Hello all,
I recently walked into a network and system architecture that has had many hands on it. As it stands now this single forest, single domain exists of one primary user location (which we will refer to as dc1) and two in colos (dc2 and dc3). We also have a Meraki network which spans several networks including these. What seems odd, is that I occasionally have dns issues with random devices. The domain company.local uses Office365 for company.com. Users have been set to belong to company.com yet are part of the company.local directory structure. Upon examining an nslookup I cannot seem to resolve myself from dc1 when I attempt to resolve any queries. My ipconfig output looks like the following (mac omitted):
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (3) I218-LM
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c4d3:efec:fc2a:f8ae%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.2.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Friday, May 29, 2015 12:00:31 PM
Lease Expires . . . . . . . . . . : Saturday, May 30, 2015 12:00:30 PM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.0.1
DHCPv6 IAID . . . . . . . . . . . : 238347991
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-DE-C1-6D-34-E6-D7-68-15-E3
DNS Servers . . . . . . . . . . . : 10.99.0.5
8.8.8.8
10.99.0.6
4.2.2.2
10.1.0.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Upon using nslookup from this client I receive:
C:\>nslookup microsoft.com
Server: UnKnown
Address: 10.99.0.5
Non-authoritative answer:
Name: microsoft.com
Addresses: 134.170.188.221
134.170.185.46
C:\>nslookup company.local
Server: UnKnown
Address: 10.99.0.5
Name: company.local
Addresses: 10.0.0.245
10.99.0.5
10.99.0.6
10.1.0.254
It appears this client is getting DNS requests from 10.99.0.5 which is dc2 in the colo. When doing DNS monitoring requests, dc2 will pass both simple and recursive. It has name servers which also list dc1 and dc3. However, when I access dc1 and check simple and recursive (which is where my client is) these seem to fail. The ipconfig and nslookup from dc1 are below:
Windows IP Configuration
Host Name . . . . . . . . . . . . : AAA-AAA-DC1
Primary Dns Suffix . . . . . . . : Company.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Company.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I350 Gigabit Network Connection #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.254(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.1.0.1
DNS Servers . . . . . . . . . . . : 10.99.0.5
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
**************************************
PS C:\> nslookup microsoft.com
Server: UnKnown
Address: 10.99.0.5
Non-authoritative answer:
Name: microsoft.com
Addresses: 134.170.185.46
134.170.188.221
PS C:\> nslookup company.local
Server: UnKnown
Address: 10.99.0.5
Name: company.local
Addresses: 10.1.0.254
10.99.0.5
10.99.0.6
10.0.0.245
PS C:\> nslookup aaa-bbb-dc2
Server: UnKnown
Address: 10.99.0.5
Name: aaa-bbb-dc2.Company.local
Address: 10.99.0.5
PS C:\> nslookup aaa-aaa-dc1
Server: UnKnown
Address: 10.99.0.5
Name: aaa-aaa-dc1.Company.local
Address: 10.1.0.254
Lastly, the additional DNS servers provided to clients seem to have the forward DNS entries leased from the Meraki. I presume this to be in existence for guests on the wireless networks perhaps. Any thoughts on why this one server, dc1 fails these tests but yet dc2 and dc3 do not?
Thanks and any input is appreciated.