In this lecture we are going to configure DNS settings for both ad.serveracademy.com and co.serveracademy.com so each domain can resolve the other domain name. This is a requirement if you’re trying to establish a domain trust between two domains.

Our domain consists of the following servers all on the same network:

SADC01.ad.serveracademy.com - 10.1.0.10/8

CODC01.co.serveracademy.com - 10.2.0.10/8

Test DNS name resolution

First, we can test the DNS name resolution from each domain, by running the nslookup command in each domain. On ad.serveracademy.com domain, I will run:

nslookup co.serveracademy.com

Which returns the following error:

*** localhost can’t find co.serveracademy.com: Non-existent domain

And on co.serveracademy.com domain, I will run:

nslookup ad.serveracademy.com

Which also returns:

*** localhost can’t find co.serveracademy.com: Non-existent domain

These errors will prevent us from establishing a domain trust because we can’t find the domain we want to establish a trust with. To fix this, we need to create a DNS stub zone in each domain that points to the other domain.

Create a DNS stub zone

On the domain controller for co.serveracademy.com, open Server Manager then select Tools > DNS:

Next, left-click the server CODC01 to expand it. Now right-click on Forward Lookup Zones and select New Zone…

Click next until you reach the Zone Type page. Select Stub Zone and click Next:

We want this stub zone to be replicated for all domain controllers in our domain, so proceed with the default selection on the next page and click Next:

For the Zone name, type in the name of the domain we are going to create the stub zone for: ad.serveracademy.com:

Click Next. On the next page we need to enter the IP address of a DNS server in ad.serveracademy.com. Our primary Domain Controller (also the DNS server)’s IP is 10.1.0.10 so we will enter that:

You should see a green checkmark added to the entry and Validated should read OK. If this does not occur, make sure you enter the correct IP address of a DNS server in ad.serveracademy.com and that you have network connectivity to that server.

Now click Next and Finish.

Note: We can also save a lot of time and accomplish the same thing with the following PowerShell command:

Add-DnsServerStubZone -Name “ad.serveracademy.com” -MasterServers “10.1.0.10” -ReplicationScope Domain -PassThru

Now we can retest our nslookup command for ad.serveracademy.com from co.serveracademy.com, and it should be able to resolve it’s IP address:

Note: If you still can’t resolve the domain, you may need to run the command below:

ipconfig /flushdns

If that doesn’t work you may need to restart the server.

Repeat these steps on ad.serveracademy.com

From this point, we need to repeat these steps but inside of the ad.serveracademy.com domain on SADC01. We need to create a stub zone for co.serveracademy.com and use the IP address of CODC01 which is 10.2.0.10.

You can chose to do it through the console or with PowerShell like this:

Add-DnsServerStubZone -Name “co.serveracademy.com” -MasterServers “10.2.0.10” -ReplicationScope Domain -PassThru

Once you do that - you should be able to resolve the co.serveracademy.com domain from ad.serveracademy.com. If you can’t, just give your server a quick reboot and run the ipconfig /flushdns command and try again.

And that’s all we need to do for this lecture!

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access