none
DNS server list

    Question

  • So we have regional offices that have about five workstations....we have seven locations around the state. At one time we had a domain controller at each site.  We have recently removed the Active Directory role off the server at their location...I moved their IP subnet to our HQ site.

    Server at each regional site that used to be AD controller still has all the internal DNS zones copied to it from the domain controllers that are in our domain.

    Question I have...at these regional sites....what should I set the DNS properties to on the workstations...

    Should the primary DNS be a domain controller IP address ...does the workstation look to that for login to Active Directory and if it's not set as primary does that cause any issues with authentication and login.

    Or since the local server even though not a domain controller now...but does have DNS installed with all our DNS zones copied to it...be the primary DNS so the workstations can get DNS locally.

    One thing we do want to accomplish is if the regional offices lose connectivity to the HQ site ...we want DNS resolution for the workstations to go to their local DNS. So that would mean we'd have the following setup.

    On workstation:   Primary DNS would be Active Directory controller at HQ site

                              Secondary DNS would be local member server running DNS with all zones copied to it.

    This makes workstations look to Active Directory domain controller first ...and then if link is down to HQ for external DNS resolution and the workstation can't contact primary DNS it will then look to secondary DNS listed which would be local member DNS server...correct ?


    • Edited by Techy98 Thursday, December 29, 2016 3:31 PM
    Thursday, December 29, 2016 3:26 PM

Answers

  • Assuming that the member server has secondary zones of your domain zones, you can make your workstations point to the member server as primary DNS server and the DC in the HQ as secondary one. If the link between the HQ and the site is down then DNS resolution will work which will allow them to browse internet and locate local resources. AD authentication when the link is down will be through the cached credentials.

    Please do not forget to configure DNS forwarders on your member server to point to your ISP DNS servers.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Friday, December 30, 2016 1:10 AM

All replies

  • Hi,

    " Primary DNS would be Active Directory controller at HQ site

    Secondary DNS would be local member server running DNS with all zones copied to it."

    It should work. Are those secondary DNS servers replicating with DNS server configured on Domain Controller?


    My LinkedIn profile

    Thursday, December 29, 2016 7:29 PM
  • Assuming that the member server has secondary zones of your domain zones, you can make your workstations point to the member server as primary DNS server and the DC in the HQ as secondary one. If the link between the HQ and the site is down then DNS resolution will work which will allow them to browse internet and locate local resources. AD authentication when the link is down will be through the cached credentials.

    Please do not forget to configure DNS forwarders on your member server to point to your ISP DNS servers.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Friday, December 30, 2016 1:10 AM
  • Hi Techy,

    Just to check if the above replies could be of help? If yes, you may mark useful reply as answer, if you have other questions, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 30, 2016 5:39 AM
    Moderator