none
DNS problems non-domain members

    Question

  • We are running  SBS Essentials 2011 after switching from Server 2000.

    Some workstations/computers are not joined to the domain.  They should be joined, and eventually will be, but we've had problems getting them over, so that comes later.  The users on those computers are members of the domain and log into the domain.

    Temporarily, we have simply mapped  the server drives they need access to using their user credentials.

    When I do an IPCONFIG /all on a computer that is joined, I see that the Primary DNS suffix is domainname.local.  When I do this on a computer that is not joined to domainname, I see domianname.com.

    Mostly, everything works, except some of the computers have a legacy app that can't see an MS SQL server on another workstation ACCOUNTING.  The machines that are joined go to ACCOUNTING.domainname.local They work fine.  The machines that are not joined go to ACCOUNTING.domainname.com and can't see the local SQL server.  They get routed to our outside website at domainname.com on the web.

    What options do I have to fix this?  Can I modify the DNS server files?  I've temporarily set the hosts file for the non joined machines to ACCOUNTING 10.0.0.xxx.  That points to the internal machine (ACCOUNTING) running the SQL server and it works, but some other options that don't involve changing each individual machine would be preferred.

    Thanks for any advice.

    Wednesday, July 03, 2013 3:43 PM

Answers

  • I'd suggest adding a zone to your DNS server for "accounting.domainname.com" and then adding an A record pointing to the accounting machines IP address. In the Name field leave it empty so the record is set as "(same as parent folder)". That way any requests for <anything>.accounting.domainname.com will be handled by your local DNS, but crucially the local DNS server won't be consider authoritative for the domainname.com zone, so they'll still be able to access things like your external website without the need to replicate those other records locally.

    All this assumes of course that the machines are using the local DNS for their DNS resolution.

    Wednesday, July 03, 2013 6:26 PM
  • Yes that's right. If DNS doesn't know about a domain it will look elsewhere for the answer to your request, but if it considers the domain local to itself it will believe it knows everything there is to know about it, and therefore if it doesn't have a www record for instance it will assume no such record exists and report back accordingly. It won't give doing an internet lookup a try just in case.
    Wednesday, July 03, 2013 8:44 PM

All replies

  • I'd suggest adding a zone to your DNS server for "accounting.domainname.com" and then adding an A record pointing to the accounting machines IP address. In the Name field leave it empty so the record is set as "(same as parent folder)". That way any requests for <anything>.accounting.domainname.com will be handled by your local DNS, but crucially the local DNS server won't be consider authoritative for the domainname.com zone, so they'll still be able to access things like your external website without the need to replicate those other records locally.

    All this assumes of course that the machines are using the local DNS for their DNS resolution.

    Wednesday, July 03, 2013 6:26 PM
  • Thank you. That seems to have worked.

    What would have happened if I  had added a zone for domainname.com (instead of accounting.domainname.com) then added an A record in that zone for accounting.domainname.com?  Would it have failed to pass the DNS query out to the ISP DNS server and failed to resolve www.domainname.com - our external web site?

    Wednesday, July 03, 2013 8:09 PM
  • Yes that's right. If DNS doesn't know about a domain it will look elsewhere for the answer to your request, but if it considers the domain local to itself it will believe it knows everything there is to know about it, and therefore if it doesn't have a www record for instance it will assume no such record exists and report back accordingly. It won't give doing an internet lookup a try just in case.
    Wednesday, July 03, 2013 8:44 PM