disturbedone
Vendor
I have 2x W2K8R2 RWDCs on the LAN (10.11.0.7/16 and 10.11.0.8/16). About 6mths ago I added an RODC in the DMZ (172.20.95.46/16). All ~1000 Win7/8 devices have worked perfectly since. So have the ~2500 BYOD WiFi devices (iOS, Android, Win7/8, Chromebook) that authenticated to AD via a captive portal.
We've had many issues with Macs for a long time and we brought in a consultant to build a new Mac image and iron out all the issues. He's pointed out that they have intermittent issues when users try and logon and suspects it's an issue with DNS. He does a DNS lookup for domain.local and gets 3 resutls returned - 10.11.0.7, 10.11.0.8 and 172.20.95.0. Notice that it's .0 not .46. He suspects that is the issue as DNS roundrobin returns results in a different order on each attempt (as it should) and that would explain why the logon issue is intermittent. But......nslookup on Windows gives the same results. And ~2300 Win/BYOD devices have not had any issues for 6mths. It's only domain joined Macs that have a problem.
I had a look in DNS and found the following entries in the forward lookup zone for domain.local:
[ul]
[li](same as parent folder) Host (A) 10.11.0.7 4/8/2014 2:00:00AM[/li]
[li](same as parent folder) Host (A) 10.11.0.8 4/8/2014 3:00:00AM[/li]
[li](same as parent folder) Host (A) 172.20.95.0 static[/li]
[/ul]
Questions:
[ol 1]
[li]Why is the RODC a static entry when the others are dynamic?[/li]
[li]Why is the RODC a network address not a host address?[/li]
[li]Why is it only domain joined Mac devices that have issues? This is more for curiosity than anything. The fact that it's only Mac playing up doesn't surprise me as they've never played nicely on a Windows domain.[/li]
[/ol]
I could easily change the DNS entry for the RODC to the host address but that doesn't explain Q1 or Q2? I'd rather know why it's like this so I can address the root cause rather than trying to put a bandaid on it.
We've had many issues with Macs for a long time and we brought in a consultant to build a new Mac image and iron out all the issues. He's pointed out that they have intermittent issues when users try and logon and suspects it's an issue with DNS. He does a DNS lookup for domain.local and gets 3 resutls returned - 10.11.0.7, 10.11.0.8 and 172.20.95.0. Notice that it's .0 not .46. He suspects that is the issue as DNS roundrobin returns results in a different order on each attempt (as it should) and that would explain why the logon issue is intermittent. But......nslookup on Windows gives the same results. And ~2300 Win/BYOD devices have not had any issues for 6mths. It's only domain joined Macs that have a problem.
I had a look in DNS and found the following entries in the forward lookup zone for domain.local:
[ul]
[li](same as parent folder) Host (A) 10.11.0.7 4/8/2014 2:00:00AM[/li]
[li](same as parent folder) Host (A) 10.11.0.8 4/8/2014 3:00:00AM[/li]
[li](same as parent folder) Host (A) 172.20.95.0 static[/li]
[/ul]
Questions:
[ol 1]
[li]Why is the RODC a static entry when the others are dynamic?[/li]
[li]Why is the RODC a network address not a host address?[/li]
[li]Why is it only domain joined Mac devices that have issues? This is more for curiosity than anything. The fact that it's only Mac playing up doesn't surprise me as they've never played nicely on a Windows domain.[/li]
[/ol]
I could easily change the DNS entry for the RODC to the host address but that doesn't explain Q1 or Q2? I'd rather know why it's like this so I can address the root cause rather than trying to put a bandaid on it.