Inter-Forest Reverse Lookup

Home Forums Microsoft Networking and Management Services DNS Inter-Forest Reverse Lookup

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Participant
    Jun 08, 2011 at 4:43 pm #154987

    Environment:

    FOREST 01: x.tld : 172.18.50.0
    domain 01: x.tld : domain controllers = dc01.x.tld , dc02.x.tld
    domain 02: prod.x.tld : domain controllers = dcp01.x.tld , dcp02.x.tld
    domain 03: office.x.tld : domain controllers = dco01.x.tld , dco02.x.tld

    FOREST 02: dev.x.tld : 172.17.50.0
    domain 01: dev.x.tld : domain controllers = dc01.dev.x.tld , dc02.dev.x.tld

    A trust relationship exists between office.x.tld and dev.x.tld

    All domain controllers (Windows 2008 R2) are DNS servers.

    Within each forest, DNS zones are replicated to every domain controller.

    In the x.tld forest, conditional forwarders are configured for dev.x.tld

    In the dev.x.tld forest, conditional forwarders are configured for x.tld and prod.x.tld

    PROBLEM: From any server in dev.x.tld , reverse lookups for prod.x.tld are failing if the DNS server queried is in dev.x.tld

    [[email protected] ~]$ nslookup 172.18.50.159 dcp02.prod.x.tld
    Server: dcp02.prod.x.tld
    Address: 172.18.50.132#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    [[email protected] ~]$ nslookup 172.18.50.159 dco01.office.x.tld
    Server: dco01.office.x.tld
    Address: 172.18.50.150#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    [[email protected] ~]$ nslookup 172.18.50.159 dco02.office.x.tld
    Server: dco02.office.x.tld
    Address: 172.18.50.151#53

    159.50.18.172.in-addr.arpa name = soa.prod.x.tld. [works]

    Why o’ why does this one fail?

    [[email protected] ~]$ nslookup 172.18.50.159 dc01.dev.x.tld
    Server: dc01.dev.x.tld
    Address: 172.17.50.103#53

    ** server can’t find 159.50.18.172.in-addr.arpa.: NXDOMAIN [fails]

    Certainly has something to do with Reverse zone lookups/transfers, but I haven’t got the Window’s knowledge to fix it.

    I think the best way to resolve this would be to have the DNS zones replicated from x.tld to dev.x.tld.

    Can this be done across two different forests?

    When I look in the zone replication properties, the options are to replicate

    To all DNS servers running on domain controllers in this forest
    To all DNS servers running on domain controllers in this domain
    To all domain controllers in this domain (for Windows 2000 compatibility)

    I don’t see any option to replicate zone data across a forest.

  • Author
    Posts
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Reach Out
Learn More
Sitemap

© 2020 BWW Media Group Terms and Conditions of Use | Privacy Policy

We use cookies to improve your browsing experience.

Find out more about our cookie policy here.