As I was doing some troubleshooting with DNS, and based on some research I've done, I have made a couple of changes on the root of the CVUSD domain that everyone should be aware of, just in case there is an issue.
The problem that we were having is that DNS was sometimes unreliably resolving addresses, especially if going from the parent domain to the child domain, while pointing to the "NetBios" name of the workstation.
Part of the problem, is that since we're running one DHCP server on each site, (and the DO), and each DHCP server can only have one string for the DNS domain name, it is not impossible to allow DHCP to specify the correct DNS suffix on the machines based on their domain memberships.
For this reason, the following changes were made:
A new policy in the CVUSD root domain has been made called: Miscellaneous Policies.
The following policies have been enabled and configured under: Administrative Templates/Network/DNS Client:
(Some of these settings are ones that some of us are used to manually configure, and some are brand new)
The problem that we were having is that DNS was sometimes unreliably resolving addresses, especially if going from the parent domain to the child domain, while pointing to the "NetBios" name of the workstation.
Part of the problem, is that since we're running one DHCP server on each site, (and the DO), and each DHCP server can only have one string for the DNS domain name, it is not impossible to allow DHCP to specify the correct DNS suffix on the machines based on their domain memberships.
For this reason, the following changes were made:
A new policy in the CVUSD root domain has been made called: Miscellaneous Policies.
The following policies have been enabled and configured under: Administrative Templates/Network/DNS Client:
(Some of these settings are ones that some of us are used to manually configure, and some are brand new)
- Register PTR records: A PTR (Pointer Record, aka. Reverse Lookup Address) will now be created only when a successful A Record has been created
- Dynamic DNS Updates: Enabled.
- Primary DNS Suffix: This is set to chino.k12.ca.us. (in the STUDENT domain, it would be set to student.chino.k12.ca.us, and in the STUDENT2 domain, it would be set to student2.chino.k12.ca.us)
- DNS Suffix Search List: This is set to chino.k12.ca.us, student.chino.k12.ca.us, student2.chino.k12.ca.us. (In the STUDENT and STUDENT2 domains, the child domain's suffix will be first in the search list.
- Primary DNS Suffix Devolution: This is enabled. I am hoping that this will make our lookups more reliable. What this means is that if we lookup a machine in the student domain by its FQDN: i.e: machine.student.chino.k12.ca.us, if the lookup fails, the DNS query will start stripping the subdomains one at a time, until it looks up NetBIOS name, which either gets resolved by DNS, or by the pre-configured suffix list.
Again, this is only configured on the root domain of the CVUSD parent domain. and not on STUDENT, or STUDENT2. If we don't see any issues with this change in the next days, I will do the same implementation on the child domains.
- This change was made on 02/18/2011 @ 11:00am
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.