DNS - primary and seconary lookup

Hi all,

I have a 2012 domain. A machine (win 8) added to the domain needs to access a remote app that wont seem to launch when set with internal DNS. As a work around I thought I could use a external from an ISP as the primary DNS and our local DC as the secondary DNS address.

If I do this should I then stlil abbe able to resolve internal records?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zacharia KurianAdministrator- Data Center & NetworkCommented:
Have you configured Forwarders in your DC's DNS entries? If not add them but you should know the DNS of your ISP. You may have to configure your Fire Wall to allow DNS to your DCs.  Find the  snapshots for configuring Forwarders.  

Once this is done, any query to external should be get resolved through the forwarders.
It is not a good idea to add the ISP's DNS in a domain joined PC.

Ashok DewanFreelancerCommented:
Are you accessing you machine from outside(internet/WAN) ?
from lan ?
Zacharia KurianAdministrator- Data Center & NetworkCommented:
sorry did not add the snap shots,

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

MattAuthor Commented:
I have got forwarders in place. Sorry if im being stupid here but if we didn't would we not be able to ping google etc internally?
Zacharia KurianAdministrator- Data Center & NetworkCommented:
I have got forwarders in place

OK. How the internet distributed in your LAN? Using a Fire wall /UTM/Proxy  or something else?

MattAuthor Commented:
Firewall at the moment soon to be UTM
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Can this PC access internet? and if so , can you check the logs in fire wall,  when you try to access the specific APPS from the domain joined PC?

MattAuthor Commented:
Yes the PC can access the internet no problem. When I add the URL to the remoteapp it finds it and connects OK as I promtped for credentials. In then gives me the shortcuts to the application. When I launch the application it then cannot connect to the remote desktop. However if I change the DNS to external it works fine.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
However if I change the DNS to external it works fine.

Are they the same external DNS  mentioned in your forwarders and also in your Fire Wall?

What is the default gate way of your DC & the PC? Is it the IP of the Firewall or the router/Switch?

Can you create a new rule in your FW to allow full access to internet for this particular PC? and then test? (without adding the external DNS)
MattAuthor Commented:
I dont have control over the firewall but i have been working with them to resolve this issue.

Firewall probably uses different DNS

Gateway on this site goes to a router as its part of an mpls network. & site all intern goes out from another site.
 alreasy checked we have full access to the web.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Could you try the following command and post the details?

from the specific PC, run>CMD> route print
and post the details.

The issue is not with your Dc's Forwarders rather it is an issue with either your Fire Wall or the Router. In a normal LAN scenario, if a Fire Wall is deployed as Front End, the last default route   ( for Example :, where is the Fire Wall's IP) should be configured. It means that any query that is not resolved should hit the Fire Wall.

So let your Network Admins resolve the issue for you. But at the same time make sure what ever external DNS used in your Fire Wall /Router, should be added in your forwarders.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MattAuthor Commented:
The interesting thing is that i have a test machine that if I configure primary DNS to be local DC I cannot launch the remote app it fails trying to launch RDP session. However, if i change the primary dns to be  and the secondry as my local DC it works.

The other thing i dont understand is that when i make the external DNS the primary DNS server I can still ping local hosts? even if i run an ipconfig /flushdns command.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
The AD DNS are set to be the primary DNS entries to any domain joined PCs/ Servers. Other wise, it looses the authentication, GPO settings, time sync etc.. and eventually causing troubles.

For  a test purpose, add the Google DNS in your  DNS Forwarders and test but do not delete any existing  ones. If this solves the issue, then use it as temporary solution until your network guys solves the main cause of issue.

MattAuthor Commented:
Yep already done that. Still no working solution.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Is the gateway IP used in your DC and the test PC are the same?

Do you know the LAN (inside IP ) of your Fire Wall? if so add this IP as the secondary gateway in your PC and test and also please run "route print" (without quotes) in your DC and post the results.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.