Avatar of Dholland64
Dholland64
 asked on

Advanced DNS configuration on client machines

I need to clear the "Append Parent suffixes of the primary DNS Suffix" check box in the Advanced TCP/IP properties on all client machines on a domain.
Is there a way to do this via DHCP scope options or a GPO?
Windows Server 2008DNS

Avatar of undefined
Last Comment
Dholland64

8/22/2022 - Mon
SOLUTION
Mark Mahacek

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Dholland64

ASKER
Not sure exactly how to configure this. Here is what is happening...

I'll start by saying I inherited this configuration
The AD domain is xxxx.xxxx.com. Coincidentally there is a public DNS record for xxxx.com , some server in Germany
Randomly client machines have name resolution errors, cannot connect to exchange and server shares. When you ping "servername" it resolves to the public IP
I think I need to configure the DNS devolution level, if I understand this correctly if I set the level to 1 it would accomplish what I need to happen. Correct?
amenezes0617

Your client machines should have IPs of then local Dns servers on their Nics. So if your using dhcp don't add any external dns server to the dns options your hand out to the clients. The local dns server should have itself and any other local dns server on their Nics configuration. Then on the dns server mgmt tool you add a forwarder to your ISP dns server or a public server. So when the workstations try to resolve the name of a local server the dns servere inside will return the information it has for it. Does that make sense?
Mark Mahacek

The fact that you AD domain name matches to another domain name out on the Internet can add some complexity.

DHCP Servers: Use the Internal IP of your domain DNS servers.  Also, you can set a DNS domain suffix to be blank or the fully qualified AD domain name.

DNS Servers: Do your users need to get to the public sites for the parent xxxx.com domain in Germany?  If not, you can create a matching zone and records on your DNS server, which will let you redirect that site just for your users.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Dholland64

ASKER
amenezes0617, yes this makes perfect sense, and this is exactly how it is set up. DC one points to itself for primary and DC2 to secondary. DC2 points itself for primary and DC1 for secondary. Forwarders are configured for the opendns servers, and root hints are not enabled

 mmahaek, the public site is in no way affiliated with this company, so users would never need to get to anything on that public network

To be less cryptic, the AD domain is ctur.ctur.com which is totally different from this company's public DNS domain. ctur.com just happens to also be an active public address, and when you ping anything.ctur.com on the internet it resolves to the public IP.
What happens at this site is occasionally a user will not be able to connect to exchange, and when you ping mailserver on that PC it resolves to the ctur.com public IP. This usually happens right after the user logs on, and after a few minutes (usually 10-30 minutes) the problem goes away and the PC is able to resolve the mailserver to the local address.
 Clearing Append Parent suffixes of the primary DNS Suffix makes this problem go away
Just looking for a way to keep this from happening
SOLUTION
amenezes0617

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Dholland64

ASKER
DrDave, exactly what I was looking for!!