Inter-Forest Reverse Lookup

Home Forums Microsoft Networking and Management Services DNS Inter-Forest Reverse Lookup

This topic contains 2 replies, has 3 voices, and was last updated by Avatar Zemog 2 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Participant
    #154987

    Environment:

    FOREST 01: x.tld : 172.18.50.0
    domain 01: x.tld : domain controllers = dc01.x.tld , dc02.x.tld
    domain 02: prod.x.tld : domain controllers = dcp01.x.tld , dcp02.x.tld
    domain 03: office.x.tld : domain controllers = dco01.x.tld , dco02.x.tld

    FOREST 02: dev.x.tld : 172.17.50.0
    domain 01: dev.x.tld : domain controllers = dc01.dev.x.tld , dc02.dev.x.tld

    A trust relationship exists between office.x.tld and dev.x.tld

    All domain controllers (Windows 2008 R2) are DNS servers.

    Within each forest, DNS zones are replicated to every domain controller.

    In the x.tld forest, conditional forwarders are configured for dev.x.tld

    In the dev.x.tld forest, conditional forwarders are configured for x.tld and prod.x.tld

    PROBLEM: From any server in dev.x.tld , reverse lookups for prod.x.tld are failing if the DNS server queried is in dev.x.tld

    [[email protected] ~]$ nslookup 172.18.50.159 dcp02.prod.x.tld
    Server: dcp02.prod.x.tld
    Address: 172.18.50.132#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    [[email protected] ~]$ nslookup 172.18.50.159 dco01.office.x.tld
    Server: dco01.office.x.tld
    Address: 172.18.50.150#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    [[email protected] ~]$ nslookup 172.18.50.159 dco02.office.x.tld
    Server: dco02.office.x.tld
    Address: 172.18.50.151#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    Why o’ why does this one fail?

    [[email protected] ~]$ nslookup 172.18.50.159 dc01.dev.x.tld
    Server: dc01.dev.x.tld
    Address: 172.17.50.103#53

    ** server can’t find 159.50.18.172.in-addr.arpa.: NXDOMAIN [fails]

    Certainly has something to do with Reverse zone lookups/transfers, but I haven’t got the Window’s knowledge to fix it.

    I think the best way to resolve this would be to have the DNS zones replicated from x.tld to dev.x.tld.

    Can this be done across two different forests?

    When I look in the zone replication properties, the options are to replicate

    To all DNS servers running on domain controllers in this forest
    To all DNS servers running on domain controllers in this domain
    To all domain controllers in this domain (for Windows 2000 compatibility)

    I don’t see any option to replicate zone data across a forest.

    Avatar
    Zemog
    Member
    #391869

    HI,
    I have the same issue in my environment as well. Have two different forests (one is for Development and another is for Production )with no trusts but forwarders configured for DNS lookup between both domains..
    Forward lookup is ok as the forwarder was configured but in the case of reverse lookup we face the problem as the same first octet used in both forest Reverrse zones as below.

    Appreciate your idea on this.
    Development : 10.in-addr.arpa (10.209.xx ,10.213,xx.10.216.xx)
    Production : 10.in-addr.arpa (10.208.xx,10.212.xx,10.215.xx)

    Avatar
    wullieb1
    Moderator
    #245664

    In the forest instance setup a secondary zone that updates from the DNS server on the main site.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.