All our machines are connected to a VPN if they aren't on our local network, we've had no issues over the domain before.
So I get a laptop and try to connect it to the domain, do the same thing I do on all other machines (for laptops we set it as Local Network > VPN > Google DNS):
1- Configure the DNS:
It was a laptop, so I added the following, Local network (192.168.123.321), the VPN (10.1.2.3) and then the google DNS server (22.214.171.124).
2- Head over to the advanced settings and open Network ID:
"bar-technology.local": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.bar-technology.local Common causes of this error include the following: - The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 126.96.36.199 10.1.2.3 192.168.123.321 - One or more of the following zones do not include delegation to its child zone: bar-technology.local local . (the root zone)
I have never had the issue on a device with the domain before, and I cant figure out what's wrong? Its currently on the local network, so I tried running it like its on the local network, nothing.
So what do I do from here?
192.168.123.321 is the domain and DNS server
10.1.2.3 is the domain and DNS server on the VPN
188.8.131.52 is the google DNS server
bar-technology.local is the domain (I also tried the NetBIOS name BAR-TECHLOCAL)
Make sure that the first server in your list knows about your AD domain. Since Windows supports per-interface DNS servers, make sure the VPN interface has higher priority than the LAN interface, and that
bar-technology.local is among the configured per-interface domain suffixes.
When you configure multiple DNS resolver addresses on a single interface, they're only tried in case of temporary failure – either if a request timed out and failed to produce a reply at all, or if the reply was along the lines of "server failure".
"No such domain", however, is a permanent error and does not cause a retry. In fact the negative reply even gets cached by the OS.
In other words: If the system starts with your LAN server (192.168.x) and receives a reply "bar-technology.local doesn't exist", that's it – it will not keep trying other DNS servers; it will just accept that the domain doesn't exist.
*.local for anything but mDNS is also a bad idea, but probably too late to rename…)
User contributions licensed under CC BY-SA 3.0