DNS and AD authentication

jskfan
jskfan used Ask the Experts™
on
DNS and AD authentication

I have 2 sites site1 and site2
I created an Active Directory structure in site1 then in site2 I create a domain controller and configured its preferred DNS server to be the DNS server in Site1.
I have also installed DNS service in the DC of the Site2.
Now if I run nslookup domainname.com in site2 the reply will come from the DNS server in site1.
I am afraid clients in site2 will get autheticated by the DC in site1 eventhough in DHCP scope I put their preferred DNS server is the DNS of Site2.

SO my question is do I need to leave the DNS settings the way they are or I need to change the DNS server in Site2 to have as preferred DNS to point to its own IP address instead of the one in Site1??

Thanks


 
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The clients will use the DNS server as configured in DHCP (check with ipconfig /all).
The setting you made with "and configured its preferred DNS server to be the DNS server in Site1" only affects how queries *originating* at server 2 are handled and possibly those forwarded because they arenot directly known to server2.

It may however be preferable to have both servers prefer themselves once AD and AD-integrated DNS zones are ready
The other question is where the clients will authenticate - I suggest you make sure to have a "Global Catalog" server at each site.

Author

Commented:
both DC at both sites are GC
but if I run nslookup domainname.com from a computer in the site 2 the DNS in site 2 doens't resolve the names.
it says "can find server name for address 10.10.10.10"  which is the IP address of DNS in site2.
I want computers in site2 to get name resolution from DNS in site2
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Configure a DHCP relay agent in site 2, create a DHCP superscope and assign the DNS server in site 2 for IP addresses in site 2.
Commented:
Quote

"but if I run nslookup domainname.com from a computer in the site 2 the DNS in site 2 doens't resolve the names."

This is becoz the client domain surfix on site2 DNS is empty inside tcpip config, you can either add surfix to the connection or type FQDN during the search under Nslookup.

BTW, most authentication and DNS problem related to mutliple sites are about the DNS surfix during resolve of DNS, by default, windows login will query the shortest path DC with responses if you didnt set the preferred DNS inside DHCP scope

Good luck

Author

Commented:
I guess it's fixed now
I added a PTR record for thr DNS in site2 in the same DNS reverse lookup.
I also made the DC in site2 to be Domain Naming Master.

so far so good.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial