1

I have a small office network with router (running OpenWRT), Windows Domain Controller (used to be 2008R2; I just backed it up and upgraded to 2012), about a dozen AD clients (3 server and windows workstation) and several non-AD clients (network printer, PBX).

The problem is that the clients can't access servers by name (only by IP). I tried all kind of permutations. Right now domain controller runs DNS server for all desktops; but unless I put an entry in hosts file - I can only get by IP. I have router as DHCP server (since not all devices are on AD); and except for Domain Controller all IP addresses, including "static", are assigned by the router.

Most frustrating, some servers sometimes just work! for example, I can often get to the Linux box by name (it is part of Domain using Beyond Trust Integration Services); but I can never get to SQL Server box. Seems like non-domain devices see more names than domain members...

This network should be fairly typical; but I couldn't get any guidance about how to set up DNS/DHCP service to make all nodes happy. The closest is this question, but still it's different!

Thanks

Felix
  • 533
  • 4
  • 10
  • 23
  • 1
    Do the systems successfully resolve the active directory domain's name? How about the names of domain controllers? Active Directory won't work without those things, but maybe it's working only due to NetBIOS name resolution.. Can you test what specific responses come back from the domain controller's DNS when you query for the fully-qualified name of an entry in the domain's DNS zone with `nslookup` (or `dig` on the linux box)? – Shane Madden Nov 17 '12 at 08:25
  • just wondering what was the reason for downgrading the question... urrgh! – Felix Nov 17 '12 at 19:33

3 Answers3

7

I'm a little confused by some of your terminology:

"and except for Domain Controller all IP addresses, including "static", are assigned by the router." -- uh... no. If the router is assigning addresses then they're not static.

"I have router as DHCP server (since not all devices are on AD)" -- Not sure why you've done this. Devices do not need to be a member of an Active Directory Domain to use DHCP services provided by a Windows server.

As for "how to set up DNS/DHCP service to make all nodes happy",Ii should be very simple.

  • A Windows server, probably the domain controller on a small network, should be providing DHCP.
  • The domain controllers (ideally you'd have more than one?) should have the DNS role installed and configured to support AD, and DNS should forward any requests it cannot resolve to the ISP's DNS servers.
  • The clients should have their DNS settings configured to point to the DNS server, and their gateway should point to the router.
  • Local firewall on each windows system (server or client) should either be disabled or, more ideally, should be correctly configured to see the whole of your internal IP address scheme as a workplace network, with an appropriately configured domain profile.
Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • that's why I put "static" in quotes - it is DHCP, just that it's always the same IP (by MAC address), so I can put it in the hosts file. So, I started with the simple setup that you described. I think my problem was that DC *didn't* forward requests to ISP's DNS servers. That might have root cause of all my problems - and I didn't have much time, since the users couldn't access Internet. I just gave up and went to more complex route. Any pointers to setting up **that**? – Felix Nov 17 '12 at 16:52
  • @felix - setting up what? DNS Forwarding? Have you looked at http://technet.microsoft.com/en-us/library/cc754941.aspx -- fwiw, tip for the future... if you're editing hosts files just to set up a basic network these days then you're either trying to do something *very* non-standard or you're doing something wrong... that's always time to step back and re-assess what's happening. – Rob Moir Nov 17 '12 at 16:54
  • I try to have as standard configuration as I can (it's my wife's business, and while they think I am computer genius, my IS experience was mainly on application development side). I know I am doing something wrong! That's why I am here, stepping back and reassessing :) One other point. The reason I set up the router to provide DHCP services was because some devices (both domain-member laptops and non-domain devices) are wireless, and I couldn't figure out how to set up two DHCP servers without conflict. So, even if I figure out DNS forwarding, wouldn't I need to also configure 2 DHCP servers? – Felix Nov 17 '12 at 17:20
  • To summarize - my initial plan was to get DHCP services (IP address) from the router, and DNS services (name resolution) from domain controller with DNS forwarding. Was that a bad idea to begin with? – Felix Nov 17 '12 at 17:32
  • You don't need DHCP on the router, you should only have one DHCP server on the network. Actually that's not quite true http://serverfault.com/questions/368512/can-i-have-multiple-dhcp-servers-on-one-network) but for what you're doing lets pretend it is. So you should only configure the router OR the server as DHCP. You've done this by choosing the router but putting DHCP on the server only does simplify things greatly imho. – Rob Moir Nov 17 '12 at 18:33
  • if I put DHCP on the server - how would wireless devices get on the network then? Anyway, let's put that aside for a moment; I went back to how I started (DHCP from the router, DNS from domain controller, DNS forwarding). Some nodes work perfectly; others don't resolve *any* names. Let me do more troubleshooting and describe in a separate comment. I think I am 80 per cent there, and with your kind advice I can get to 100% :) Thank you for your help! – Felix Nov 17 '12 at 19:19
  • The wireless and wired clients on your network are on *the same* network. Unless your router has specific settings to separate the two networks and you've turned those settings on, the wired and wireless network devices should be able to see one another fine... – Rob Moir Nov 17 '12 at 19:34
  • They are and they do! But if router doesn't act as DHCP server, how will wireless devices get IP assigned to them in the first place? Server doesn't have wireless interface. – Felix Nov 17 '12 at 19:45
  • The wireless devices will get DHCP addresses from the DHCP server... *Any* DHCP server. If you read the question / answer I linked to a few comments back, I explained there how DHCP actually works, and that might clear a few things up. – Rob Moir Nov 17 '12 at 20:00
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/6452/discussion-between-felix-and-robm) – Felix Nov 17 '12 at 20:02
2

This is a fairly simple issue to resolve. Disable the DHCP service on your router or enable the option to forward the DHCP calls to the AD server. In order to have name lookup work you really need to have two aspects enabled. This is a assuming that you already have a DNS server enabled in the AD (which is required for AD functionality) and it has all of the DNS forwarding setup correctly for DNS inquiries beyond your AD.

First you need to have all of the workstations requesting DHCP addresses get the address requests from a DHCP server which is part of the AD. The DHCP server once registered in the AD must be first trusted/authorized and then have the option enabled to dynamically update the DNS server as it registers DHCP leases. This will allow the DNS server to dynamically update the A records for your domain in DNS. You may want to enable the reverse registration as well as that will update the PRT records as well. Be sure to make sure you are appending the domain suffix to your hostname in your settings as well.

The second step is the easy step. You then must use your AD DNS server for all of your DNS queries. At least it must be the first of your name servers. You can technically have as many as you want. However the AD DNS server must be first. You ISP DNS servers I suppose could be the second entry if you need to have one.

In doing this you enable your workstations to lookup local domain hosts using just the NetBIOS address or the FQDN as the DNS server you are working against is dynamically registering the other workstations, printers and other AD assets as they claim DHCP leases. The dynamic registration is critical so as the DHCP lease expires and a new lease is issued, potentially changing the IP address of the workstation, the new information is updated in to the AD DNS entries.

Good luck.

VJC3
  • 21
  • 1
1

What I like to do is to set up DHCP in the wireless router for the wireless client hosts. I'll run two scopes, each unique to the LAN subnet and each in its own VLAN, one for a private wireless network and another for a guest wireless network. Then, in the router, I will route the private wireless network to the LAN subnet, and deny the guest wireless network to the LAN subnet, giving guest wireless users only internet access and no access to LAN/domain resources. This way the wireless networks are on separate segments of the network, giving me greater control over the traffic for security, prioritization, reporting, etc. I always run DHCP on a Windows domain on the Primary Domain Controller for the LAN, with auto-registering for DNS, as described.

This would create a situation where wireless hosts on the private wireless network would not register in domain DNS, but usually hosts on the LAN do not need to access PC hosts on the LAN with name-based resolution. Usually this is only needed for server resources, or printers or other hosts that require access by all LAN users/hosts.

John MCP
  • 11
  • 2