No DNS Suffix on Domain Controller
-
Friday of last week we had some weird DNS issues occur. After I tested a bit I realized that I couldn't ping short names like server-example but I could ping the FQDN server-example.domain.com.
nslookupalso returned the correct information both from the short name as well as the ip address.ipconfig /allshowed that the DNS Suffix Search List is blank on the domain controller. I went into system settings to see if the suffix was listed and it was. Now, normally I would disconnect the machine from the domain and then reconnect to see if that would solve the problem. What would I do in this scenario considering it's a domain controller? -
I manually deleted the DNS Suffix entry, rebooted then re-entered it and rebooted. Still same issue.
-
No idea with Windows, sorry. In the Linux world this is handled on the DHCP server, or if it's static on the client itself.
-
Well, this is a DC, so hopefully it's static.
-
@dashrender said in No DNS Suffix on Domain Controller:
Well, this is a DC, so hopefully it's static.
Rephrased. Bad sentence ha.
-
@stacksofplates said in No DNS Suffix on Domain Controller:
@dashrender said in No DNS Suffix on Domain Controller:
Well, this is a DC, so hopefully it's static.
Rephrased. Bad sentence ha.
LOL - my main intention was to say that it's likely static, so focus on the client, eluding to what you said.
-
Here is what my DNS tab looks like on my DC
https://i.imgur.com/BKc5PlG.png -
OK, now that I'm thinking this through...
Where are you trying to ping the server via the hostname only and it's failing? From the DC itself, or from another workstation?
If it's a workstation, then the workstation is what will have to know to append domain names onto the pings in hopes of finding a host record in DNS. In your case, you would likely need to add all of your different domains to your "Append these DNS suffixes (in order):" field.
If the issue is directly on the server, then there is likely a problem somewhere.
-
@dashrender The DC will of course be able to ping but that is because it's referencing itself first unless you mean that the short names resolve on the DC so even if it's not listed in
ipconfig /all, it is still functioning? -
Here is ipconfig /all on my PC.
-
@wirestyle22 said in No DNS Suffix on Domain Controller:
@dashrender The DC will of course be able to ping but that is because it's referencing itself first unless you mean that the short names resolve on the DC so even if it's not listed in
ipconfig /all, it is still functioning?So, you're saying the issue is only on other machines trying to reach the DC, is that right? I want to make sure we're on the same page.
-
-
Let's assume you have the following domains
randomcity.com
cityhall.randomcity.com
water.randomcity.com
fire.randomcity.comIf your PC is in cityhall.randomcity.com you'll be able to ping any host in cityhall.randomcity.com using just the host name, because your PC will add the DNS suffix to the search by default.
But, in your case, you're trying to ping something in the fire.randomcity.com domain. When doing this by hostname alone this will fail because your PC does not know about fire.randomcity.com so it will never try to resolve hostname.fire.randomcity.com.
Of course, you can make your PC aware of all of the domains it's not part of by editing the DNS tab of your IP settings (or pushing the inform out via DHCP) to include all of the domains you want to be able to ping by hostname alone.
Word of warning - each domain can have the same hostname as another domain, i.e. you can have PC1 in both fire.randomcity.com and water.randomcity.com and randomcity.com and cityhall.randomcity.com, etc. This means that you will get resolved to the first host that your machine runs into according to your DNS suffix list order, starting with the domain that you are in (which won't be in the list).https://i.imgur.com/iQHcb5n.png
You'll notice in this picture, cityhall.randomcity.com is not in the list, that is because I previously mentioned that your PC is in cityhall.randomcity.com, so it does not need to be here, this list is appended to what your PC does by default (which is append whatever domain you are part of). -
Now Wired said to me - uh, but this worked last week with nothing in this list, why is it not working now.
Previous conversations with Wired included that Wired is trying to remove WINS from his network. I'm guessing that WINS was working well enough (though was having issues) to get around this issue. It's also likely there were no duplicate hostnames, so again WINS was able to provide resolution to the desired machine.
-
@dashrender said in No DNS Suffix on Domain Controller:
Now Wired said to me - uh, but this worked last week with nothing in this list, why is it not working now.
Previous conversations with Wired included that Wired is trying to remove WINS from his network. I'm guessing that WINS was working well enough (though was having issues) to get around this issue. It's also likely there were no duplicate hostnames, so again WINS was able to provide resolution to the desired machine.
Yeah, that has to be why. I actually said I think WINS was resolving things for us yesterday but didn't fully understand why. Thanks for the clarification today.
-
WINS can hide a lot of DNS issues.
-
@dashrender said in No DNS Suffix on Domain Controller:
WINS can hide a lot of DNS issues.
Good point.
-
So since we are taking 5 domains and condensing everything into one single domain, would it not make more sense to map applications and drives through IP address since the FQDN will change?
-
I don't agree with changing mapping to use IPs.
JB hates IPs so much that he makes DHCP reservations for things like Printers.
To this end, I would create DNS records that are cnames to other records, etc back to the final domain where the servers will live.
-
In thinking about this - I mentioned adding additional domains to the search suffix list.
While this is doable for a few PCs, or if you are using DHCP, I was thinking -
For the primary things you'll be searching for by shortname from the 'other' domains, create cname records in the local domains pointing to the real host in the real domain.
Example
The DB server is DB1.fire.randomcity.com
A user in water.randomcity.com needs to access the DB server.
Create a cname in the water.randomcity.com DNS server called DB1 that points to DB1.fire.randomcity.com
This allows the user in the water domain to connect to 'DB1' and they will be pointed to the server via DNS over to the server in the fire domain. No change to the client's DNS search suffix list required.This does assume that there is not a server called DB1 in the water domain.
