DNS between two domains RESOLVED

[edie209]

We have two domains curriculum and admin when we lost our domain controller last week we also seem to have lost our trust between the two domains.

When I try to restore the trust starting on curriculum to admin I get the message that the admin domain is not a valid windows domain name (admin.school)

Dns resolves on both separate domains but not between each other any suggestions?

[Osprey]

Try adding the IP address of the Curric DNS server as the first forwarder on the Admin DNS server and vice versa.

[PiqueABoo]

If it's 2K3 then stub zones have a bit more uh.. "finesse".

[edie209]

Hi piqueaBoo could you explain more it is 2K3

@Opsprey I have tried that thanks

[PiqueABoo]

On DomainA you make a DNS stub zone for DomainB, and vice versa (Google for guides for creating a stub zone). If you're on a DomainA box and make a DNS request for something in DomainB, then the DomainA now has enough information to go to DomainB for the answer (should cache that), and vice versa.

This is neater than forwarders, but if you did forwarders right (and if after clearing the respective caches could resolve say www.edugeek.net from boxes in both domains) and your trusts still didn't work then stub zones probably won't help either

I'd go to a DC for DomainA and try an nslookup like this:

nslookup
>set type=all
>_ldap._tcp.dc._msdcs.<domain name>

Where <domain name> is fully qualified domain name for DomainB e.g.
domainb.local. If that give a sensible answer[1], try the vice versa on a DC for DomainB.

[1] Fully qualified domain names and IP addresses of DCs in the DomainB.

[edie209]

Thanks for that I will try that in the morning

[edie209]

I have now run the nslookup command

on domain A (admin) i get

Code:

server.admin.school 10.64.x.x

*** server.admin.school can't find _ldap._tcp.dc._msdcs.school.lea.sch.uk: non-Existent domain

On domain B (curriculum) I get

Code:

Server: unknown
Address: 10.2.x.x

DNS request times out 
       timeout was 2 seconds
*** request to Unknown timed-out

Also after doing a netdiag /fix on both domain controllers I get errors on the Admin DNS

Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{D75039EA-934D-47E5-97BC-6930DA7863D4}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry t. re-registeration on DNS server '10.64
.169.25' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry t. re-registeration on DNS server '10.64
.169.25' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.t. re-registeration on DNS se
rver '10.64.169.25' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.t. re-registeration on DNS server '10.64.169.25' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '10.64.169.25'.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{D75039EA-934D-47E5-97BC-6930DA7863D4}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D75039EA-934D-47E5-97BC-6930DA7863D4}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

[edie209]

I have fixed this problem after many painful hours this is what I did just incase anyone else ever has this problem

On the admin DNS server properties sheet, select the Forwarders tab under
DNS Domain, click "New" enter the Domain Name of the curriculum domain, click OK, check the "Do not use recursion for this domain" box and enter the IP addresses of the DNS server for the curriculum domain. Then repeat these steps on the curriculum DNS server.