward and reverse are AD integrated will this be a problem? I take it "allow zone transfers" is an option under the properties of the forward and reverse lookup zones? >> Do i also need to >> create a secondary zone for the HQ DNS servers on the remote domains? > >I would on the Win2k servers, it isn't necessary to create secondary zones >on the Win2k3 servers, on those servers you can add Conditional forwarders, >with "Do not use recursion for this domain" for their remote domains. > I have looked into "Conditional forwarding" it looks like that would be the solution to all my problems - if only we had 2003 on all servers. I will use this where i can. >By configuring the servers this way, you can forward internet requests to >your ISP's DNS servers. >We have a proxy server at head office so all internet requests from users must go through this first. Currently all remote office domains are configured to forward all unknown requests to HQ DNS servers then these forward to the proxy server. Read inline please. In news:740c0d5bedf27@uwe, knsljo via WinServerKB.com <u35220@uwe> typed: >> Read inline please. >> [quoted text clipped - 10 lines] >> The current zones that have been created both forward and reverse >> are AD integrated will this be a problem? Not if the ADI zones are actual replicas replicated through AD (Available on Win2k3 DNS servers in a single Forest, or Win2k DCs in the same domain) Win2k does not support cross domain replication, and therefore must use Secondary zones for other domains. IF you try to create ADI zones for other Domains on a Win2k DNS, it has no relationship with ADI zones in other Domains and will not get updated. You need to use secondary zones on Win2k to resolve other AD Domains. I take it "allow zone >> transfers" is an option under the properties of the forward and >> reverse lookup zones? Yes, on the Zone Transfers tab. >> I have looked into "Conditional forwarding" it looks like that would >> be the solution to all my problems - if only we had 2003 on all >> servers. I will use this where i can. Yes, Conditional forwarding comes in handy for resolving external domains using a particular DNS server. >> We have a proxy server at head office so all internet requests from >> users must go through this first. Currently all remote office >> domains are configured to forward all unknown requests to HQ DNS >> servers then these forward to the proxy server. Not true for proxy servers, when a browser or an application is configured to use a proxy, that application, actually gets the name resolve by the proxy server, and completely bypasses the DNS Client configuration. The only sites that are resolved by the local DNS Client, are the names configured to bypass the proxy. If a client needs DNS only for web browsing, and that client uses a Proxy server, it does not need DNS servers in TCP/IP properties. Of course Active Directory is not Proxy-abled, so the client needs DNS servers for AD, but not for web browsing. SignatureBest regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx =================================== >Read inline please. > [quoted text clipped - 40 lines] >Of course Active Directory is not Proxy-abled, so the client needs DNS >servers for AD, but not for web browsing. I created a test zone on the HQ DNS server and allowed zone transfers from one of the remote DNS servers only but it failed again i got "The DNS server encountered an error while attempting to load the zone. The transfer of zone data from the Master server failed." I created a test zone on one of our remote domains to transfer zone data from the HQ DNS server, but allowed from all addresses which worked it transferd the zone data. I will try this on the HQ server on wednesday when i'm back in the office and let you know if it works!! Can i transfer from data from all our remote domains into thisnew single zone or do i need to create a new zone for each? Thanks for all your comments by the way it has helped me no end and giving me a much better understanding of what the DNS servers are capable of. >>Read inline please. >> [quoted text clipped - 14 lines] >Thanks for all your comments by the way it has helped me no end and giving me >a much better understanding of what the DNS servers are capable of. I also need to mention that we have a secondary DNS server at HQ on our mail server, do i need to create the new zone\zones on this also or will the primary do all the work needed? And do I need to transfer the zone data of this server to the remote domain servers? - it should have pretty much all the same data as the primary. Thanks again!! Read inline please. In news:7419521adda19@uwe, knsljo via WinServerKB.com <u35220@uwe> typed: > I created a test zone on the HQ DNS server and allowed zone transfers > from one of the remote DNS servers only but it failed again i got > "The DNS server encountered an error while attempting to load the > zone. The transfer of zone data from the Master server failed." When allowing zone transfers, you allow zone transfers to the IP that the Primary sees when the transfer is requested. > I created a test zone on one of our remote domains to transfer zone > data from the HQ DNS server, but allowed from all addresses which > worked it transferd the zone data. I will try this on the HQ server > on wednesday when i'm back in the office and let you know if it > works!! > Can i transfer from data from all our remote domains into thisnew > single zone or do i need to create a new zone for each? Single Zone? In your original post you stated each of the Remote domains had their own domain name. If this is true then you need a secondary of each domain name, they will not be in a single zone. > Thanks for all your comments by the way it has helped me no end and > giving me a much better understanding of what the DNS servers are > capable of. Don't let DNS intimidate you, DNS is no more difficult than using a Telephone book. The Root Zone, (Which you don't usually see) is the publisher of the Book, the TLD is like the City the book covers, and the second level domain compares to the last name of the person you are looking for, and the host is like the person's first name. All DNS queries actually start at the Root, usually the ICANN Root, there are 13 servers at the root, and they give you the IP of the DNS servers for a particular TLD, for instance "com", there are another 13 servers servicing the com TLD, and they give the IP address of the DNS servers for a domain, e.g. microsoft.com. Once you have the IP addresses of the microsoft.com DNS servers, you server can go to those servers and get the IP of a host in microsoft.com, e.g. www.microsoft.com, or get the location of where www.microsoft.com can be found. SignatureBest regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx =================================== >Read inline please. > [quoted text clipped - 38 lines] >microsoft.com, e.g. www.microsoft.com, or get the location of where >www.microsoft.com can be found. Hi there I have managed to now implement your sugestions and it is all now working like a charm!! I created secondary forward/reverse lookup zone for each of the remote domains on the on the HQ primary and secondary DNS servers, and i also created a secondary forward/reverse lookup zone for the HQ DNS server on each of the remote domains. The whole aim of this was to allow our Servicedesk to perform automated scheduled scans of remote servers and clients to keep our inventory up to date and to monitor software changes etc. I have tested this and it is now able to do everything we require. I knew what the cause of the problem was, but i don't i would have been able to figure this out, this will save me so much time and effort. Thanks alot!! |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.