Solved

DNS resolve order

Posted on 2014-12-18
6
146 Views
Last Modified: 2014-12-21
Hello...

Network and sites:
3 sites: A, B and C.
Site A = 192.168.1.1/24 and 172.16.4.0/24
Site B= 10.0.0.0/24
Site C = 10.5.0.0/24

********************
Active Directory and DNS:
Site A has 2 DCs:
DC1 =192.168.1.1 (DNS server)
DC2 = 192.168.1.2/ 172.16.4.1 (DNS)

Site B:
RODC3 = 10.0.0.1 (DNS)

Site C:
DC4= 172.16.5.1 (DNS)
*****************************

Site B can only access 192.169.1.x in site A but not 172.16.4.x.

the problem is, when a client try to resolve mydomain.com or dc2 sometime it is resolved to 172.16.4.1 which is not reachable from site B network.

AD replication works fine with out issue as Site A is the hub and replicate to other sites.

Is there a way to configure DNS to response to clients queries in site B from mycompany.com with 192.168.1.1 always not 172.16.4.1 ? in other words, I want all clients in site B to be able to communicate with DC1 or DC2 in 192.168.1.1 vlan.

DCs are mix of 2012 and 2012 R2.

Thanks!
0
Comment
Question by:Suliman Abu Kharroub
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40506534
check the DNS entries on RODC

access DNS of site B from Primery Domain and check the forwarder point to your primary domain ..

dns
on Site B domain you should have the primary dns of the same domain and  secondary point to your main site primary domain.

all the best
0
 
LVL 40

Assisted Solution

by:footech
footech earned 333 total points
ID: 40506545
Quick note - site C IP range doesn't match up with DC4 IP, but since your problem doesn't seem to involve them it's probably not important.

Why does DC2 have multiple IPs/NICs?
It's not recommended to multihome a DC so if you can avoid that that is the best solution.  There won't be a way to configure things so that queries from site B for DC2 only get 192.168.1.2, unless there is no other record for DC2.

Here's some good reading.  It includes some guidance for manually configuring a multihomed DC.
http://blogs.msmvps.com/acefekay/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters/
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 167 total points
ID: 40506563
Checking the server IP configuration is a good idea, but I would be interested in how client computer IP configurations, at the various sites, are setup.

Are you utilizing DHCP on your network?

For example:

at SiteA
- clients should have DC1 and DC2 as first and second DNS

at SiteB
- clients should have RODC3 as primary DNS and either DC1 or DC2 as a secondary

at SiteC
- clients should have DC4 as primary DNS and either DC1 or DC2 as a secondary

This configuration will make clients at the appropriate sites, use the local DNS first.

Also, I would not recommend running a Domain Controller as a multi-homed server.  A DC really should only operate with 1 IPv4 and/or 1 IPv6 address.  Multi-homing a DC is often a discussion and most experienced Sysadmins will not recommend deploying a DC in such a manner.

Example here on EE:  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22769762.html

Dan
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 23

Author Comment

by:Suliman Abu Kharroub
ID: 40511993
Thank you guys for your answers and good ideas that provided.... I totally agree that mutli-homed DC is not a good idea and needed to be changed. is there any official document explains the issues of having multi-home DC ?

my plan to get rid of the second nic in that DC, but need to convene the management.
0
 
LVL 40

Accepted Solution

by:
footech earned 333 total points
ID: 40512447
I haven't seen just one link that covers everything.  If you do a google search for "site:microsoft.com multihomed domain controller" you will find several issues mentioned.  I think what I already posted is the most comprehensive.  At it's core, I think it pretty much all comes down to name resolution issues.
0
 
LVL 23

Author Closing Comment

by:Suliman Abu Kharroub
ID: 40512449
Thanks a lot!
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question