All our machines are connected to a VPN if they aren't on our local network, we've had no issues over the domain before.
So I get a laptop and try to connect it to the domain, do the same thing I do on all other machines (for laptops we set it as Local Network > VPN > Google DNS):
1- Configure the DNS:
It was a laptop, so I added the following, Local network (192.168.123.321), the VPN (10.1.2.3) and then the google DNS server (8.8.8.8).
2- Head over to the advanced settings and open Network ID:
"bar-technology.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.bar-technology.local
Common causes of this error include the following:
- The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
8.8.8.8
10.1.2.3
192.168.123.321
- One or more of the following zones do not include delegation to its child zone:
bar-technology.local
local
. (the root zone)
I have never had the issue on a device with the domain before, and I cant figure out what's wrong? Its currently on the local network, so I tried running it like its on the local network, nothing.
So what do I do from here?
(
192.168.123.321 is the domain and DNS server
10.1.2.3 is the domain and DNS server on the VPN
8.8.8.8 is the google DNS server
bar-technology.local is the domain (I also tried the NetBIOS name BAR-TECHLOCAL)
)
Make sure that the first server in your list knows about your AD domain. Since Windows supports per-interface DNS servers, make sure the VPN interface has higher priority than the LAN interface, and that bar-technology.local
is among the configured per-interface domain suffixes.
When you configure multiple DNS resolver addresses on a single interface, they're only tried in case of temporary failure – either if a request timed out and failed to produce a reply at all, or if the reply was along the lines of "server failure".
"No such domain", however, is a permanent error and does not cause a retry. In fact the negative reply even gets cached by the OS.
In other words: If the system starts with your LAN server (192.168.x) and receives a reply "bar-technology.local doesn't exist", that's it – it will not keep trying other DNS servers; it will just accept that the domain doesn't exist.
(Using *.local
for anything but mDNS is also a bad idea, but probably too late to rename…)
User contributions licensed under CC BY-SA 3.0