A bit of context is needed. We have a routed WAN with about 30 sites (it's a school district). Our infrastructure is a mix of Microsoft and Novell servers. Though we are finally planning to abandon Novell in the next few months and move to AD, for the time being we don't have a MS domain. We manage our two internal dns servers, running windows server 2003, for instance: ns1.ourdomain.com ns2.ourdomain.com Elementary sites use ancient Netware 4.11 servers, and the flat "ourdomain.com" namespace, and they're not part of the problem. At the largest 6 sites (the secondary schools), dns sub domains were created, and local dns servers were configured at the time Netware 6.5 servers were put in. This was apparently a requirement from the Novell consultant who originally setup the 6.5 servers a few years back. Let's say that these 6 sites namespaces are: site1.ourdomain.com site2.ourdomain.com etc. Each workstation at a secondary site gets a dns suffix via dhcp (from the 6.5 servers), which obviously matches the site. I.e. "wks1.site1.ourdomain.com". Also, they get the local (Netware) dns server as their first dns server (for instance netware-dns.site1.ourdomain.com) This strange arrangement works surprisingly well, most of the time. :) I've been asked to set up a new 2008r2 server with a console for a new antivirus product, let's call it the "AV" server. I'd like the suffix of this server to be "ourdomain.com". It makes sense to me, because this will be the only such server in the district (we don't need a console at each site). The goal is to be able to control all the wks in the district from this one location. The workstations at the secondary sites can still resolve the server just fine, because the FQDN of the server (or even its IP address) can be configured in the AV client. The problem is that the server cannot resolve the workstations at the secondary sites, I'm guessing because it's searching the "ourdomain.com" namespace, while it should be searching "site1.ourdomain.com", "site2.ourdomain.com" and so on. I believe Netware 6.5 DNS should be bind 9.2 compliant. Is there a way to get this to work? thanks, Luca

You'll need to determine if this a name resolution issue or an application issue. Take the application out of the picture for the moment. Are you able to resolve all host names and NetBIOS from any of sites? If so, this is going to be a application issue (most likely configuration). If you cannot resolve all host names from all sites, then you'll just need to make sure the DNS severs are all configured properly for delegation and forwarding. If NetBIOS names cannot be resolved, then you'll either have to require the use of application that do not depend on NETBIOS, or ensure that FQDNs are always used in every situation. Visit: anITKB.com, an IT Knowledge Base.

You'll need to determine if this a name resolution issue or an application issue. Take the application out of the picture for the moment. Are you able to resolve all host names and NetBIOS from any of sites? If so, this is going to be a application issue (most likely configuration). If you cannot resolve all host names from all sites, then you'll just need to make sure the DNS severs are all configured properly for delegation and forwarding. If NetBIOS names cannot be resolved, then you'll either have to require the use of application that do not depend on NETBIOS, or ensure that FQDNs are always used in every situation. Visit: anITKB.com, an IT Knowledge Base. Hi, thanks for answering. This is a definitely a DNS issue. The AV server cannot resolve the names of any workstations at the 6 secondary sites. For instance, if I create an entry in the server's hosts files for a specific workstation, everything works. I guess that I should focus on the Netware 6.5 DNS servers configuration. Correct me if I'm wrong, but it seems as though they are not forwarding properly to our top level servers...?

I would recommend that you go back and verify that the "child" DNS servers are fowarding or at least conditional forwarding back to the "parent" DNS infrastructure. Its not enough to simply create the delagated subdomains on the "parent" DNS zone. The "Child" DNS systems need the appropriate DNS information to resolve names higher up in the domain hierachy. Visit: anITKB.com, an IT Knowledge Base.

Hi Luca, Thanks for posting here. I agree with JM that you should check if the parent domain zone had been configured name resolution for all sub domains fist: Generally, set zone delegation is recommend in this case: Delegating zones http://technet.microsoft.com/en-us/library/cc784494(WS.10).aspx An NS RR to effect the delegation. This RR is used to advertise that the server named ns1.na.example.microsoft.com is an authoritative server for the delegated subdomain. An A RR (also known as a glue record) is needed to resolve the name of the server specified in the NS RR to its IP address. The process of resolving the host name in this RR to the delegated DNS server in the NS RR is sometimes referred to as glue chasing. Meanwhile, seems you are planning migrate to Active directory , I’d suggest to read the article below first, it should give you some good suggestions for better name space designing. Designing the Active Directory Logical Structure http://technet.microsoft.com/en-us/library/cc786010(WS.10).aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Luca, If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Luca, Thanks for posting here. I agree with JM that you should check if the parent domain zone had been configured name resolution for all sub domains fist: Generally, set zone delegation is recommend in this case: Delegating zones http://technet.microsoft.com/en-us/library/cc784494(WS.10).aspx An NS RR to effect the delegation. This RR is used to advertise that the server named ns1.na.example.microsoft.com is an authoritative server for the delegated subdomain. An A RR (also known as a glue record) is needed to resolve the name of the server specified in the NS RR to its IP address. The process of resolving the host name in this RR to the delegated DNS server in the NS RR is sometimes referred to as glue chasing. Meanwhile, seems you are planning migrate to Active directory , I’d suggest to read the article below first, it should give you some good suggestions for better name space designing. Designing the Active Directory Logical Structure http://technet.microsoft.com/en-us/library/cc786010(WS.10).aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hi, Thanks for your detailed answer. I double checked, and it looks as though delegating is correctly configured on our ns1 server. I could confirm that both the "ns" and the "A" records had been created for each of the sites, as per the article you linked: An NS RR to effect the delegation. This RR is used to advertise that the server named ns1.na.example.microsoft.com is an authoritative server for the delegated subdomain. An A RR (also known as a glue record) is needed to resolve the name of the server specified in the NS RR to its IP address. The process of resolving the host name in this RR to the delegated DNS server in the NS RR is sometimes referred to as glue chasing. At this point I am puzzled why things are not working as they should. thanks, Luca

Hi Luca, Thanks for update. Please test with remove DNS suffix form AV server and set ns1 or ns2 server as the primary DNS server entry for AV host. After that please check if sub domain hosts could be resolved by perform “nslookup <FQDN of sub domain hosts>” Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger, This did not work right away, but I believe you pointed me in the right direction. It appears that the A record for the workstations don't get created in ns1 / delegated site folder). Perhaps this is the problem. Usually the hosts boot with a blank primary DNS suffix, only the connection-specific DNS suffix is set via DHCP. If I manually set the appropriate primary DNS suffix on sub-domain host (for example "site1.ourdomain.com"), then I can resolve this host from the AV server no problem. nslookup resolves the host and attaches the right subdomain. Is there a way to correct this via DHCP or otherwise, without touching all the wks in the district? :-) thanks, Luca

Hi Luca, Thanks for update. If specify subnet hosts’ DNS suffix entry could help solve this issue , you may try modifying DHCP scope option 015 entry to subdomain name on that subnet DHCP server , release and renew IP information on client and check if it works. Managing DHCP Options http://technet.microsoft.com/en-us/library/cc958929.aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hmm, dhcp option 15 is already configured, which is why the clients boot with the correct "connection-specific" dns suffix. I don't think I can change the primary dns suffix via dhcp though, am I right? Please remember we don't have AD (yet). Perhaps a script could accomplish that? thanks, Luca

Hi Luca, Thanks for update. Another workaround is that you may consider using the following DNS group policy to assign DNS Suffix for server: Computer Configuration\Administrative Template\Network\DNS Client\Primary DNS Suffix Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.