DNS active, but basically not even there

[jonoman123]

Running Server 2008 Standard R2. It's the only DC in the AD environment and is the AD server.

All clients trying to connect are Windows 7 Pro.

IPv6 has been disabled on the server and all clients.

Basically my DNS is not working at all from this server. I set up the DNS, and the clients could not join the domain unless I put the server into the primary DNS entry on each and every client. I noticed the server had a .com instead of a .local domain setup, so I blew away the server completely in the Array utility and started over, being careful to NOT make the server a .com domain.

That didn't help anything. Clients still cannot join the domain unless I put the PDC as the primary DNS entry on each client. Okay, so great, I put that in and it works. That also happens to be the only way I see that client as a Host (A) DNS entry as well. Once I join the domain, and as long as that client has the DNS entry, everything works.

As soon as I remove that DC address as the primary DNS on the host, it quits accessing the internet (yellow triangle on the NIC status) and the host entry disappears in DNS on the DC!

Obviously, I don't have DNS set up right. The wizard at install was pretty straightforward. I don't see how I could have screwed that up. I set the DC itself, as recommended, as the primary DNS, and the secondary is 8.8.8.8 (Google.) Once completed, the NIC on the server's DNS is 127.0.0.1, which is how every other server running the DNS server is that I have, and is what everyone tells me is correct.

Ipconfig /all on the clients resolves on 8.8.8.8, which should be the secondary. In other words, all my DNS entries look correct, but it's the DNS server isn't even there unless I specify the host to point to the DC for DNS.

Where did I go wrong in my DNS server setup?

 

[normntwrk]

I don't think you should be listing 8.8.8.8 as your secondary , you should do that under the forwarders tab to forward any unresolved requests. The PC's should not list 8.8.8.8 as a secondary if you have an internal email server as Goggle will resolve the IP address to your external IP





Norm

 

[nk1234]

Hope I've understood your issue correctly.

Your new DC is the authoritative (and only?) DNS server for the new AD domain?

Your clients need to be able to find and resolve this DNS domain in order to find the AD services and join the domain. Therefore your clients either need to point to the DC for DNS (either manually or passed from DHCP)OR the other DNS server(s) in your environment need to be able to resolve this recursively.

If you have other DNS servers in your environment, make sure that the necessary delegations / forwarders are in place and that they are recursive. Also make sure that there are no ACLs on the DC DNS stopping other DNS servers from querying.

In my experience, providing the clients can resolve the DNS for the domain, there should be no DNS issue stopping them from joining.

If your clients are set to register themselves in DNS (check their TCP/IP settings) they can only do this if they can find the domain SOA (authoritative DNS server which I believe is your PDC) AND there are no ACLs preventing this.

I have no idea why anyone would configure a 8.8.8.8 as a DNS resolver, this isn't something that I have come across before. Personally I'd leave it blank unless you have another valid resolver address to configure.

Hope this helps.

 

[nk1234]

Just to be clear, if 8.8.8.8 is a google DNS server and you want to go out to the internet for DNS then thats valid, my response has assumed an entirely 'internal' environment.