2

We have a Windows Server 2003 AD domain, which is named . It is in a two-way trust relationship with another AD domain and a DNS server in each domain is listed as a DNS server for the other domain (that is, I manage and my DNS server has a forward lookup zone for

The domains as I say have a two-way trust which is non-transitive. They are linked via a VPN (hardware controlled)

This all worked fine until we rolled out Windows 7 clients to nearly all users. Previously, accessing \filesvr.companyname.local worked fine and gave us the list of directories etc. For the Windows 7 clients this doesn't work, I believe because of 'DNS devolution'.

When I do an nslookup on a host in the trusted domain (like filesvr.companyname.local) it looks up a DNS entry for *.local.co.uk which is obviously not my internal file server at the remote location!

I have tried turning off the domain devolution setting in a GPO but it didn't seem to make any difference. What I can't understand is that my AD controller is the only DNS server listed in the clients' network setup, with no backups listed, so DNS queries go through my AD controller, and it seems to completely ignore the fact that the zone is one it already has fresh records for.

Do I need to turn off the domain devolution setting on the server?

splattne
  • 28,508
  • 20
  • 98
  • 148
James Booker
  • 33
  • 1
  • 5

1 Answers1

1

I don't think your domain controller is ignoring anything - this is all a function of the client and which queries it chooses to send along to the domain controller. Parts of your question are a tad confusing but you should just add one domain suffix to the DNS config of each PC that matches the local forest and another domain suffix that matches the remote forest. List the local forest first.

icky3000
  • 4,848
  • 1
  • 21
  • 15