ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    How does name resolution work in AD?

    IT Discussion
    windows dns ad
    5
    15
    277
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Pete.S
      Pete.S last edited by

      When you have a Windows 10 client and access a Windows intranet webserver that belongs to a domain (and you have AD and the whole shebang), is the client using DNS to resolve the server name or is it using something else?

      scottalanmiller 1 Reply Last reply Reply Quote 0
      • Dashrender
        Dashrender last edited by

        By default it's using DNS.

        It could fall back on NetBIOS over IP though... if that protocol is enabled.

        Pete.S 1 Reply Last reply Reply Quote 2
        • Pete.S
          Pete.S @Dashrender last edited by Pete.S

          @Dashrender said in How does name resolution work in AD?:

          By default it's using DNS.

          It could fall back on NetBIOS over IP though... if that protocol is enabled.

          So if port 53 is blocked somewhere it will use NetBIOS instead?

          Is that a client or AD/DNS setting or both? Is it enabled by default?

          JaredBusch Dashrender 2 Replies Last reply Reply Quote 0
          • JaredBusch
            JaredBusch @Pete.S last edited by

            @Pete-S said in How does name resolution work in AD?:

            So if port 53 is blocked somewhere

            blocked to the internal domain controller? You have other issues on that site.

            1 Reply Last reply Reply Quote 2
            • thwr
              thwr last edited by thwr

              A client first polls his hosts-file. Next is always DNS. If that doesn't work, WINS might kick in (you better don't run WINS).

              If all that fails, the client will fall back to whatever he has available on his side, like NetBIOS.

              scottalanmiller 1 Reply Last reply Reply Quote 0
              • scottalanmiller
                scottalanmiller @Pete.S last edited by

                @Pete-S said in How does name resolution work in AD?:

                is the client using DNS to resolve the server name or is it using something else?

                Since Windows 2000, DNS was the default. WINS was used as well for a long time, but is no longer needed, but sometimes used.

                1 Reply Last reply Reply Quote 1
                • scottalanmiller
                  scottalanmiller @thwr last edited by

                  @thwr said in How does name resolution work in AD?:

                  A client first polls his lmhosts-file. Next is always DNS.

                  Always HOSTS before DNS.

                  thwr 1 Reply Last reply Reply Quote 0
                  • thwr
                    thwr @scottalanmiller last edited by

                    @scottalanmiller said in How does name resolution work in AD?:

                    @thwr said in How does name resolution work in AD?:

                    A client first polls his lmhosts-file. Next is always DNS.

                    Always HOSTS before DNS.

                    ah, my bad. hosts is correct, lmhosts is something even older

                    1 Reply Last reply Reply Quote 0
                    • Dashrender
                      Dashrender @Pete.S last edited by

                      @Pete-S said in How does name resolution work in AD?:

                      @Dashrender said in How does name resolution work in AD?:

                      By default it's using DNS.

                      It could fall back on NetBIOS over IP though... if that protocol is enabled.

                      So if port 53 is blocked somewhere it will use NetBIOS instead?

                      Is that a client or AD/DNS setting or both? Is it enabled by default?

                      JB is right - this is all internal traffic. Your AD/DNS servers should have port 53 fully exposed to the internal network.

                      This is a client call from the PC to the server, so the server is what has to have the ports open on the firewall. typically MS's processes will take care of enabling this for you when you install DNS on a Windows Server - though, it's always possible to break this.

                      1 Reply Last reply Reply Quote 0
                      • Pete.S
                        Pete.S last edited by

                        I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                        I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                        scottalanmiller thwr 2 Replies Last reply Reply Quote 0
                        • scottalanmiller
                          scottalanmiller @Pete.S last edited by

                          @Pete-S said in How does name resolution work in AD?:

                          I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                          I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                          This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

                          Dashrender 1 Reply Last reply Reply Quote 1
                          • Dashrender
                            Dashrender @scottalanmiller last edited by

                            @scottalanmiller said in How does name resolution work in AD?:

                            @Pete-S said in How does name resolution work in AD?:

                            I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                            I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                            This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

                            Exactly - have you or anyone else added these servers to AD's DNS?

                            Pete.S 1 Reply Last reply Reply Quote 0
                            • thwr
                              thwr @Pete.S last edited by thwr

                              @Pete-S said in How does name resolution work in AD?:

                              I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                              I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                              Have you configured them in your DNS too or does your Linux servers DHCP client automatically update DNS? No client cares about a Linux hostname 🙂

                              1 Reply Last reply Reply Quote 0
                              • Pete.S
                                Pete.S @Dashrender last edited by Pete.S

                                @Dashrender said in How does name resolution work in AD?:

                                @scottalanmiller said in How does name resolution work in AD?:

                                @Pete-S said in How does name resolution work in AD?:

                                I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                                I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                                This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

                                Exactly - have you or anyone else added these servers to AD's DNS?

                                They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com. So client accessing the service would find it with https://logistics

                                Dashrender 1 Reply Last reply Reply Quote 0
                                • Dashrender
                                  Dashrender @Pete.S last edited by

                                  @Pete-S said in How does name resolution work in AD?:

                                  @Dashrender said in How does name resolution work in AD?:

                                  @scottalanmiller said in How does name resolution work in AD?:

                                  @Pete-S said in How does name resolution work in AD?:

                                  I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

                                  I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

                                  This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

                                  Exactly - have you or anyone else added these servers to AD's DNS?

                                  They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com.

                                  if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server.
                                  each name is it's own entry.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post