We are a small 300-seat organization with a mixed BYOD and Active Directory environment (Windows Server 2012 Standard, Windows 7 Enterprise), and we had a very strange problem related to very specific errors in the domain name resolution of our organization on our domain-managed machines managed by a company. For the purposes of this discussion, I use company.com instead of our domain name.
Background:
- The Active Directory domain controller is located at 172.16.1.3
- The AD / DC machine also runs DHCP, DNS, and HTTP (IIS).
- Our company.com and subdomain.company.com organization websites are hosted by IIS on an AD / DC machine
- We have a split-DNS scenario in which an AD / DC server is used for internal DNS resolution, but another server outside the server provides DNS resolution for public queries.
- The IP address corresponding to company.com and subdomain.company.com is the public IP address used by the firewall at the edge of our network (both the AD / DC DNS server and the off-site DNS server)
- The firewall is configured correctly for NAT to send HTTP and HTTPS requests that it receives from the public IP address to the internal IP address of the AD / DC server and reflects
Scenario 1:
- A user on a Windows 7 Enterprise machine connected to a domain connects directly to our local network with the local address 172.16.6.100/16 issued by the DHCP server.
- DNS- DHCP (172.16.1.3)
- -, company.com subdomain.company.com.
- : nslookup DNS DNS- (172.16.1.3)
2:
- , Windows 7 Enterprise, -
- IP DNS- DHCP
- -, google.com
- - company.com subdomain.company.com ( "host not resolved" )
- nslookup company.com, DO IP-, DNS
- HTTP/HTTPS IP- -
- -
- tracert company.com " "
- ping company.com " host company.com"
- Wireshark / ( DNS HTTP/ping/tracert)
- DNS- .
- DNS- .
- ipconfig/flushdns .
- route/f .
- netsh int ip reset .
- : nslookup DNS DNS-, DHCP , .
3:
- ( ) Windows 7 Professional - company.com subdomain.company.com,
- : nslookup DNS DNS- (172.16.1.3)
4:
- ( ) Windows 7 Professional - company.com subdomain.company.com, .
- Edit:nslookup DNS DNS-, DHCP , .
:
, , , . , . - , .