none
Conditional forwarding with non authoritative DNS server RRS feed

  • Question

  • Hi,

    we have a vpn connection from our office to our customers network. The customer has given us the name of one of his dns servers that we can use to resolve the addresses of his network. Now our problem is, that there are several domains in the customers network. The address of the dns server is dnsmuc.muc. If I create a conditional forwarder for the domain .muc everthing works fine but if I create a conditional forwarder for .corp there comes a message like "the server with this ip address is not authoritative for the required zone".
    So my question is: "How can we create a conditional forwarder or something similar to resolve all domain names with the dns server dnsmuc.muc?"

    Regards,

    Hallasan
    Monday, February 8, 2010 8:30 AM

Answers

  • Hello Sascha,


    In regards to your question.

    the dnsmuc.muc can resolve or has forwarders to all domains in the customer's network. I have configured a conditional forwarder for the .muc domain.When I make a nslookup for as an example server.europe.cust.corp the condition is not matched and our dns server will not forward to the dnsmuc.muc. So how can it be enough to create a conditional forwarder for the .muc domain. I think I'm missing something.

    If you want to resolve hostnames in the europe.cust.corp domain, create a conditional fowarder as well for that domain (europe.cust.corp) and send it to the IP address of the DNS server that hosts that authoritative zone.  You need to do this same process for each domain name that you want to forward queires to.  A conditional forwarder will only work if there is a match to a domain name.  Otherwise, if you want all queries to be forwarded, then choose plain "Forwarders" which is located in the properties of the server node.

    Resource --> DNS Conditional Forwarding in Windows Server

    Monday, February 8, 2010 9:14 PM

All replies

  • Hey members,

    what's wrong with my question. I can't believe that no one has an answer on this.

    Cheers,

    Hallsan
    Monday, February 8, 2010 5:39 PM
  • Hello Hallsan,

    All you need to do is create a Conditional forwarder to the .muc. The DNSMUC.MUC, if configured properly should be able to resolve all the domains within the customer's network. That way you can resolve to any domain via .muc.
    So make sure the customer's dns server DNSMUC.MUC can resolve or have forwaders to all domain in the customer's network
    Isaac Oben MCITP:EA, MCSE
    Monday, February 8, 2010 5:54 PM
  • Hi Isaac,

    the dnsmuc.muc can resolve or has forwarders to all domains in the customer's network. I have configured a conditional forwarder for the .muc domain. When I make a nslookup for as an example server.europe.cust.corp the condition is not matched and our dns server will not forward to the dnsmuc.muc. So how can it be enough to create a conditional forwarder for the .muc domain. I think I'm missing something.

    Regards,

    Sascha
    Monday, February 8, 2010 6:47 PM
  • Hello Sascha,

    Ask the customer if all tehy have a master DNS server that resolves names for all of these domains, if they do, that is what you need. If not ask if each of this domain have separated DNS servers? If so then you may want to look into creating stub zones.

    It seems you might have to create stub zones for each namespace on the customers network..

    Question: When you vpn into the customers network and you do an nslookup what do you get? you should get a dns from the customer and via VPN you should be able to reslove everything without even needing to setup additional zones.
    Isaac Oben MCITP:EA, MCSE
    Monday, February 8, 2010 7:40 PM
  • Hello Isaac,

    the VPN is directly between our Gateway in our office and the customer's network. It's more like a permanent connection. Behind our Gateway is our DNS server and a RAS server. If we are dialing in to our RAS server in the office we want be able to resolve the DNS names of the customer's network. For testing purposes I've set up the customer's dnsmuc.muc in my personal VPN connection at home and it works fine. But this is not the preferred way. It will be better to use our DNS server to forward the DNS queries regarding the customer's domains. There is no master DNS server at the customer's site because they have a huge network with more than 70000 clients and 15000 servers. The only DNS server we can access is the dnsmuc.muc. So if you have no more ideas I think we have to configure the dnsmuc.muc for all clients on our site as secondary DNS server even if I thought there must be a more graceful solution.

    Cheers,

    Sascha
    Monday, February 8, 2010 7:54 PM
  • Hello Sascha,

    I am not sure in a secondary zones is the answer here..But if that is what you choose, great.

    I give you an example, say you physically wlak into one of the customer's offices, and you try to resolve a name within it's vast network, how will that work if they don't have an authouritative prinary dns server?

    I think they need to give you the ip or names of the authouritative dns servers of their network and you can add all this in the conditional forwarders zones or create a stub zone


    Isaac Oben MCITP:EA, MCSE
    Monday, February 8, 2010 8:27 PM
  • Select one of the options from #2 in the following article.  I would recommend AD Integrated DNS Forwarder to the IP Addresses given to you for dnsmuc.muc.  I would not use Secondaries as they are two hard to manage and take up your resources (bandwidth, CPU).

    Windows DNS Best practices
    http://networkadminkb.com/Shared%20Documents/Windows%202003%20DNS%20Best%20Practices.aspx
    Monday, February 8, 2010 8:35 PM
  • Hello Sascha,


    In regards to your question.

    the dnsmuc.muc can resolve or has forwarders to all domains in the customer's network. I have configured a conditional forwarder for the .muc domain.When I make a nslookup for as an example server.europe.cust.corp the condition is not matched and our dns server will not forward to the dnsmuc.muc. So how can it be enough to create a conditional forwarder for the .muc domain. I think I'm missing something.

    If you want to resolve hostnames in the europe.cust.corp domain, create a conditional fowarder as well for that domain (europe.cust.corp) and send it to the IP address of the DNS server that hosts that authoritative zone.  You need to do this same process for each domain name that you want to forward queires to.  A conditional forwarder will only work if there is a match to a domain name.  Otherwise, if you want all queries to be forwarded, then choose plain "Forwarders" which is located in the properties of the server node.

    Resource --> DNS Conditional Forwarding in Windows Server

    Monday, February 8, 2010 9:14 PM