• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 478
  • Last Modified:

Resoving Hostnames across multiple domains to IP via Group Policy

I’ve set up a group policy that distributes a DNS Suffix Search List including the domain names (domain1, domain2) that I wish to resolve by hostname only.
 
I’ve done that in Group Policy:      

Computer Configuration\Administrative Templates\Networking\DNS Client.

However from a standard network PC I still cannot resolve hostnames to IP that are in Domain 2.  
I’m relatively new to group policy is there something obvious I’m missing?
0
DHPBilcare
Asked:
DHPBilcare
3 Solutions
 
Chris DentPowerShell DeveloperCommented:

First step would be to verify the hosts in question actually have the suffix search list you're applying. "ipconfig /all" should show it?

Chris
0
 
slappa1Commented:
where have you assigned the group policy too?  it needs to be applied to the computers OU not the users ou.  you can use gpresult /h to find out if the policy is applying.
0
 
CorpCompCommented:
First thing to do would be to take a PC and set the DNS Suffix Search list manually, and see if that works.

If it does, you need to troubleshoot the group policy, or the application or group policy.

If it doesn't, you need to resolve a DNS problem.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Which policy you modified and where you linked it? This is computer policy, so it should be linked to computers OU. Run RSoP.msc on one PC and check if this policy is applied. If not, reboot PC and check once again.
0
 
DHPBilcareAuthor Commented:
I manually entered the DNS suffix search list on a client and it then worked fine.  Although when I then removed the entries and restarted it still worked??  Ipconfig /all then showed both domains in the search list which wasnt there previously despite the group policy.  Other PC's are still not picking up the Group Policy.  

I've entered the group policy under the Default Group Policy of my domain,
0
 
DHPBilcareAuthor Commented:
How do I link this policy to computers OU?
0
 
Chris DentPowerShell DeveloperCommented:

If you mean the default Computers container you cannot link policies there. However, if you've set it in the Default Domain Policy you really don't need to.

I suggest you head to one of the PCs and run:

rsop.msc

That will open the Resultant Set of Policy tool, expand the tree and see if you can see the policy. Also check out any errors it raises (right click on Computer Configuration, open Properties and check Error Information).

Otherwise you will need to check the Event Viewer for any errors associated with group policy application.

Chris
0
 
DHPBilcareAuthor Commented:
Thanks for that.

I went to one of the PC's, run rsop.msc, expanded the tree to the group policy in question.  There was an egg timer for a minute or so.  All appeared correct so I opened the command prompt to test and it worked??  

Will I have to do this for all the PC's in question?  Or is the new group policy simply taking a while to filter around the network.  We have a couple of hundred PC's.
0
 
Chris DentPowerShell DeveloperCommented:

No, not at all. How long ago did you set the list? The change won't apply immediately.

Chris
0
 
DHPBilcareAuthor Commented:
I applied the change yesterday, late afternoon.  

Will this take a day or two to propogate to the whole network?  I dont fancy running around 240 pc's if I can help it.
0
 
Chris DentPowerShell DeveloperCommented:

No it should be in by now. Check a few more and see if they see the policy change?

Chris
0
 
ChiefITCommented:
@ Chris
Why isn't the intended result covered in DNS? I thought DNS resolved the FQDN to an IP address?.. and you can set up a trust or zone transfers to provide resolution to clients that the server is not actually authoritative for.

Maybe I am missing something, but it appears DNS already has the desired effect the author is wishing for. So, I was wondering if you are reinventing the wheel.
0
 
Chris DentPowerShell DeveloperCommented:

DNS does resolve the FQDN, but we're talking about resolution of a Hostname only, which must be converted into an FQDN using the DNS Suffix Search List prior to submission to the DNS server.

Otherwise you need GlobalNames, and that's 2008+ only.

Chris
0
 
DHPBilcareAuthor Commented:
Not obvous why but the policy is coming through. It does seem that for a few computers it doesnt take first time.  Thanks for the comments.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now