Share via

One of the domain controllers is on an isolated network. How to exclude requests from a user's PC to a DNS server located in an isolated network.

Starkeevich Sergey 1 Reputation point
2021-07-01T08:52:48.98+00:00

One of the domain controllers is on an isolated network. How to exclude requests from a user's PC to a DNS server located in an isolated network.

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing

12 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-07-05T07:25:09.953+00:00

    Hi,
    Based on my understanding, the result of the command :nslookup yourdomain.local will list all the DCs those have DNS records on the dns server the clients contacting to.
    For example, siteA has the client 1 and DC 1. DC1 acts as DNS server at the same time.
    When run command on client 1, client will query the records from DC1. DC 1 will send back all the ip address of DCs it has no matter the clients can contact other DCs or not.
    111718-754.jpg

    The result doesn't mean that the clients will use all the DCs for DNS resolution.
    If you want to know the DNS server of the clients, you can use the command: ipconfig /all.

    Best Regards,

    0 comments
  2. Anonymous
    2021-07-02T13:23:33.43+00:00

    Ok, thanks for the detail, that technically isn't isolated. The dc locator should sort this for the member.
    https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  3. Starkeevich Sergey 1 Reputation point
    2021-07-02T07:31:38.303+00:00

    Imagine 5 controllers, one in 5 cities, the networks are isolated from each other by the vlan. The user does not have access to a controller from another city. The domains themselves are available to each other over the network.
    But if you run the command nslookup yourdomain.local, you will see a list of all domains randomly selected by the computer.

    0 comments
  4. Anonymous
    2021-07-01T23:36:03.2+00:00

    Hi,
    Welcome to ask here!
    It will be helpful if you can help confirm the following questions.
    How many DCs do you have in your domain?
    Was the DC a good one which is working or a problematic DC?

    Did you set the DC in an isolated network for security reason or other purpose?
    If you cut off the DC network purposefully, then I think there may be no way to perform DNS resolution. Because the user cannot find the DNS server.

    If this DC becomes an isolated network due to a failure, we need to let the client maintain a smooth network connection with the DC.
    Please let me know if I misunderstood you.

    Best Regards,

    0 comments
  5. Anonymous
    2021-07-01T12:02:32.553+00:00

    Generally don't let the DHCP server hand out that address. Also if the isolation is intended to be permanent you can perform some cleanup to remove from the directory.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.