Resolve DNS suffix points to wrong Active Directory Server

Question

We have a Head Office plus 2x Branch Offices and a number of remote sites. The Head Office has 2x RWDC and each branch office has a RWDC. The remote sites have RODCs and all VPN back to the Head Office. The remote sites do not have access through to the Branch offices. In Site & Services, we have HO + Branch1 + Branch2 + Site1...

The HO + Branch1 have a Site Link, HO + Branch2 have a site link, HO + Site1... all have individual site links. There are Site Link Bridges between each Site1... and Branch1 and Branch2.

Sometimes when pinging domain.local from a workstation, it will resolve to a Domain controller that is at a different location. eg. From a W/S in Head Office ping domain.local & it resolves to the IP address of the domain controller in a Branch office. The main issue that I have is when a site W/S tries to get group policy update, it resolves domain.local to a Branch office IP address, which they do not have access too.

Question is, how do I get

• Site W/S resolve to the local RODC first & then the Head Office DC
• Branch Office W/S to resolve to the local Branch RWDC first & then Head Office DC
• Head Office W/S to resolve to the local Head Office RWDC first & then a Branch Office DC

Answer 1

Hello,

 

Thank you for posting in Q&A forum.

To achieve this purpose, please kindly follow below steps:

1.Make sure all DNS servers set themselves as the primary DNS server and another DC in same site as secdonary DNS server.

2.Make sure all DNS Suffix are added in order in the list.

3.Clear DNS cache and make sure it always points to the correct DNS Server for name resolution.

 

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

 

Best regards，

Jill Zhou

 

---

If the Answer is helpful, please click "Accept Answer" and upvote it.