One of the domain controllers is on an isolated network. How to exclude requests from a user's PC to a DNS server located in an isolated network.

Starkeevich Sergey 1 Reputation point
2021-07-01T08:52:48.98+00:00

One of the domain controllers is on an isolated network. How to exclude requests from a user's PC to a DNS server located in an isolated network.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions

12 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-07-01T12:02:32.553+00:00

    Generally don't let the DHCP server hand out that address. Also if the isolation is intended to be permanent you can perform some cleanup to remove from the directory.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-07-01T23:36:03.2+00:00

    Hi,
    Welcome to ask here!
    It will be helpful if you can help confirm the following questions.
    How many DCs do you have in your domain?
    Was the DC a good one which is working or a problematic DC?

    Did you set the DC in an isolated network for security reason or other purpose?
    If you cut off the DC network purposefully, then I think there may be no way to perform DNS resolution. Because the user cannot find the DNS server.

    If this DC becomes an isolated network due to a failure, we need to let the client maintain a smooth network connection with the DC.
    Please let me know if I misunderstood you.

    Best Regards,

    0 comments
  3. Starkeevich Sergey 1 Reputation point
    2021-07-02T07:31:38.303+00:00

    Imagine 5 controllers, one in 5 cities, the networks are isolated from each other by the vlan. The user does not have access to a controller from another city. The domains themselves are available to each other over the network.
    But if you run the command nslookup yourdomain.local, you will see a list of all domains randomly selected by the computer.

    0 comments
  4. Dave Patrick 426.1K Reputation points MVP
    2021-07-02T13:23:33.43+00:00

    Ok, thanks for the detail, that technically isn't isolated. The dc locator should sort this for the member.
    https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  5. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-07-05T07:25:09.953+00:00

    Hi,
    Based on my understanding, the result of the command :nslookup yourdomain.local will list all the DCs those have DNS records on the dns server the clients contacting to.
    For example, siteA has the client 1 and DC 1. DC1 acts as DNS server at the same time.
    When run command on client 1, client will query the records from DC1. DC 1 will send back all the ip address of DCs it has no matter the clients can contact other DCs or not.
    111718-754.jpg

    The result doesn't mean that the clients will use all the DCs for DNS resolution.
    If you want to know the DNS server of the clients, you can use the command: ipconfig /all.

    Best Regards,

    0 comments