?
Solved

DNS Corect Setup on Active Directory

Posted on 2009-05-08
6
Medium Priority
?
222 Views
Last Modified: 2012-05-06
I recently started experiencing some problems after one of my DNS server crashed. I have a network with 500 worskstations and I have 8 DC servers running at each of my subnets.
When my Primary DC crashed at my main site, all workstations stoped resolving when trying to get to my internet.
All of our internet traffic goes out from our main site and since that DC had the Forward Pointers to external DNS all the rest of my DNS servers could not rsolve for them
All my DNS are active-directory integrated.
My question is ; do I have to setup Forwarders on all my DNS to use external ISP dns?
Also I noticed that even thought all my workstations had a secondary DNS they did not use it to resolve.
Any help is greatly appreciated
0
Comment
Question by:sammydlc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Expert Comment

by:dpm2009
ID: 24338299
You should just need to setup your Primary DC's DNS settings to your external DNS.  While all local dns requests can point to the primary DC....
0
 
LVL 85

Expert Comment

by:oBdA
ID: 24338332
Yes, it's best to setup the forwarders to your ISP's DNS on all DNS servers; otherwise the servers will by default use the root hints to resolve external lookups. Were your additional DCs pointing to your main DC as forwarder, and/or could there be any firewall issues on the additional DCs?
And how did you check whether your machines weren't using the secondary DNS?
Are your additional DCs Global Catalogs?
0
 

Author Comment

by:sammydlc
ID: 24338432
Ok, I just modified that. Now all my Dcs have Forwarders to External ISP DNS.
Yes some of my DNS servers had only my Main DNS listed on theyr external forwarders. They had not external DNS. i do not think we have a firewall issue because I was able to ping fine internally if I did it manually. All my remaining DNS servers responded fine when I pinged them.

As for the workstations not able to use the secondary DNS i verified that the workstation had a DHCP address assigned. when I did an ipconfig I saw that my primary DNs was the server that had crased.
My secondary DNS was a server that was operational except it was on a different subnet than where my stations were. When I pinged an internal name I got a response. When I pinged an external name I did not get a response.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 24338470
If your other DNS servers were set to forward to your main DNS server, then that's simply why.
This should work flawlessly with the external forwarders on all DNS servers.
0
 

Author Comment

by:sammydlc
ID: 24338774
OK everything is working ok except that my secondary DNs is still not resolving.
I tested because one of my stations has the Crashed DNS as primary DNS and my Working DNS as 2nd.

If I ping by name I am still  not resolving.

If I move my working DNS to primary and ping by name, I get a response.
Am I missing something on DNs configuration>?
0
 

Author Comment

by:sammydlc
ID: 24338807
Secondary DNS is now responding. I guess it just needed some time to start responding. Now if I have my working DNs as Secondary Even 3rd I can resolve without problems.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question