Matt
asked on
DNS - primary and seconary lookup
Hi all,
I have a 2012 domain. A machine (win 8) added to the domain needs to access a remote app that wont seem to launch when set with internal DNS. As a work around I thought I could use a external from an ISP as the primary DNS and our local DC as the secondary DNS address.
If I do this should I then stlil abbe able to resolve internal records?
I have a 2012 domain. A machine (win 8) added to the domain needs to access a remote app that wont seem to launch when set with internal DNS. As a work around I thought I could use a external from an ISP as the primary DNS and our local DC as the secondary DNS address.
If I do this should I then stlil abbe able to resolve internal records?
Are you accessing you machine from outside(internet/WAN) ?
OR
from lan ?
OR
from lan ?
ASKER
I have got forwarders in place. Sorry if im being stupid here but if we didn't would we not be able to ping google etc internally?
I have got forwarders in place
OK. How the internet distributed in your LAN? Using a Fire wall /UTM/Proxy or something else?
Zac
ASKER
Firewall at the moment soon to be UTM
Can this PC access internet? and if so , can you check the logs in fire wall, when you try to access the specific APPS from the domain joined PC?
Zac.
Zac.
ASKER
Yes the PC can access the internet no problem. When I add the URL to the remoteapp it finds it and connects OK as I promtped for credentials. In then gives me the shortcuts to the application. When I launch the application it then cannot connect to the remote desktop. However if I change the DNS to external it works fine.
However if I change the DNS to external it works fine.
Are they the same external DNS mentioned in your forwarders and also in your Fire Wall?
What is the default gate way of your DC & the PC? Is it the IP of the Firewall or the router/Switch?
Can you create a new rule in your FW to allow full access to internet for this particular PC? and then test? (without adding the external DNS)
ASKER
I dont have control over the firewall but i have been working with them to resolve this issue.
Firewall probably uses different DNS
Gateway on this site goes to a router as its part of an mpls network. & site all intern goes out from another site.
alreasy checked we have full access to the web.
Firewall probably uses different DNS
Gateway on this site goes to a router as its part of an mpls network. & site all intern goes out from another site.
alreasy checked we have full access to the web.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The interesting thing is that i have a test machine that if I configure primary DNS to be local DC I cannot launch the remote app it fails trying to launch RDP session. However, if i change the primary dns to be 8.8.8.8 and the secondry as my local DC it works.
The other thing i dont understand is that when i make the external DNS the primary DNS server I can still ping local hosts? even if i run an ipconfig /flushdns command.
The other thing i dont understand is that when i make the external DNS the primary DNS server I can still ping local hosts? even if i run an ipconfig /flushdns command.
The AD DNS are set to be the primary DNS entries to any domain joined PCs/ Servers. Other wise, it looses the authentication, GPO settings, time sync etc.. and eventually causing troubles.
For a test purpose, add the Google DNS in your DNS Forwarders and test but do not delete any existing ones. If this solves the issue, then use it as temporary solution until your network guys solves the main cause of issue.
Zac.
For a test purpose, add the Google DNS in your DNS Forwarders and test but do not delete any existing ones. If this solves the issue, then use it as temporary solution until your network guys solves the main cause of issue.
Zac.
ASKER
Yep already done that. Still no working solution.
Is the gateway IP used in your DC and the test PC are the same?
Do you know the LAN (inside IP ) of your Fire Wall? if so add this IP as the secondary gateway in your PC and test and also please run "route print" (without quotes) in your DC and post the results.
Zac.
Do you know the LAN (inside IP ) of your Fire Wall? if so add this IP as the secondary gateway in your PC and test and also please run "route print" (without quotes) in your DC and post the results.
Zac.
Once this is done, any query to external should be get resolved through the forwarders.
It is not a good idea to add the ISP's DNS in a domain joined PC.
Zac.