Windows Server 2016 Fails to Resolve Local Addresses for Local Workstations
I have Windows Server 2016 box with DNS configured. From the server itself, I can query DNS entries that are configured, including making new ones up. I'll get back whatever I put in the zone.
But from workstations, they can resolve public websites just fine using that Windows box, but they cannot resolve any local addresses.
What am I missing?
But from workstations, they can resolve public websites just fine using that Windows box, but they cannot resolve any local addresses.
What am I missing?
Have you checked the workstation DNS settings (by running ipconfig /all from a CMD prompt)? What are ALL of the DNS servers that are shown there?
To check DNS resolution from a workstation without involving any other name-resolution method, run nslookup <name> <server_ip> from a command prompt, where <name> is the name you want to resolve to an IP and <server_ip> is the IP address of the DNS server.
For example, nslookup workstation1.mydomain.com 192.168.242.50 will query the DNS server at 192.168.242.50 for the IP address of the machine named workstation1.mydomain.com,
Does nslookup return anything when you query the DNS server for a workstation's name?
For example, nslookup workstation1.mydomain.com 192.168.242.50 will query the DNS server at 192.168.242.50 for the IP address of the machine named workstation1.mydomain.com,
Does nslookup return anything when you query the DNS server for a workstation's name?
ASKER
@DrDave242, this is what I've been doing.
The server's hostname is platinum-server, its IP address is 192.168.254.3.
All machines are currently set to send DNS queries to 192.168.254.254 as that's a known working DNS server.
None of the workstations are joined to the domain at this point.
When running the following from a workstation:
nslookup > server 192.168.254.3 > google.com, I receive a valid answer. I receive valid answers for any domain I query on the web. However, if I query platinum-server, I don't get an answer. HOWEVER, if I run nslookup from the server, set to send queries to 192.168.254.3, I get valid answers for any A record that's configured in Windows DNS and any domains on the web. So I think DNS is working on the server, it just won't send queries to workstations for anything that's on the LAN.
To be specific, the answer I receive on a workstation when I query platinum-server is
But if I send a query for Google.com the answer I get is:
The server's hostname is platinum-server, its IP address is 192.168.254.3.
All machines are currently set to send DNS queries to 192.168.254.254 as that's a known working DNS server.
None of the workstations are joined to the domain at this point.
When running the following from a workstation:
nslookup > server 192.168.254.3 > google.com, I receive a valid answer. I receive valid answers for any domain I query on the web. However, if I query platinum-server, I don't get an answer. HOWEVER, if I run nslookup from the server, set to send queries to 192.168.254.3, I get valid answers for any A record that's configured in Windows DNS and any domains on the web. So I think DNS is working on the server, it just won't send queries to workstations for anything that's on the LAN.
To be specific, the answer I receive on a workstation when I query platinum-server is
[192.168.254.3] can't find platinum-server: server failed.But if I send a query for Google.com the answer I get is:
server: [192.168.254.3]
Address: 192.168.254.3
Non-authoratitive answer:
Name: Google.com
Addresses: 2607Lf8b0:4000:80e::200e
172.217.9.142
All machines are currently set to send DNS queries to 192.168.254.254 as that's a known working DNS server.
In order for the workstations to be able to resolve local network names, there needs to be a few things...
1. A DNS server with a root zone assigned. Routers don't always qualify under this requirement, so if 192.168.254.254 is a router, it likely doesn't have a DNS zone associated with it and isn't retaining internal DNS records. It's just forwarding DNS requests to public DNS.
2. Workstations need to be configured to use the DNS server from 1 as their primary.
3. Workstations need to be configured to register themselves in DNS
4. In Windows, there's a bit of a built in shortcut for resolving LAN-based computer names. There's a list of DNS Domain Names that get automatically appended when you do a dns lookup that doesn't include the full FQDN (host.domain.com) of the remote system. So the Root Zone from #1 needs to be on the list of domains that get appended automatically. Otherwise you will always need to put in the full FQDN when resolving the computer name.
DHCP can be configured to provide workstations with a default domain name, DNS server, and other information that helps them work with internal DNS, but the key you probably need to focus on is getting the workstations to point to the DNS server instead of the router for DNS lookups. They'll register themselves in DNS automatically as long as the configured DNS domain matches one of the domain zones on the DNS server.
Make sense?
If you look at the forward zone on the DNS server, do you see an entry for platinum-server?
"All machines are currently set to send DNS queries to 192.168.254.254 as that's a known working DNS server. ": Why are you pointing them there rather than to 192.168.254.3?
DrDave gave an excellent suggestion. Try nslookup platinum-server.mydomain.
"All machines are currently set to send DNS queries to 192.168.254.254 as that's a known working DNS server. ": Why are you pointing them there rather than to 192.168.254.3?
DrDave gave an excellent suggestion. Try nslookup platinum-server.mydomain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So the domain is platinum.local. The server's name is platinum-server.
Looking at things a bit slower, I do see that the server is appending the domain when I run queries from the server.
So if I query platinum-local from the server I receive platinum-server.platinum.l
If I query from a workstation using FQDN then it does work just fine. I think I've done this before with domain attached computers so it didn't hit me until you pointed out that the suffix is automatically added for domain computers.
Thank you all for your help, I'm going to close this thread.
Looking at things a bit slower, I do see that the server is appending the domain when I run queries from the server.
So if I query platinum-local from the server I receive platinum-server.platinum.l
If I query from a workstation using FQDN then it does work just fine. I think I've done this before with domain attached computers so it didn't hit me until you pointed out that the suffix is automatically added for domain computers.
Thank you all for your help, I'm going to close this thread.
ASKER
So the domain is platinum.local. The server's name is platinum-server.
Looking at things a bit slower, I do see that the server is appending the domain.
So if I query platinum-local from the server I receive platinum-server.platinum.l
If I query from a workstation using FQDN then it does work just fine. I think I've done this before with domain attached computers so it didn't hit me until you pointed out that the suffix is automatically added for domain computers.
Thank you all for your help, I'm going to close this thread.
Looking at things a bit slower, I do see that the server is appending the domain.
So if I query platinum-local from the server I receive platinum-server.platinum.l
If I query from a workstation using FQDN then it does work just fine. I think I've done this before with domain attached computers so it didn't hit me until you pointed out that the suffix is automatically added for domain computers.
Thank you all for your help, I'm going to close this thread.
Have you set the DNSSuffix in the TCP/IP connections? Sounds like you need to create a group policy and push that out.
Regards,
Alex