Server 2012 DNS for non domain users

I have a Server 2012 DC and DNS Server running, but when network devices and computers not on the network ping host names the server does not respond with the IP.  How do I allow this?
Who is Participating?
ChrisConnect With a Mentor Commented:
there shouldn't be anything blocking that.

Start with the obvious or connectivity checks
can you ping the DNS server
can you NSlookup to the server

are you trying with just netbios name or full FQDN if you don't have the suffix search list configured it will only work on FQDN
James HaywoodCommented:
You will need to enter the full FQDN rather than just the server name.
Chris DentPowerShell DeveloperCommented:
You really only have a couple of options:

1. Name resolution

If "ping name" gives you an IP address then DNS (and anything to do with name resolution) can be ruled out immediately.

For example, this would be a good response, even if Ping itself times out:
C:\> ping servername

Pinging servername [] with 32 bytes of data:
Request timed out.

Open in new window

While ping didn't reply, name resolution got us from servername to You can tick that part off as working.

2. Host is down, or connection is subject to a Firewall

If the host is not on, then obviously it won't be able to reply. It hardly sounds like this is the case here :)

That leaves Firewalls. Something is preventing the host responding. If you're on the same LAN / VLAN as the device you're pinging you can rule out network-level firewalls. That leaves you with Host-based firewalls. Windows Firewall?

Perhaps start by turning it off to establish cause (assuming it is safe to do so), if it is the cause you will simply need to add a rule to allow ICMP traffic (Inbound rule set).

in fact what is not working is the DNS suffix for the non domain host. If you put the dnssufix on the non domain PC it will works better:

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, so what I'm going to write essentially backs up what Dan says above, but hopefully in a more palatable way:

When your DC clients configure themselves (likely through DHCP) they not only are told to use the DC as the DNS server, but they are also given a "default" domain to search.

Thus, when a DC client looks up "desktop1", the AD domain name is added "by default" and the DNS server looks for "desktop1.yourADdomain.local".

Now when other clients connect, they are often not provided a "default domain" to search, so when these other clients go to lookup "desktop1", and there is no "default domain" to add on, the result is that there is no match.

NOTE: Clients can be configured with a "default domain" (aka: default suffix), but servers cannot... you cannot tell a DNS server that, failing a lookup for "deskto1", assume they meant "desktop1.domain.local" or "", etc.

So, your non AD clients can be configured to add the domain (it's an "advanced" DNS connection setting in ncpa.cpl on Windows systems), or you can simply use FQDN's on your hostnames and all will be fine.

I hope this helps...

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.