In
Lincoln De Kalb said:
We have a problem with DHCP clients receiving the wrong DNS suffix
and DNS server from somewhere else on the network segment. We are
merging with another company which have an NT4 domain. For some
reason the clients, every now and again, will pick up the other
companies DNS server even though it's DHCP server (the other company
doesn't use DHCP) stay's the same....odd I know but not the purpose
of this post...
I've forced the DNS suffix and server via a GPO and that seems to
have fixed the above issue, though it's broken something else now.
Users that go offsite or use their laptop at home can't connect to
their ISP because the GPO is overriding the DNS settings as shown by
nslookup searching for the home network as it's default DNS server.
Any idea's how I can get around this? As it is i've got 4 users
offsite now unable to work because I can't clear the GPO without them
being on the network....
Help!
The DNS Search Suffix (as I'm assuming what you're talking about) derives
it's suffix from the Primary DNS Suffix. That suffix is set when a 2000,
2003 or XP machine is joined to an AD domain. It will take on the AD
domain's DNS domain name as the suffix.
The Connection specific DNS Suffix is derived from Option 015 from DHCP, if
set, but will be blank and will use the Search Suffix for all adapters, but
if 015 is set, then that specific adapter will get that suffix.
As far as I can tell, whatever suffix is being received is based on the DHCP
server that gave it to it. If and when you believe the suffix is incorrect,
just run an ipconfig /all to find out which DHCP server gave it its
configuration. I believe they have a DHCP server running, whether they know
it or not, and that's what I believe is happening. So determine what DHCP
server is giving it.
As for remote VPN users, what brand VPN server are you using? What VPN
client software is used on the laptops? For instance, if using a PIX for
your VPN, then I would assume you are using a Cisco clients on a laptop.
Cisco clients as well as the SonicWall/Netscreen SecureNet (both use the
same client) are rock solid and this will not occur since the default
"adapter" is the VPN and therefore will ignore the default NIC's
configuration. In many VPN clients, there's an option to use the remote
gateway or the local gateway. How are the clients getting their DHCP
address?
As for DNS settings and GPOs, (for others out here wondering where that
setting is, it's at Comp Config\Admin Templates\Network\DNS Client\DNS
Servers), I wouldn't use that setting because of the implications, as you've
seen, especially with remote clients, but a VPN Client such as the Cisco
client, will not matter, at least it shouldn't. If it is getting the wrong
address initially, and the remote clients need to connect to the VPN server,
they can do it by IP and not by name. This way it doesn't matter what DNS
server is listed. Once they connect, and they have a fast connection, (above
the default threshold of 500kb), that DNS GPO setting will come across. If
you change it or remove it, then it should get the change. I assume your VPN
client is configured to connect via IP and not by name? That's the preferred
method actually, at least I've found less issues with it.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
