Short story:
I need to fully integrate Window’s Server 2012R2 ADDS DNS with Linux DNS to keep my our domain available all the time with the domain connected devices network setting set to automatic. One Linux DNS box also serves the DHCP info. For more clarification read the long story.
Long Story:
We are set up sort of odd. My organization is network is somewhat disjointed. All the sub organizations have their own in house LAN that connects to the main organizations WAN then to the outside world. When I started at this organization they were on a workgroup and had no current IT staff, previous staff retired or quit after a major facility move. My co-worker and I have done a lot to include implementation a domain structure within our LAN. The problem is the main organizational structure controls our outside connection and our DHCP and DNS services. We built our Domain with 3 DCs to include ADDS DNS servers. Originally we performed DNS forwarding to the Main organizational DNS servers but they relented and allowed us to perform zone transfers with 3 of the DNS servers but not the DHCP/DNS Linux Server that was physically in our building.
What we recently discovered was that if we leave all devices network settings on automatic for both DHCP and DNS we cannot add the device to the domain unless we specify a DC as one of the devices DNS servers. I would have sworn this method worked before we retired an older DC that was the primary DC. We transferred al FSMO roles to the new physical DC. We have 2 physical and one Virtual. Everything was operational DNS was zone transferring with the outside DNS AD was happy. We demoted and removed the old DC from the domain then shut it down. After doing some research I discovered the Linux DNS boxes are not resolving _ldap._tcp.dc._msdcs.domainname requests.
Now my understanding is that these request requests are not being resolved because the Linux DNS services boxes are not running any directory services. Is there something I can do on our side besides running a script to alter all of our devices DNS settings to include mobile devices to ensure our domain is always available to the user base. If not what exactly is it I need from our upper WAN folks to enable on the services boxes to ensure the domain is always available to our end users while leaving the devices network settings to automatic. We actually experienced a WAN outage a few months back that brought this issue to light. Users were not able to log on to our domain until we adjusted the devices DNS entries to point to our DC's as the WAN experienced an internet router outage and then the main DNS server between the WAN's internal and external connections melted down as well. I got a partial fix from them but not the one I wanted, but the main issue is still there; New devices cannot connect to domain using network auto settings and current ones will experience issues next time we have a major WAN DNS issue.
I was hoping the main organization would see the error in their ways now that they are implementing a domain across the remaining organizations. But they are not fully grasping my concerns for the next major outage. I already have a PowerShell script to set DNS entries across the domain connected devices but segregating the mobile devices and servers from normally desktops is a pain and then you have to go back and visit all the devices not on when the script is ran and or not physically present. Lots of headache and time to keep the 3 different lists current and not to mention the grumbling when the mobile device does not work right away from the office because it did not get the correct DNS entries.