locked
Assorted DNS Issues on Windows Server 2019 Domain RRS feed

  • Question

  • We have recently had to rebuild our domain, and ever since we have been having a number of DNS-related issues.

     

    We're running a Windows Server 2019 domain, with three AD + DNS servers across two physical sites. Each server has a presence across four VLANs, but should have a primary address on VLAN 1. The sites are connected via a site-to-site VPN between each corresponding VLAN (e.g. VLAN 1 at site 1 is connected to VLAN 1 at site 2, and so on).

     

    Looking at the name server entries in the forward lookup zones on each, the correct FQDNs and IPs are listed but are not in the correct order (i.e. The VLAN 1 address is not first). When trying to reorder these addresses, it appears to work but when you accept the changes it reverts back to how it was previously without any error showing. Each server has its IPs in a different order on each other server, and amending each servers NIC priorities has not seemed to change the order of these IPs. If I ping Server A from Server B by name, it returns the IP which shows up first in the name server entry, which is why I'm keen to work out why I cannot reorder the addresses in this field. There are persistent routes on all servers to direct traffic of each VLAN to the corresponding gateway IP for that VLAN.

     

    I noticed also that each DNS server has itself listed as the Start of Authority primary server - should they all point to one server, which acts as the master DNS record?

     

    The kinds of problems we're noticing are: having difficulty joining new member servers to the domain from remote sites; intermittent printing when using the print server (the problems vanish when printing directly, so definitely not a printer problem); intermittent very slow login times, particularly from remote sites.

     

    If there's any pertinent information that I've missed, please ask and I'll check it. Any pointers would be greatly appreciated.

    Monday, July 13, 2020 10:03 AM

All replies

  • Hi ,

    You can first run the dcdiag command using the option /test:DNS . Test options include a DNS basic test and tests for forwarders and root hints, delegation, DNS dynamic updates, DNS record registration, and Internet name testing.

    >>I noticed also that each DNS server has itself listed as the Start of Authority primary server

    This is the usual behavior. All DCs which are also DNS servers get a SOA record for AD-integrated zones; and this is perfectly fine, as all of them actually are authoritative DNS servers for that zone.

    >>The kinds of problems we're noticing are: having difficulty joining new member servers to the domain from remote sites; intermittent printing when using the print server (the problems vanish when printing directly, so definitely not a printer problem); intermittent very slow login times, particularly from remote sites.

    For join domain and slow login related question, it is more related with AD which our forum doesn't focus on. You would better have this asked in AD forum for better answers.

    Here is the link:

    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS

    Best regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, July 14, 2020 2:54 AM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Thursday, July 16, 2020 8:24 AM
  • Hi ,

    You could mark the useful reply as answer if you want to end this thread up.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Monday, July 20, 2020 2:03 AM