Solved

DNS Corect Setup on Active Directory

Posted on 2009-05-08
6
216 Views
Last Modified: 2012-05-06
I recently started experiencing some problems after one of my DNS server crashed. I have a network with 500 worskstations and I have 8 DC servers running at each of my subnets.
When my Primary DC crashed at my main site, all workstations stoped resolving when trying to get to my internet.
All of our internet traffic goes out from our main site and since that DC had the Forward Pointers to external DNS all the rest of my DNS servers could not rsolve for them
All my DNS are active-directory integrated.
My question is ; do I have to setup Forwarders on all my DNS to use external ISP dns?
Also I noticed that even thought all my workstations had a secondary DNS they did not use it to resolve.
Any help is greatly appreciated
0
Comment
Question by:sammydlc
  • 3
  • 2
6 Comments
 

Expert Comment

by:dpm2009
ID: 24338299
You should just need to setup your Primary DC's DNS settings to your external DNS.  While all local dns requests can point to the primary DC....
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24338332
Yes, it's best to setup the forwarders to your ISP's DNS on all DNS servers; otherwise the servers will by default use the root hints to resolve external lookups. Were your additional DCs pointing to your main DC as forwarder, and/or could there be any firewall issues on the additional DCs?
And how did you check whether your machines weren't using the secondary DNS?
Are your additional DCs Global Catalogs?
0
 

Author Comment

by:sammydlc
ID: 24338432
Ok, I just modified that. Now all my Dcs have Forwarders to External ISP DNS.
Yes some of my DNS servers had only my Main DNS listed on theyr external forwarders. They had not external DNS. i do not think we have a firewall issue because I was able to ping fine internally if I did it manually. All my remaining DNS servers responded fine when I pinged them.

As for the workstations not able to use the secondary DNS i verified that the workstation had a DHCP address assigned. when I did an ipconfig I saw that my primary DNs was the server that had crased.
My secondary DNS was a server that was operational except it was on a different subnet than where my stations were. When I pinged an internal name I got a response. When I pinged an external name I did not get a response.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 24338470
If your other DNS servers were set to forward to your main DNS server, then that's simply why.
This should work flawlessly with the external forwarders on all DNS servers.
0
 

Author Comment

by:sammydlc
ID: 24338774
OK everything is working ok except that my secondary DNs is still not resolving.
I tested because one of my stations has the Crashed DNS as primary DNS and my Working DNS as 2nd.

If I ping by name I am still  not resolving.

If I move my working DNS to primary and ping by name, I get a response.
Am I missing something on DNs configuration>?
0
 

Author Comment

by:sammydlc
ID: 24338807
Secondary DNS is now responding. I guess it just needed some time to start responding. Now if I have my working DNs as Secondary Even 3rd I can resolve without problems.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question