Announcement

Collapse
No announcement yet.

Inter-Forest Reverse Lookup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Inter-Forest Reverse Lookup

    Environment:

    FOREST 01: x.tld : 172.18.50.0
    domain 01: x.tld : domain controllers = dc01.x.tld , dc02.x.tld
    domain 02: prod.x.tld : domain controllers = dcp01.x.tld , dcp02.x.tld
    domain 03: office.x.tld : domain controllers = dco01.x.tld , dco02.x.tld

    FOREST 02: dev.x.tld : 172.17.50.0
    domain 01: dev.x.tld : domain controllers = dc01.dev.x.tld , dc02.dev.x.tld


    A trust relationship exists between office.x.tld and dev.x.tld

    All domain controllers (Windows 2008 R2) are DNS servers.

    Within each forest, DNS zones are replicated to every domain controller.


    In the x.tld forest, conditional forwarders are configured for dev.x.tld

    In the dev.x.tld forest, conditional forwarders are configured for x.tld and prod.x.tld



    PROBLEM: From any server in dev.x.tld , reverse lookups for prod.x.tld are failing if the DNS server queried is in dev.x.tld

    [[email protected] ~]$ nslookup 172.18.50.159 dcp02.prod.x.tld
    Server: dcp02.prod.x.tld
    Address: 172.18.50.132#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]


    [[email protected] ~]$ nslookup 172.18.50.159 dco01.office.x.tld
    Server: dco01.office.x.tld
    Address: 172.18.50.150#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]


    [[email protected] ~]$ nslookup 172.18.50.159 dco02.office.x.tld
    Server: dco02.office.x.tld
    Address: 172.18.50.151#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]


    Why o’ why does this one fail?

    [[email protected] ~]$ nslookup 172.18.50.159 dc01.dev.x.tld
    Server: dc01.dev.x.tld
    Address: 172.17.50.103#53

    ** server can't find 159.50.18.172.in-addr.arpa.: NXDOMAIN [fails]


    Certainly has something to do with Reverse zone lookups/transfers, but I haven’t got the Window’s knowledge to fix it.
    I think the best way to resolve this would be to have the DNS zones replicated from x.tld to dev.x.tld.

    Can this be done across two different forests?

    When I look in the zone replication properties, the options are to replicate
    To all DNS servers running on domain controllers in this forest
    To all DNS servers running on domain controllers in this domain
    To all domain controllers in this domain (for Windows 2000 compatibility)
    I don't see any option to replicate zone data across a forest.
    Attached Files

  • #2
    HI,
    I have the same issue in my environment as well. Have two different forests (one is for Development and another is for Production )with no trusts but forwarders configured for DNS lookup between both domains..
    Forward lookup is ok as the forwarder was configured but in the case of reverse lookup we face the problem as the same first octet used in both forest Reverrse zones as below.

    Appreciate your idea on this.
    Development : 10.in-addr.arpa (10.209.xx ,10.213,xx.10.216.xx)
    Production : 10.in-addr.arpa (10.208.xx,10.212.xx,10.215.xx)

    Comment


    • #3
      In the forest instance setup a secondary zone that updates from the DNS server on the main site.

      Comment

      Working...
      X