DNS Problem - Domain Trust
Our SIMS is managed by an LEA support team. Last year they introduced a Domain Trust between our Admin and Curriculum networks so that SIMS .Net could be installed on the teacher laptops.
I've finally had chance to introduce some better servers (on the curriculum domain) this summer and currently I'm looking through the DNS settings on both domains to make sure the Trust is still working. Everything is in place and works fine when either a Secondary Zone or Stub Zone is used for the Forward Lookup Zones of the other domain - from past advice from Geoff I'll be using stub zones to point to the NameServers in the other domain.
This is the problem I am having:-
curriculum.com DNS server (IP 192.168.0.1) has a Stub Zone setup for admin.com domain and it populates the information fine - it has a SOA, NS and A record for the AdminServer (IP 192.160.2.100). However if I then try and ping AdminServer from CurriculumServer it says "Ping request could not find host AdminServer". I can ping AdminServer's IP address.
The same situation is apparent when doing the same process in the opposite direction.
This problem was overcome by putting the Trusted Server details into the DNS' hosts file. This has to be done on Laptop builds as well so that the laptops can 'find' the AdminServer.
What's going on here? Surely once the details are populated in a DNS Lookup Zone the hosts file shouldn't need to be used?
Thanks in advance for your help - I hope this makes a modicum of sense!?!
Re: DNS Problem - Domain Trust
Do you not need to ping "adminserver.admin.com" ?
It is because the servers are in a different FQDN, and the machines are adding the "curriculum.com" to the end of the servername automatically.
What I have done is create an alias in the "curriculum.com" domain for "adminserver" that points towards "adminserver.admin.com".
And vice-versa...
Either that or set the machines up to forward unknown requests to the other domain, but I worry about this looping infinitely...
Re: DNS Problem - Domain Trust
Sorry, yes I meant to mention that the same is still true if I provide the FQDN. So the error reads "Ping request could not find host AdminServer.admin.com".
For a little more hardware information, we have a single Physical Network with no VLANs. Our PIX box provides our firewall capabilities to the WAN connection and also the NAT between admin and curriculum domains. Unfortunately this is managed by Serco on behalf of the council and I have absolutely no access to it. However, these particular translations are allowed via the PIX box, as shown by the successful attempts when hosts file are used.
As an aside - arghhhhhhhh(!!!) externally managed firewalls - I cannot put in a service request directly to Serco it must go through the LEA's network team and it has taken 6 working days to open up an extra range of ports to be allowed through the PIX to the admin domain, at most a 10 minute job -grr!!
