Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Cannot resolve a hostname from another trusted forest
Cannot resolve a hostname from another trusted forest [message #159026] Wed, 22 July 2009 23:46 Go to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Hi All,

At the moment we have 2 forests which I have established the 2 way trust
relationship between those 2 forests.
I cannot nslookup a host from other forest by name nor by IP address. but I
can ping a host by IP address (NOT by name).

Is it supposed to be like that? or have I missed some configuration?

Any help/ idea would be much appreciated.

Regards
Re: Cannot resolve a hostname from another trusted forest [message #159027 is a reply to message #159026] Thu, 23 July 2009 01:25 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:1FC5DF6B-E1CD-4E40-B084-6894A1DFAEED@microsoft.com...
> Hi All,
>
> At the moment we have 2 forests which I have established the 2 way trust
> relationship between those 2 forests.
> I cannot nslookup a host from other forest by name nor by IP address. but I
> can ping a host by IP address (NOT by name).
>
> Is it supposed to be like that? or have I missed some configuration?
>
> Any help/ idea would be much appreciated.
>
> Regards


I assume you've configured a Conditional Forwarder between both forests' DNS servers? Or did you create a Secondary of each?

Either way, if you pinged or tested nslookup by the FQDN, you should be able to resolce it. But you didn't specify or provide examples of your tests or how you did it.

One thing I can suggest, is to make sure there is a search suffix set for the other forest's domain suffix, and vice versa, so you can ping and nslookup by single name, otherwise use the FQDN. If the FQDN doesn't work, then you have a DNS misconfig with your conditional forwarders.

If you can elaborate, we can provide more specific suggestions.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: Cannot resolve a hostname from another trusted forest [message #159028 is a reply to message #159027] Thu, 23 July 2009 01:45 Go to previous messageGo to next message
Syed Khairuddin  is currently offline Syed Khairuddin  Saudi Arabia
Messages: 77
Registered: June 2009
Member
Hello,

In addition to Fekay's solution please see the following
article from technet as well.

http://technet.microsoft.com/en-us/library/cc756852(WS.10).aspx

For creating the forwarders please see this article.

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx


Ensure that Domain Name System (DNS) is properly set up.

Thanks and Hope it Helps
Re: Cannot resolve a hostname from another trusted forest [message #159029 is a reply to message #159027] Thu, 23 July 2009 01:48 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thanks Ace for your response.

I believe I did conditional forwarder for both forest (under DNS properties>
Forwarder)

Here is the nslookup I tested from my domain

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

H:\>nslookup
Default Server: wct01.weconnect.local
Address: 192.168.0.1

> 10.3.3.10
Server: wct01.weconnect.local
Address: 192.168.0.1

*** wct01.weconnect.local can't find 10.3.3.10: Non-existent domain
> mel-dc-01
Server: wct01.weconnect.local
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
*** Request to wct01.weconnect.local timed-out
>

Thanks and Regards,
Re: Cannot resolve a hostname from another trusted forest [message #159031 is a reply to message #159028] Thu, 23 July 2009 01:58 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thank you Syed for your help and link.

Those parts I have completed and both forest can see each other, except
resolving by name.

To ACE,

I can nslookup by FQDN, please see below.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

H:\>nslookup
Default Server: wct01.weconnect.local
Address: 192.168.0.1

> mel-dc-01.swish.local
Server: wct01.weconnect.local
Address: 192.168.0.1

Name: mel-dc-01.swish.local
Addresses: 10.3.3.136
10.3.3.10

How can I configure/ add suffix set for each domain?

Thanks and Regards
Re: Cannot resolve a hostname from another trusted forest [message #159034 is a reply to message #159031] Thu, 23 July 2009 02:30 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:D9954681-E69B-4AFB-8E09-833BF793B877@microsoft.com...
> Thank you Syed for your help and link.
>
> Those parts I have completed and both forest can see each other, except
> resolving by name.
>
> To ACE,
>
> I can nslookup by FQDN, please see below.
>
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. All rights reserved.
>
> H:\>nslookup
> Default Server: wct01.weconnect.local
> Address: 192.168.0.1
>
>> mel-dc-01.swish.local
> Server: wct01.weconnect.local
> Address: 192.168.0.1
>
> Name: mel-dc-01.swish.local
> Addresses: 10.3.3.136
> 10.3.3.10
>
> How can I configure/ add suffix set for each domain?
>
> Thanks and Regards
>


Good FQDN works. That means resolution is working. So all you need is the Search Suffix added. You can manually do it on each machine one by one in the NIC's properties, IP properties, DNS tab, and add the default and additional suffixes you need, or you can do it by script for many machines.

How to configure a domain suffix search list on the Domain Name ...A sample Regini script is provided in the "Sample Regini Script" section of this article. Unattended installation. You can populate the domain suffix search ...
http://support.microsoft.com/kb/275553

I'm sure someone else may possibly offer a VB script to do it, but this is the basics of doing it on multiple machines.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159035 is a reply to message #159029] Thu, 23 July 2009 02:29 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

vdz schrieb:
> Thanks Ace for your response.
>
> I believe I did conditional forwarder for both forest (under DNS properties>
> Forwarder)

Forwarders are a need in order to have that functioning.
Can you re-check? That is the first thing I'd check since it looks like
forwarding isn't enabled. Also, is there a firewall between the two
forests that blocks DNS requests?

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Cannot resolve a hostname from another trusted forest [message #159038 is a reply to message #159026] Thu, 23 July 2009 05:23 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
You need WINS in both ends.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"vdz" <vdz@discussions.microsoft.com> wrote in message
news:1FC5DF6B-E1CD-4E40-B084-6894A1DFAEED@microsoft.com...
> Hi All,
>
> At the moment we have 2 forests which I have established the 2 way trust
> relationship between those 2 forests.
> I cannot nslookup a host from other forest by name nor by IP address. but
> I
> can ping a host by IP address (NOT by name).
>
> Is it supposed to be like that? or have I missed some configuration?
>
> Any help/ idea would be much appreciated.
>
> Regards
Re: Cannot resolve a hostname from another trusted forest [message #159039 is a reply to message #159038] Thu, 23 July 2009 07:19 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Additionally you may configure the other forest dns suffix under NIC
TCP/IP->DNS properties and test it.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:413B0F7B-3717-43E9-90DC-94B08E821448@microsoft.com...
> Hi
> You need WINS in both ends.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "vdz" <vdz@discussions.microsoft.com> wrote in message
> news:1FC5DF6B-E1CD-4E40-B084-6894A1DFAEED@microsoft.com...
>> Hi All,
>>
>> At the moment we have 2 forests which I have established the 2 way trust
>> relationship between those 2 forests.
>> I cannot nslookup a host from other forest by name nor by IP address. but
>> I
>> can ping a host by IP address (NOT by name).
>>
>> Is it supposed to be like that? or have I missed some configuration?
>>
>> Any help/ idea would be much appreciated.
>>
>> Regards
>
Re: Cannot resolve a hostname from another trusted forest [message #159044 is a reply to message #159034] Thu, 23 July 2009 08:46 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thank you ACE again.

Since there is not many of them I need to resolve by name, so I am going to
do manually one by one.
Can you give please give me one example say I want to resolve
mel-dc-01.swish.local this server within my network weconnect.local.

Thanks

Regards
"Ace Fekay [MCT]" wrote:

> "vdz" <vdz@discussions.microsoft.com> wrote in message news:D9954681-E69B-4AFB-8E09-833BF793B877@microsoft.com...
> > Thank you Syed for your help and link.
> >
> > Those parts I have completed and both forest can see each other, except
> > resolving by name.
> >
> > To ACE,
> >
> > I can nslookup by FQDN, please see below.
> >
> > Microsoft Windows [Version 6.0.6001]
> > Copyright (c) 2006 Microsoft Corporation. All rights reserved.
> >
> > H:\>nslookup
> > Default Server: wct01.weconnect.local
> > Address: 192.168.0.1
> >
> >> mel-dc-01.swish.local
> > Server: wct01.weconnect.local
> > Address: 192.168.0.1
> >
> > Name: mel-dc-01.swish.local
> > Addresses: 10.3.3.136
> > 10.3.3.10
> >
> > How can I configure/ add suffix set for each domain?
> >
> > Thanks and Regards
> >
>
>
> Good FQDN works. That means resolution is working. So all you need is the Search Suffix added. You can manually do it on each machine one by one in the NIC's properties, IP properties, DNS tab, and add the default and additional suffixes you need, or you can do it by script for many machines.
>
> How to configure a domain suffix search list on the Domain Name ...A sample Regini script is provided in the "Sample Regini Script" section of this article. Unattended installation. You can populate the domain suffix search ...
> http://support.microsoft.com/kb/275553
>
> I'm sure someone else may possibly offer a VB script to do it, but this is the basics of doing it on multiple machines.
>
> Ace
>
>
Re: Cannot resolve a hostname from another trusted forest [message #159046 is a reply to message #159044] Thu, 23 July 2009 09:07 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
WINS!!!!

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"vdz" <vdz@discussions.microsoft.com> wrote in message
news:1B359AF7-36B6-4658-B250-A311949C9C04@microsoft.com...
> Thank you ACE again.
>
> Since there is not many of them I need to resolve by name, so I am going
> to
> do manually one by one.
> Can you give please give me one example say I want to resolve
> mel-dc-01.swish.local this server within my network weconnect.local.
>
> Thanks
>
> Regards
> "Ace Fekay [MCT]" wrote:
>
>> "vdz" <vdz@discussions.microsoft.com> wrote in message
>> news:D9954681-E69B-4AFB-8E09-833BF793B877@microsoft.com...
>> > Thank you Syed for your help and link.
>> >
>> > Those parts I have completed and both forest can see each other, except
>> > resolving by name.
>> >
>> > To ACE,
>> >
>> > I can nslookup by FQDN, please see below.
>> >
>> > Microsoft Windows [Version 6.0.6001]
>> > Copyright (c) 2006 Microsoft Corporation. All rights reserved.
>> >
>> > H:\>nslookup
>> > Default Server: wct01.weconnect.local
>> > Address: 192.168.0.1
>> >
>> >> mel-dc-01.swish.local
>> > Server: wct01.weconnect.local
>> > Address: 192.168.0.1
>> >
>> > Name: mel-dc-01.swish.local
>> > Addresses: 10.3.3.136
>> > 10.3.3.10
>> >
>> > How can I configure/ add suffix set for each domain?
>> >
>> > Thanks and Regards
>> >
>>
>>
>> Good FQDN works. That means resolution is working. So all you need is the
>> Search Suffix added. You can manually do it on each machine one by one in
>> the NIC's properties, IP properties, DNS tab, and add the default and
>> additional suffixes you need, or you can do it by script for many
>> machines.
>>
>> How to configure a domain suffix search list on the Domain Name ...A
>> sample Regini script is provided in the "Sample Regini Script" section of
>> this article. Unattended installation. You can populate the domain suffix
>> search ...
>> http://support.microsoft.com/kb/275553
>>
>> I'm sure someone else may possibly offer a VB script to do it, but this
>> is the basics of doing it on multiple machines.
>>
>> Ace
>>
>>
Re: Cannot resolve a hostname from another trusted forest [message #159056 is a reply to message #159044] Thu, 23 July 2009 10:09 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:1B359AF7-36B6-4658-B250-A311949C9C04@microsoft.com...
> Thank you ACE again.
>
> Since there is not many of them I need to resolve by name, so I am going to
> do manually one by one.
> Can you give please give me one example say I want to resolve
> mel-dc-01.swish.local this server within my network weconnect.local.
>

To resolve anything under swish.local using nslookup or ping for the domain, you would have to add that in NIC properties, IP properties, Advanced button, DNS tab. Add it in there. Check with ipconfig /all to make sure it was added and your own weconnect.local still exists. If not, you did something wrong.

I would also suggest WINS for NetBIOS resolution, as Jorge mentioned. This also provides network browsing on both sides of the fence.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159070 is a reply to message #159056] Thu, 23 July 2009 15:02 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
I'm saying WINS because is the simplest way to achieve what you want, you
can use additional DNS suffixes, but that (especially for non-dhcp clients)
will require more work.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:e1CP%2385CKHA.4316@TK2MSFTNGP04.phx.gbl...
"vdz" <vdz@discussions.microsoft.com> wrote in message
news:1B359AF7-36B6-4658-B250-A311949C9C04@microsoft.com...
> Thank you ACE again.
>
> Since there is not many of them I need to resolve by name, so I am going
> to
> do manually one by one.
> Can you give please give me one example say I want to resolve
> mel-dc-01.swish.local this server within my network weconnect.local.
>

To resolve anything under swish.local using nslookup or ping for the domain,
you would have to add that in NIC properties, IP properties, Advanced
button, DNS tab. Add it in there. Check with ipconfig /all to make sure it
was added and your own weconnect.local still exists. If not, you did
something wrong.

I would also suggest WINS for NetBIOS resolution, as Jorge mentioned. This
also provides network browsing on both sides of the fence.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159078 is a reply to message #159070] Thu, 23 July 2009 17:46 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:4D50D665-FC29-4E95-BC68-B52AA9A5876F@microsoft.com...
> I'm saying WINS because is the simplest way to achieve what you want, you
> can use additional DNS suffixes, but that (especially for non-dhcp clients)
> will require more work.

Jorge,

Good point, and I totally agree, I would have had WINS in place from the beginning, if I had set it up, as well as rolled out a script for the suffix. It will surely make things easiser, at least to satisfy pinging single name requirements. But if VDZ wants to use nslookup querying single names, for whatever reason, he'll definitely need the suffixes.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159079 is a reply to message #159039] Thu, 23 July 2009 17:56 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thank you Jorge and Ace for your great help.

In regards to WINS, do you mean that I have to get a WINS server up and
running like DNS server? Thanks

Regards

"Jorge Silva" wrote:

> Additionally you may configure the other forest dns suffix under NIC
> TCP/IP->DNS properties and test it.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:413B0F7B-3717-43E9-90DC-94B08E821448@microsoft.com...
> > Hi
> > You need WINS in both ends.
> >
> > --
> > I hope that the information above helps you.
> > Have a Nice day.
> >
> > Jorge Silva
> > MVP Directory Services
> > "vdz" <vdz@discussions.microsoft.com> wrote in message
> > news:1FC5DF6B-E1CD-4E40-B084-6894A1DFAEED@microsoft.com...
> >> Hi All,
> >>
> >> At the moment we have 2 forests which I have established the 2 way trust
> >> relationship between those 2 forests.
> >> I cannot nslookup a host from other forest by name nor by IP address. but
> >> I
> >> can ping a host by IP address (NOT by name).
> >>
> >> Is it supposed to be like that? or have I missed some configuration?
> >>
> >> Any help/ idea would be much appreciated.
> >>
> >> Regards
> >
>
Re: Cannot resolve a hostname from another trusted forest [message #159081 is a reply to message #159079] Thu, 23 July 2009 18:11 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:2E1199A4-9C6A-48FB-A3CD-6725C3BC3DB3@microsoft.com...
> Thank you Jorge and Ace for your great help.
>
> In regards to WINS, do you mean that I have to get a WINS server up and
> running like DNS server? Thanks

Yes. Install on on your side and the other forest. Setup a WINS Replication partnership. Add the WINS server on your side to ALL your machine on your side, and vice-versa for their side.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159083 is a reply to message #159081] Thu, 23 July 2009 18:27 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thank you Ace and Jorge again.

I am going to install WINs and let see how I go.
By the way, after adding swish.local to DNS suffix, I am able to nslookup by
name (but not by IP).

Once again much appreciated all your effort and help.

Best Regards
Re: Cannot resolve a hostname from another trusted forest [message #159085 is a reply to message #159083] Thu, 23 July 2009 18:50 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:B0B10FB2-345A-4571-BA99-A2C4E15F2998@microsoft.com...
> Thank you Ace and Jorge again.
>
> I am going to install WINs and let see how I go.
> By the way, after adding swish.local to DNS suffix, I am able to nslookup by
> name (but not by IP).
>
> Once again much appreciated all your effort and help.
>
> Best Regards


YOu are welcome.

Nslookup by IP requires a reverse zone for your forest and for theirs. YOu can create conditional forwarders for reverse zones as well.

Examples:

10.x.y.z = 10.in-addr.arpa
172.16.x.y = 16.172.in-addr.arpa
192.168.30.x - 30.168.192.in-addr.arpa

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159086 is a reply to message #159085] Thu, 23 July 2009 19:14 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
Thanks a lot again. you are indeed a champ. :)

Regards

"Ace Fekay [MCT]" wrote:

> "vdz" <vdz@discussions.microsoft.com> wrote in message news:B0B10FB2-345A-4571-BA99-A2C4E15F2998@microsoft.com...
> > Thank you Ace and Jorge again.
> >
> > I am going to install WINs and let see how I go.
> > By the way, after adding swish.local to DNS suffix, I am able to nslookup by
> > name (but not by IP).
> >
> > Once again much appreciated all your effort and help.
> >
> > Best Regards
>
>
> YOu are welcome.
>
> Nslookup by IP requires a reverse zone for your forest and for theirs. YOu can create conditional forwarders for reverse zones as well.
>
> Examples:
>
> 10.x.y.z = 10.in-addr.arpa
> 172.16.x.y = 16.172.in-addr.arpa
> 192.168.30.x - 30.168.192.in-addr.arpa
>
> Ace
>
Re: Cannot resolve a hostname from another trusted forest [message #159088 is a reply to message #159083] Thu, 23 July 2009 19:24 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ok,
- Can you explain why you need nslookup, or is only for test purposes?
- If your apps are do queries by name, the fast way is to set up a WINS in
both ends and configure replication between them as Ace described (WINS
replication may take some time depending of the size of the network).
- Then point the clients in each domain to the local WINS server. Network
Browsing will also rock after WINS is installed and you'll be able to see
all clients/servers that are registered in WINS.

- To query ip (reverse zones), Ace already explain how to do that. To
configure the additional suffixes you need .

- After defining the DNS suffixes, remember that is a good practice to
configure the "DNS suffix for this connection" option with your FQDN and
then select the option "Use this connection's DNS suffix in DNS
registration" this will avoid attempts from your clients to try to register
the NIC in the wrong domain and additionally overloading your wan link.

IMO, if your real needs are NOT nslookup cmds and just non-fqdn, WINS is the
simplest way. If you need pure DNS name resolution, I would use (of course,
I don't know your network and this may not be an option for you) secondary
zones for each local DNS servers. By doing this, clients DNS queries are
"solved" locally in their local DNS server faster than any other option. If
secondary zones are not an option, then Conditional Forwarding, is not so
fast as Secondary but generally good enough.


--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"vdz" <vdz@discussions.microsoft.com> wrote in message
news:B0B10FB2-345A-4571-BA99-A2C4E15F2998@microsoft.com...
> Thank you Ace and Jorge again.
>
> I am going to install WINs and let see how I go.
> By the way, after adding swish.local to DNS suffix, I am able to nslookup
> by
> name (but not by IP).
>
> Once again much appreciated all your effort and help.
>
> Best Regards
Re: Cannot resolve a hostname from another trusted forest [message #159089 is a reply to message #159086] Thu, 23 July 2009 19:51 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:0D9288DF-9EA6-430E-A250-303328EDEECA@microsoft.com...
> Thanks a lot again. you are indeed a champ. :)

You are welcome!

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159090 is a reply to message #159088] Thu, 23 July 2009 19:53 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:8ADC5828-8F3D-42A4-A95C-C0733713CFEF@microsoft.com...
> Ok,
> - Can you explain why you need nslookup, or is only for test purposes?
> - If your apps are do queries by name, the fast way is to set up a WINS in
> both ends and configure replication between them as Ace described (WINS
> replication may take some time depending of the size of the network).
> - Then point the clients in each domain to the local WINS server. Network
> Browsing will also rock after WINS is installed and you'll be able to see
> all clients/servers that are registered in WINS.
>
> - To query ip (reverse zones), Ace already explain how to do that. To
> configure the additional suffixes you need .
>
> - After defining the DNS suffixes, remember that is a good practice to
> configure the "DNS suffix for this connection" option with your FQDN and
> then select the option "Use this connection's DNS suffix in DNS
> registration" this will avoid attempts from your clients to try to register
> the NIC in the wrong domain and additionally overloading your wan link.
>
> IMO, if your real needs are NOT nslookup cmds and just non-fqdn, WINS is the
> simplest way. If you need pure DNS name resolution, I would use (of course,
> I don't know your network and this may not be an option for you) secondary
> zones for each local DNS servers. By doing this, clients DNS queries are
> "solved" locally in their local DNS server faster than any other option. If
> secondary zones are not an option, then Conditional Forwarding, is not so
> fast as Secondary but generally good enough.

You make very good points, including the Suffix option and registration.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159095 is a reply to message #159088] Thu, 23 July 2009 21:46 Go to previous messageGo to next message
vdz  is currently offline vdz
Messages: 50
Registered: July 2009
Member
The more you explain, the more I learn. Thank you Jorge
First, it is what I've wanted to learn for a long time since I studied MCSE
2000.
Second, apprantely one of SQL datbase in the other domain does not like IP
address when I try to connect this database by IP, as we all know SQL datbase
is very strict about the hostname. So I thought it could be the case.

Thanks a lot for your excellent point and recommendation.

Regards

"Jorge Silva" wrote:

> Ok,
> - Can you explain why you need nslookup, or is only for test purposes?
> - If your apps are do queries by name, the fast way is to set up a WINS in
> both ends and configure replication between them as Ace described (WINS
> replication may take some time depending of the size of the network).
> - Then point the clients in each domain to the local WINS server. Network
> Browsing will also rock after WINS is installed and you'll be able to see
> all clients/servers that are registered in WINS.
>
> - To query ip (reverse zones), Ace already explain how to do that. To
> configure the additional suffixes you need .
>
> - After defining the DNS suffixes, remember that is a good practice to
> configure the "DNS suffix for this connection" option with your FQDN and
> then select the option "Use this connection's DNS suffix in DNS
> registration" this will avoid attempts from your clients to try to register
> the NIC in the wrong domain and additionally overloading your wan link.
>
> IMO, if your real needs are NOT nslookup cmds and just non-fqdn, WINS is the
> simplest way. If you need pure DNS name resolution, I would use (of course,
> I don't know your network and this may not be an option for you) secondary
> zones for each local DNS servers. By doing this, clients DNS queries are
> "solved" locally in their local DNS server faster than any other option. If
> secondary zones are not an option, then Conditional Forwarding, is not so
> fast as Secondary but generally good enough.
>
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "vdz" <vdz@discussions.microsoft.com> wrote in message
> news:B0B10FB2-345A-4571-BA99-A2C4E15F2998@microsoft.com...
> > Thank you Ace and Jorge again.
> >
> > I am going to install WINs and let see how I go.
> > By the way, after adding swish.local to DNS suffix, I am able to nslookup
> > by
> > name (but not by IP).
> >
> > Once again much appreciated all your effort and help.
> >
> > Best Regards
>
Re: Cannot resolve a hostname from another trusted forest [message #159096 is a reply to message #159095] Thu, 23 July 2009 22:47 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"vdz" <vdz@discussions.microsoft.com> wrote in message news:1DB4EFFC-CC62-494D-9652-861AC50AACDE@microsoft.com...
> The more you explain, the more I learn. Thank you Jorge
> First, it is what I've wanted to learn for a long time since I studied MCSE
> 2000.
> Second, apprantely one of SQL datbase in the other domain does not like IP
> address when I try to connect this database by IP, as we all know SQL datbase
> is very strict about the hostname. So I thought it could be the case.
>
> Thanks a lot for your excellent point and recommendation.
>


If SQL is involved, then you will need WINS.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159107 is a reply to message #159096] Fri, 24 July 2009 08:30 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
As suspected :) WINS...

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:ONw5hkADKHA.1336@TK2MSFTNGP05.phx.gbl...
"vdz" <vdz@discussions.microsoft.com> wrote in message
news:1DB4EFFC-CC62-494D-9652-861AC50AACDE@microsoft.com...
> The more you explain, the more I learn. Thank you Jorge
> First, it is what I've wanted to learn for a long time since I studied
> MCSE
> 2000.
> Second, apprantely one of SQL datbase in the other domain does not like IP
> address when I try to connect this database by IP, as we all know SQL
> datbase
> is very strict about the hostname. So I thought it could be the case.
>
> Thanks a lot for your excellent point and recommendation.
>


If SQL is involved, then you will need WINS.

Ace
Re: Cannot resolve a hostname from another trusted forest [message #159110 is a reply to message #159107] Fri, 24 July 2009 09:21 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:39B623A5-8FB3-45F8-8D77-2C01183D9236@microsoft.com...
> As suspected :) WINS...

Yep! :-)
Previous Topic:AD on XP/Limit Activities
Next Topic:Active Directory GPO Delivered Software
Goto Forum:
  


Current Time: Wed Oct 18 01:34:18 EDT 2017

Total time taken to generate the page: 0.05105 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software