Solved

DNS domain records priority

Posted on 2011-02-18
5
355 Views
Last Modified: 2012-05-11
I am having an issue when a user in the home office pings the domain (ping test.org) the DNS response is NOT from the closest DC, or even one in the site.

How do I change this?

Thanks

0
Comment
Question by:ncfbins
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34926722
How is the user connected, VPN of some sort? Make sure that in the vpn setup the domain DNS server (the DC?) is given as the first DNS server.
It's a little bit limited information so I can only give a limited anser :-~
0
 
LVL 1

Author Comment

by:ncfbins
ID: 34926903
The user is local, on the domain.
WIndows 2003 mode. AD integrated DNS.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 125 total points
ID: 34927293
Well, there are two things to consider. Do you have Active Directory Sites and Services configured for all of you sites and subnets?

Ping isn't the right test. DNS doesn't return the closest DC, it returns a list of all DCs in a rotating order. Better to run 'set' from command line and look for the value of logonserver, which should be the local DC.
0
 
LVL 1

Author Comment

by:ncfbins
ID: 34927373
Well, there are two things to consider. Do you have Active Directory Sites and Services configured for all of you sites and subnets?

Yes. Just ran through an AD risk assesment and analysis.

Ping isn't the right test. DNS doesn't return the closest DC, it returns a list of all DCs in a rotating order. Better to run 'set' from command line and look for the value of logonserver, which should be the local DC.

the logon server IS a local DC.

My issue is also with DFS name spaces. Which is where this all began.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34928719
Is the problem that you hit the wrong DFS namespace server, or the wrong DFS namespace target? If you are browsing folders in a DFS namespace, you can right click on a folder, go to the DFS tab and see which server you are connected to. It should show that the active copy is on a local server. If it doesn't, you probably don't have Sites and Services properly configured, though it's possible that the DFS client will pick a server that isn't the closest, that normally doesn't happen if things are setup properly. I have no idea what you are talking about with "AD risk assessment and analysis". Here is a link to the Technet article for managing Sites and Services.

http://technet.microsoft.com/en-us/library/bb727051.aspx

The domain controller needs to be moved to the correct site.
http://technet.microsoft.com/en-us/library/bb727062.aspx#E05B0AA
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question