Re: DNS resolution problem

Roger is right on. Here is a best practice for your sites.

http://technet2.microsoft.com/WindowsServer/en/library/86417143-92b6-431b-8439-91f456e921dd1033.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Magnus Kirkerud" <MagnusKirkerud@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:37BAA6A3-8B98-4C1E-8D86-2C7DE3B39237@xxxxxxxxxxxxxxxx
Thanks for the reply and sorry that my description of the problem was a
little bit inaccurate. I assumed that site configuration might be the
answer
so I will check this out.
--

Magnus


"Roger Abell [MVP]" wrote:

It sounds as though you should be using site definitions so that
clients will prefer DCs in their site (i.e. the network segments
that they can reach). Round robin actually returns a list of IPs
that meet the query, but with a different one at head of list each
time. Normally clients will attempt to locate site-local services
via their DNS and LDAP queries, and that is the most that you
can leverage within the AD architecture without going to use
of a non-uniform DNS setup as is used in some star network
(hub/spoke) designs.

Roger

"Magnus Kirkerud" <MagnusKirkerud@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:E3337C5D-02A5-4457-BE24-AD8B4A2E2AEA@xxxxxxxxxxxxxxxx
Hi

I have a Active Directory infrastructure with a few domain controllers
segregated by a firewall. All DC's are running Active Directory
integrated
DNS and round robin is enabled.

When clients resolve <mydomain>.com they receive the IP address for one
domain controller depending on who is next in the round robin list.
This
mean
that clients often receive name and IP address for a DC located on the
other
side of the firewall. The problem is that the firewall block all
communication from clients to DC's on the other side of the firewall.

Is it possible to configure DNS in a way that only DC's on the clients
side
of the firewall is returned when they resolve <mydomain>.com?

--
Regards
Magnus





.

Relevant Pages

  • Sendmail Conf query
    ... There is a Firewall in between two domains. ... The entry of the Firewall is existing in the DNS server ... All the HP unix clients are working ok,and are able sending mails to the mail ...
    (SunManagers)
  • Re: Using DNS & DHCP in multiple sites...
    ... > allow the clients to send requests over the VPN. ... Test that first - since you use your Firewall as VPN-Hub + DHCP-Relay ... > do I just set up DNS forwarding on each of the remote sites DNS ... DNS-Server, or to a DNS-Server in a DMZ or at your ISPs (or your ...
    (microsoft.public.windows.server.active_directory)
  • SBS 2003 Strange Problem
    ... firewall. ... The clients can get onto the web, but the server cannot. ... The server is configured with DNS, ...
    (microsoft.public.windows.server.sbs)
  • SBS 2003 Strange Problem
    ... firewall. ... The clients can get onto the web, but the server cannot. ... The server is configured with DNS, ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Clients still logging into Netbios Domain after in place upgrade
    ... Are the clients pointing to the AD dns server? ... MVP - Directory Services ... The majority of the clients still show as members of timeline domain ...
    (microsoft.public.windows.server.active_directory)
Loading