Hello there. I've got a strange situation with DNS that I hope you smart people can help with. We had a crisis where an Exchange server was having issues and had to be moved to a different security zone, etc. I'm doing some root cause analysis and can replicate the issue with a test machine. Hoping to figure out why this is happening so I can avoid this in the future.
Okay I've got a primary site and a branch office site, connected by ipsec VPN. Primary site has two DCs and branch has one. The primary site has a number of DMZ security zones represented by different subnets, VLANs, etc. At the primary site I've got a security zone for mail, which is also a subnet listed in Sites and Services. Machines here point back to the two DCs at that location (but in a different zone) for DNS servers. I allow that traffic on my firewall.
If I create a new server from scratch, give it an IP in the mail zone, and reboot it a few times, it will eventually not boot up. When this happens, if I hard-boot it and remove the virtual NIC, it boots fine. I reset the IP stack and reboot, re-assign it's IP address, flush DNS, and ping my domain. This is where the problem is! It's resolving the domain back to the DC at a branch office. I don't maintain any "MS Happy" firewall rules from the mail zone the branch office DC because I wouldn't think that's necessary.
It can't ping the remote DC and thus GPO is getting stuck. At least that's what user environment logging is showing when I turn it up.
In sites and services we have an entry for this subnet. It's site code is set to the primary site. Why would a machine on this subnet resolve the "ping mydomain.local" command to a DNS server that's not associated with this site code?
If I run nslookup mydomain.local I see my primary site's DNS server and it's address, and below I see the domain name and the 3 DCs, including the one for the remote site.
How do I keep DNS happy in this DMZ zone for mail, without having it resolve the domain to a branch office DC?
Thanks in advance for your help!
Joe