DNS Across VLANs

pchiodo

We have 5 VLANs, but for simplification, I am going to limit this to 2 VLANs for this particular issue.

VLAN 1 - Server VLAN 192.168.1.x - 255.255.252.0
VLAN 2 - Client VLAN 172.16.2.x - 255.255.252.0

Server - TestServer1 - IP - 192.168.1.88 static

Client - TestClient1 - IP - 172.16.2.110 DHCP

From the server I can ping the client by either hostname or IP. If I use -a with the IP it returns the hostname.

From the client, I can ping the server or another client by hostname or IP. If I use -a with the IP the hostnames are returned.

If I use NSLOOKUP from the server to the client it fails with the following error:

[DNS Server].[domain] can't find 172.16.2.110: Non-existent domain

If I use NSLOOKUP from the client to the server, it works fine

If I use NSLOOKUP from one client to another client, it fails with the same error.

I thought this has to be a reverse lookup issue, but I can't seem to sort it out. Any help would be appreciated.

JaredBusch

@pchiodo said:

We have 5 VLANs, but for simplification, I am going to limit this to 2 VLANs for this particular issue.

VLAN 1 - Server VLAN 192.168.1.x - 255.255.252.0
VLAN 2 - Client VLAN 172.16.2.x - 255.255.252.0

Server - TestServer1 - IP - 192.168.1.88 static

Client - TestClient1 - IP - 172.16.2.110 DHCP

From the server I can ping the client by either hostname or IP. If I use -a with the IP it returns the hostname.

From the client, I can ping the server or another client by hostname or IP. If I use -a with the IP the hostnames are returned.

If I use NSLOOKUP from the server to the client it fails with the following error:

[DNS Server].[domain] can't find 172.16.2.110: Non-existent domain

If I use NSLOOKUP from the client to the server, it works fine

If I use NSLOOKUP from one client to another client, it fails with the same error.

I thought this has to be a reverse lookup issue, but I can't seem to sort it out. Any help would be appreciated.

Just to clarify where the problem is here. It looks like ping by name and IP all return the right information?

So only NSLOOKUP is failing?

iroal

What are the DNS configuration in 172.16.2.x ?

pchiodo

@JaredBusch Correct - only NSLOOKUP fails, but only from server to client, and client to client. It works fine client to server.

JaredBusch

@pchiodo said:

@JaredBusch Correct - only NSLOOKUP fails, but only from server to client, and client to client. It works fine client to server.

That one stumps me. You can ping form the server but not nslookup. No clue.

scottalanmiller

What's the exact syntax of the failing nslookup command?

pchiodo

I think we got it sorted out - We added a reverse lookup zone for the subnet 172 as follows:

172..in-addr.arpa

As an Active Directory-Integrated Primary, and allowed it time to update the PTRs, and now it is working correctly.

Thanks

pchiodo

@scottalanmiller We were attempting "NSLOOKUP 172.16.2.110" and receiving the stated error. As per my previous response, I think we got it fixed by adding the reverse lookup zone, and allowing it time to propagate.

Dashrender

@pchiodo said:

@scottalanmiller We were attempting "NSLOOKUP 172.16.2.110" and receiving the stated error. As per my previous response, I think we got it fixed by adding the reverse lookup zone, and allowing it time to propagate.

Interesting.. for some reason I thought you were trying to NSLOOKUP using the client as a DNS server, which of course would fail.