Hi,

My scenario is as below.

There are two Microsoft Active Directory Domain Controller's (one DC for parent domain with DNS server and another DC for child domain without DNS server.Child DC uses
parent DC's DNS server).

I have installed Univension Corporate server (which is an Linux based 64 bit OS derived from Debian OS) on a VMWare virtual environment.

I am able to ping and do a nslookup on the IP address of child Domain controller(DC) 10.181.1.11 but if I issue a dig command then it gives me below error.


dig @10.181.1.11

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.181.8.11
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


If I issue a dig command on the DNS server IP(10.181.1.111) then it works fine.

How can check whether it is a DNS issue or a network issue or something
else?

/etc/resolv.conf contains the DNS server IP(10.181.1.111) used by child DC(10.181.8.11)

Regards,
Nitin

Aren't you querying a child DC which happen to have no DNS server in it?

To me your DNS server is 10.181.1.111 and you seem to be querying x.x.x.11.

Yes I am querying a child DC which uses parent domain's DNS server.
If my understanding is correct if I should be able to query child DC IP as it is using parent DC's DNS server.

So you basically wants your child DC to proxy dns requests? And you did not even state the listening ports, iptables rules.

Or, why not let the clients querry the DC directly?

You have to provide a lot of information.

Sorry if I was not clear.Basically I want a host(UCS Server deployed on VMWare) to connect to Child Domain Controller Active Directory which is using DNS server of parent Domain controller.

I can issue a ping to IP address of Child Domain AD as well do a nslookup but UCS issues a dig command while establishing a connection to Child DC AD.
Even if I manually issue a dig @10.181.8.11(IP address of Child DC) it fails giving a connection timeout error.

I am able to ping ,do a nslookup as well dig to DNS server which is 10.181.8.111.

I can telnet to the port telnet 10.181.8.11 389 and it works fine.

Regarding IP tables I am not aware of any issues related to it but if you want me to share output of some commands then I am happy to do so.

I am not aware of networking,routing in detail so if could please help me with some commands then I would share the output of those.

Thanks for your help.

If you can ping from UCS to child DC, that's good. It verified connectivity.

Port 389 is irrelevant in this instance.

When you say you can "do a nslookup", can you show your exact command? Because I am certain that nslookup is not actually able to talk to child DC for the simple reason that there is NO dns server listening there at port 53. You have lots of tools available to confirm that.

I have no iptables rule to share.

Wonder if this is relevant?
http://serverfault.com/questions/434...but-dig-cannot