I have a Windows 2008 R2 Active Directory with several domain controllers, all with DNS. This is spread over three locations, interconnected with site to site VPN. All computers and servers are on the same domain.
My problem is that I only get partial results when accessing a DNS server from one of the other sites (on a different subnet).
Example from the same site (subnet) the DC is on:
> serverfault.com
Server: ad03.mycompany.local
Address: 10.40.49.50
Non-authoritative answer:
Name: serverfault.com
Address: 69.59.196.212
> devapps.mycompany.local
Server: ad03.mycompany.local
Address: 10.40.49.50
Name: devapps.mycompany.local
Address: 10.101.30.152
Example from a different site (subnet) than the DC:
> serverfault.com
Server: ad03.mycompany.local
Address: 10.40.49.50
Non-authoritative answer:
Name: serverfault.com
Address: 69.59.196.212
> devapps.mycompany.local
Server: ad03.mycompany.local
Address: 10.40.49.50
*** ad03.mycompany.local can't find devapps.mycompany.local: Non-existent domain
As seen DNS lookup to public (forwarded) addresses works from everywhere, while local (active directory) addresses only work from the local subnet (not over VPN).
Why does this happen? Is this a security feature of Windows 2008 R2? I presume firewall is not the problem, since both queries go over the same channel.
Edit: I have now enabled debug logs as suggested by John Röthlisberger and I have proven that my packages actually do not arrive at the server. It seems that the VPN setup somewhere redirects my DNS packages to a different server, i.e. my server is not the cause of this problem.
-
The response "can't find devapps.mycompany.local: Non-existent domain" suggests that you are correctly talking to the DNS server so it doesn't appear to be a network or firewall issue. Enable debug logging on the DNS server to get a better idea of what's going on.
From John Röthlisberger
0 comments:
Post a Comment