DNS resolution across win2000 domains

[wilson2468]

we have the following situation:

Users on the "mycompany.local" Windows 2000 domain,
some servers on the "mycompany.local" Windows 2000 domain, some on the "mycompany.com" Windows 2000 domain. All servers have internal ip addresses in DNS.

The "mycompany.com" servers also have external address that allow connectivity from the Internet.

When I am at the company logged in, I can resolve any server name on either domain by just typing the server name.

If I ping just the server name "Server1" (Server1 being in the "mycompany.local" domain in DNS), it resolves to Server1.mycompany.local and gives me an internal address.

If I ping just the server name "Server2" (Server2 being in the "mycompany.com domain" in DNS), it resolves to Server2.mycompany.com and gives me an internal address.


When I have VPN access from home, I can only resolve the names on the "mycompany.lan" domain.

It does not allow me to resolve names on the "mycompany.com" domain, it is tries to go get the external address.

First:

How can I resolve across the "lan" and "com" domain names by just typing in the server name when I am at the company? I have tried to set this up before and could not, is it the way DNS is configurd?

Second:

When I am connecting via RAS and VPN connection from home, my machine is not a member of the domain, I am just logging in through the VPN connection with my Windows credentials.
Does this have something to do with it?


Thanks

 

[ShackDaddy]

I don't understand your first question, since you said

When I am at the company logged in, I can resolve any server name on either domain by just typing the server name.

Question 1 seems to imply that that isn't actually happening. Could you clarify?

I'm suspecting that the answer to your question can be found in DNS suffixes, which you can assign on the clients or through DHCP. You need to give the clients both the company.local and company.com suffixes so that if it can't resolve a host at whichever the default is (.lan) then it will go ahead and attempt .com for you.

As far as question 2, and the questions that I sense you haven't asked:

Here's my guess: you might be using WINS for 'mycompany.local' but not for 'mycompany.com'. When you come in over VPN, you have your VPN client DNS set to be your home ISP's, not your office DNS server. But since your client is also configured for WINS, you are able to resolve names in the 'mycompany.local' domain. But when you try and hit addresses at 'mycompany.com', your non-company DNS resolves those to the external addresses.

Membership in the domain doesn't matter for the RAS/VPN client as long as proper creds are offered. And membership doesn't matter when querying DNS/WINS/DHCP.

ShackDaddy

 

[wilson2468]

Yes,

Clarification:

It is happening at the company, I just don't know what was done to get it to work.

What was configured in DNS to get it to work?

The rest of your post was very helpful, thanks

 

[ShackDaddy]

It was resolved by adding a DNS suffix for "mycompany.com" to the DHCP scope options.

 

[wilson2468]

In windows2000 dns,

You don't have to be a member of the domain for lookups with the AD integrated DNS server?

It seems to me I have had trouble with that in the past, when the machine was a member of the domain, it worked fine.

 

[ShackDaddy]

No, I don't think so. The DNS service runs just as it would if the zone file was stored in a flat-file, it just makes a query to the AD on the back-end. It doesn't change the way it responds to queries (no authentication).

There may have been other issues with a system not being in the domain, like perhaps not being able to self-register dynamic DNS entries on the server or something like that.

ShackDaddy