No DNS Suffix on Domain Controller
-
@wirestyle22 said in No DNS Suffix on Domain Controller:
@dashrender The DC will of course be able to ping but that is because it's referencing itself first unless you mean that the short names resolve on the DC so even if it's not listed in
ipconfig /all
, it is still functioning?So, you're saying the issue is only on other machines trying to reach the DC, is that right? I want to make sure we're on the same page.
-
-
Let's assume you have the following domains
randomcity.com
cityhall.randomcity.com
water.randomcity.com
fire.randomcity.comIf your PC is in cityhall.randomcity.com you'll be able to ping any host in cityhall.randomcity.com using just the host name, because your PC will add the DNS suffix to the search by default.
But, in your case, you're trying to ping something in the fire.randomcity.com domain. When doing this by hostname alone this will fail because your PC does not know about fire.randomcity.com so it will never try to resolve hostname.fire.randomcity.com.
Of course, you can make your PC aware of all of the domains it's not part of by editing the DNS tab of your IP settings (or pushing the inform out via DHCP) to include all of the domains you want to be able to ping by hostname alone.
Word of warning - each domain can have the same hostname as another domain, i.e. you can have PC1 in both fire.randomcity.com and water.randomcity.com and randomcity.com and cityhall.randomcity.com, etc. This means that you will get resolved to the first host that your machine runs into according to your DNS suffix list order, starting with the domain that you are in (which won't be in the list).https://i.imgur.com/iQHcb5n.png
You'll notice in this picture, cityhall.randomcity.com is not in the list, that is because I previously mentioned that your PC is in cityhall.randomcity.com, so it does not need to be here, this list is appended to what your PC does by default (which is append whatever domain you are part of). -
Now Wired said to me - uh, but this worked last week with nothing in this list, why is it not working now.
Previous conversations with Wired included that Wired is trying to remove WINS from his network. I'm guessing that WINS was working well enough (though was having issues) to get around this issue. It's also likely there were no duplicate hostnames, so again WINS was able to provide resolution to the desired machine.
-
@dashrender said in No DNS Suffix on Domain Controller:
Now Wired said to me - uh, but this worked last week with nothing in this list, why is it not working now.
Previous conversations with Wired included that Wired is trying to remove WINS from his network. I'm guessing that WINS was working well enough (though was having issues) to get around this issue. It's also likely there were no duplicate hostnames, so again WINS was able to provide resolution to the desired machine.
Yeah, that has to be why. I actually said I think WINS was resolving things for us yesterday but didn't fully understand why. Thanks for the clarification today.
-
WINS can hide a lot of DNS issues.
-
@dashrender said in No DNS Suffix on Domain Controller:
WINS can hide a lot of DNS issues.
Good point.
-
So since we are taking 5 domains and condensing everything into one single domain, would it not make more sense to map applications and drives through IP address since the FQDN will change?
-
I don't agree with changing mapping to use IPs.
JB hates IPs so much that he makes DHCP reservations for things like Printers.
To this end, I would create DNS records that are cnames to other records, etc back to the final domain where the servers will live.
-
In thinking about this - I mentioned adding additional domains to the search suffix list.
While this is doable for a few PCs, or if you are using DHCP, I was thinking -
For the primary things you'll be searching for by shortname from the 'other' domains, create cname records in the local domains pointing to the real host in the real domain.
Example
The DB server is DB1.fire.randomcity.com
A user in water.randomcity.com needs to access the DB server.
Create a cname in the water.randomcity.com DNS server called DB1 that points to DB1.fire.randomcity.com
This allows the user in the water domain to connect to 'DB1' and they will be pointed to the server via DNS over to the server in the fire domain. No change to the client's DNS search suffix list required.This does assume that there is not a server called DB1 in the water domain.