none
Unable to resolve domain name when client PCs have multiple DNS entries RRS feed

  • Question

  • My client has their AD DHCP server setup to assign the DNS entries to the clients.

    In the settings, it is defined as follows:

    192.168.1.4 (This is the Domain Controller and is the topmost entry)

    208.67.222.222 (OpenDNS)

    208.67.220.220 (OpenDNS)

    Upon trying to join a PC to the domain, they are unable to resolve the domain name (in this example:  test.lab).  They can not ping test nor test.lab.

    Upon removing the OpenDNS entries, they are able to join the domain with no issue.

    The PCs are in the same VLAN as the DC.

    Pinging the DC & doamin without the openDNS entries shows a <1 ms response time.

    I'm guessing the DNS server is timing out and then the client tries the next DNS entry.  Is this somewhat correct?  I shouldn't need to increase the timeout setting, correct?

    Thoughts?

    I will be able to further test this tomorrow

    Thursday, June 23, 2016 5:46 PM

Answers

  • Hi,

    >>My client has their AD DHCP server setup to assign the DNS entries to the clients.

    In the settings, it is defined as follows:

    192.168.1.4 (This is the Domain Controller and is the topmost entry)

    208.67.222.222 (OpenDNS)

    208.67.220.220 (OpenDNS)

    Do not configure internal and external  DNS server both on your client.It will create issue.Just set internal DNS to your client.And set external DNS as forwarder in your internal DNS server.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 24, 2016 1:38 AM

All replies

  • Hi,

    >>My client has their AD DHCP server setup to assign the DNS entries to the clients.

    In the settings, it is defined as follows:

    192.168.1.4 (This is the Domain Controller and is the topmost entry)

    208.67.222.222 (OpenDNS)

    208.67.220.220 (OpenDNS)

    Do not configure internal and external  DNS server both on your client.It will create issue.Just set internal DNS to your client.And set external DNS as forwarder in your internal DNS server.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 24, 2016 1:38 AM
  • The DC is pointing to it's own DNS server and we do not want it to have internet access.  If I enable internet access in the DNS Server, what would be the best option for the server NOT to have internet?  

    I found this article from MS

    https://technet.microsoft.com/en-us/library/dn535497.aspx

    Preventing Web Browsing from Domain Controllers
    You can use a combination of AppLocker configuration, “black hole” proxy configuration, and WFAS configuration to prevent domain controllers from accessing the Internet and to prevent the use of web browsers on domain controllers.

    But that is only for web browsing, it does not apply to network connections (i.e. Windows updates)
    • Edited by Karl_PCGuy Friday, June 24, 2016 5:23 AM
    Friday, June 24, 2016 5:18 AM
  • Hi,

    Configure your firewall or router,deny your DNS server go out,except TCP and UDP port 53.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 24, 2016 5:23 AM
  • Ok,  many thanks.

    Friday, June 24, 2016 5:26 AM