locked
DMZ, No DNS, How to find DP? RRS feed

  • Question

  • Hi All

    I'm doing some testing with installing clients onto our DMZ servers...

    All worked well, until the machine could not resolve the DP name. We have no DNS, so does this mean that I need to add the DP details to my hosts file? I tried it with one DP and it worked. We have over 100 DPs and I'd rather not have to add 100 entries into the hosts file?

    I've already added my MP details into hosts and lmhosts but never seen any mention of doing it with DPs...

    Thanks

    Wednesday, July 29, 2015 9:47 AM

Answers

All replies

  • Peter

    It sounds messy but you can centralise lmhosts and configure servers to use it.

    https://technet.microsoft.com/en-gb/library/cc977601.aspx


    Cheers Paul | http://sccmentor.wordpress.com

    • Marked as answer by Daniel JiSun Tuesday, August 4, 2015 9:23 AM
    Wednesday, July 29, 2015 9:55 AM
  • lmhosts is not used when it comes to DNS.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, July 29, 2015 10:26 AM
  • True as lmhost deals with netbios names and therefore you won't be able to deal with FQDN.

    Cheers Paul | http://sccmentor.wordpress.com

    Wednesday, July 29, 2015 10:36 AM
  • Soooo?

    Is the answer that we DO need something to allow the client to resolve the DP address?

    I'm thinking that an easy fix is to install the DP role on my Primary/MP boxes... that way it will already have the records it needs...

    Wednesday, July 29, 2015 10:54 AM
  • That's a possibility Peter. 

    Cheers Paul | http://sccmentor.wordpress.com

    Wednesday, July 29, 2015 10:57 AM
  • So you don't have any name resolution in the DMZ at all?

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, July 29, 2015 11:45 AM
  • Nope.

    Nothing. No domain machines. All workgroup. No DNS resolution at all!

    Its a proper DMZ ha!

    Wednesday, July 29, 2015 1:11 PM
  • DNS has nothing to do with AD domains. AD certainly relies on DNS, but lack of an AD domain in no way implies no DN as the two are completely unrelated.

    Also, DMZ in no way implies no DNS either.

    How are these systems accessed? Always by IP Address?

    If that's true, your only option is to modify the hosts files. That's truly makes no sense though as that's the whole point of using DNS as manually maintaining hosts files on systems is painful at best.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, July 29, 2015 1:16 PM
  • Jason,

    I've worked in an environment where the DMZ had no DNS. It was all IP based access and was painful for sure.  Good luck hacking Peter.


    Cheers Paul | http://sccmentor.wordpress.com

    Wednesday, July 29, 2015 2:05 PM
  • Yep, totally agree with everything here.

    Its just something I have to work with... its not my DMZ, just something I need to manage... and patch!

    I've enabled the switch on the update deployments to allow to pick up the patches from the internet... will find out over the weekend if this has worked.

    Wednesday, July 29, 2015 2:30 PM