Answer the question
In order to leave comments, you need to log in
Problem with domain name resolution on one of the AD sites. Where to dig?
Hello dear.
Honestly, I don’t even know how to formulate the problem, even to at least google it, all some rubbish in the results comes out off topic, so I’ll ask living people
The problem is this: there is an enterprise network with AD, the domain is called central.local
There are several branches, which are listed in AD as separate sites, VPN communication, subnets are different. Each branch has its own domain controller. By ip, the networks are connected without much filtering, traffic goes freely, including between domain
controllers
Site=Central DC=PDC IP=192.168.28.2/22
Site=Central DC=SDC IP=192.168.28.1/22
Site=Bez DC=Bserv IP=192.168.1.128/22
Site=Les DC=LDC IP=192.168.11.10/24
Site=NK DC=DCNK IP=192.168.15.100/22
All domain controllers on Win2008R2, if that matters. Installed from the same distribution, the keys are only different.
Next, we will talk about the latter. Recently added a new branch (NK site) and problems started.
Everything is fine on the domain controller (DCNK), the "ping central.local" command immediately and clearly returns the address 192.168.15.100
On workstations, everything is worse:
As a result, "ping central.local" first thinks for a couple of seconds, then issues any of the IP addresses of the controllers across all sites. Moreover, which is typical, according to a certain list, gradually rotating it by 1 position. And so in a circle.
Nslookup produces an interesting result:
From a domain controller, it looks like this:
C:\Users\admin>nslookup
╤xЁthЁ
yayu єyuyўresh■
:
pdc.central.local
Address
:
192.168.28.2 .15.100
192.168.28.1
192.168.28.2
192.168.11.10
192.168.1.128
> central.Local
╤KHETHEO: pdc.Central.Local
address: 192.168.28.2
╚
╚
╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚ ╚
╚
╚ 1.128
192.168.28.1
> central.local
╤xöthö: pdc.central.local
Address: 192.168.28.2
╚ь : central.local
Addresses: 192.168.15.100
192.168.11.10
192.168.1.128
192.168.28.1
192.168.28.2
That is, it is clear that with each iteration, the "local" DNS server is constantly thrown out first, which processes the request, and the backup ones below it go in a circle gradually scrolling up. The situation is exactly the same on servers and work machines on other sites, and this is normal. As a result, everything flies and nothing slows down.
But here's what's happening on working machines on the NK site
C:\Users\admin.CENTRAL>nslookup
╤хЁтхЁ яю єюыўрэш■: dcnk.central.local
Address: 192.168.15.100
> central.local
╤KHETHEY: DCNK.Central.LOCAL
Address: 192.168.15.100
╚: Central.Local
Addresses: 192.168.10.168.1.128
192.168.28.168.16.16.100.16.100.100.16
>
central.Local
╤utscal
:
DCLETHEL
. 192.168.15.100
╚: central.local addresses
:
192.168.1.128
192.168.28.168.168.100.16.168.28.2
192.16.11.10
>
central.local
:
dsknk.central.local
address:
192.168.15.15 : 192.168.28.1
192.168.15.100
192.168.28.2
192.168.11.10
192.168.1.128
That is, it is clear that the local DNS is never a priority and "goes around" along with the rest. In the minuses of such work, respectively, a long login, at least and other delights with flying away rights, or at least not their instant application.
I rummaged through all the settings - everything seems to be beautiful in appearance, I drove DNS tests - it also does not swear at anything. What is typical, if only 192.168.15.100 is left in the DNS settings for the client's network adapter, such a pandemonium still occurs.
Another interesting feature, such a "dance" is not observed in machines that are not in the domain, as well as linux and poppies. Also, it is not observed on another server that is on the same Windows 2008,
Tell me, smart people, where to dig, what to dig?
Thanks in advance for any ideas .
PS
The domain controller literally killed yesterday along with the DNS roles and set it up in a new way. Same result, didn't work.
Answer the question
In order to leave comments, you need to log in
1. Round-Robin in DNS is the normal standard mechanism of operation.
2. Round-Robin is leveled in Microsoft DNS using the Netmask Ordering option in the DNS server settings. Perhaps it is disabled on the new server. Or the subnets are not properly located for it to work on clients.
3. Login is not directly related to the work of DNS, although it uses it, workstations choose a home domain controller using the DC Locator function, you should read how it works.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question