Unable to Resolve DNS Queries from RODC

Question

Unable to Resolve DNS Queries from RODC

Himanshu Dwivedi 40

I have setup a new domain RWDC with name test.com and added one RODC in same domain.

Added one computer - Assigned Computer the domain IP, in primary DNS(RWDC) and Alternate DNS(RODC), and successfully joined to the domain.

Issue : When RWDC is online if I ping test.com it successfully pings RWDC IP, but in case of RWDC is office, I am getting request timeout. Normally it should ping RODC IP.

I want to know is it a normal behavior or some changes needed?

Answer 1

Dave Patrick 353.3K MVP

No, not normal. Pinging the domain name results in one DNS server answering. There is no option to control which one reacts. Could be some routing or firewall issues between source and destination. I'd check the ports are flowing between networks and that the new DNS server is operational (event logs may provide clues)

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions

--please don't forget to upvote and Accept as answer if the reply is helpful--

Himanshu Dwivedi 40 Reputation points

2023-05-20T13:18:28.5866667+00:00

Thanks for your response, but both the the domain Controller are in different subnet with different broadcast domain, however both the domain controller are able to reach each other and the System which is joined in domain able to reach both the Controllers.
Dave Patrick 353.3K Reputation points MVP

2023-05-20T13:23:47.46+00:00

Ok, sounds good then.
Himanshu Dwivedi 40 Reputation points

2023-05-20T13:27:05.93+00:00

Then what might be the issue, when RWDC is up then the domain name pings well, but as soon as I power down the RWDC, it shows RTO, normally RODC should take over.
Dave Patrick 353.3K Reputation points MVP

2023-05-20T13:29:41.7566667+00:00

Then what might be the issue

Routing, firewalls, or possibly the DNS server is not operational.
Dave Patrick 353.3K Reputation points MVP

2023-05-20T17:35:08.9233333+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Himanshu Dwivedi 40 Reputation points

2023-05-20T18:30:41.23+00:00

Not getting what is the exact issue, tried Removing RODC & DNS and again installing the roles, everything installed properly without any error. But one thing I observed, I tried to configure Second Domain Controller as RWDC then everything works perfectly. Not sure where is the issue

Answer 2

Dave Patrick 353.3K MVP

Maybe you missed a step?

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc742490(v=ws.10)?redirectedfrom=MSDN#to-enlist-a-dns-server-in-a-dns-application-directory-partition

--please don't forget to upvote and Accept as answer if the reply is helpful--

Dave Patrick 353.3K Reputation points MVP

2023-05-22T12:22:34.2966667+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 3

Hi @Himanshu Dwivedi

When you ping the domain name , one of domain controller can respond.

By default ,behind the domain name, there are the IP of domain controllers to ensure the high availability using DNS round robin mechanism.

Run the following command,to display the list of domain controller can be contacted when you try to ping the domain name test.com , :

neslookup
test.com

If the IP of RODC doesn't exist , so it's normal behavior.

If the nslookup displays the both IPs ( RODC and RWDC) , It should be a normal behavior,because Round Robin mechanism doesn't switch automatically without restarting the computer you are using to ping test.com after the power down of RWDC.

Please don't forget to mark helpful answer as accepted

Unable to Resolve DNS Queries from RODC

3 answers

Activity