In Tom Rossi <
[email protected]> posted a question
Then Kevin replied below:
: QUESTION: If you have an XP workstation with multiple network
: adapters each with their own primary and secondary DNS's, which will
: the workstation query first? Is there a command that will show you
: the search order?
:
: IPCONFIG will show you what your workstation has for dns servers on
: each adapter, but not which will be queried first. NSLOOKUP appears
: to automatically connect to the first DNS in the search order, but I'm
: guessing.
:
: I thought this was a simple question, but I haven't been able to get
: an answer anywhere.
:
: Thanks!
It will try to use the adapter that is at the top of the binding order as
Deji said, but any DNS server you use should be able to answer any DNS
query.
That said, if you have two NICs on your Workstation, with one for your LAN
that is connected to an AD domain, the other for your internet connection,
both adapters need to have only the DNS for the AD domain. The reason is
that ONLY IT can resolve the AD domain, if the DNS for the AD domain is
configured properly, it will resolve any name on the internet anyway. Using
your ISP's DNS on any NIC, no matter what the NIC connects to is going to
give you problems and errors when trying to connect to your local resources.
Also, all NICs should not have a DNS suffix that does not match the name of
your AD domain if the machine is configured to register its addresses in
DNS.
Example: If you have an AD domain example.com and your ISP is example.net
and you set your NIC up as below:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : host
Primary DNS Suffix . . . . . . . : example.com<-----------AD Domain
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : example.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : example.net<----------ISP's
domain
Description . . . . . . . . . . . : Realtek RTL8139(A)-based PCI
Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.2
DNS Servers . . . . . . . . . . . : 192.168.0.2
If this NIC is configured to register in DNS, even though you have your
local AD DNS server only listed, it will try to register its host name in
your ISP's zone. Even if your DNS does not use your ISP's DNS as a
forwarder, your DNS will find the DNS server for example.net through
recursion and send the registration request to it.
When a machine is a domain member and it is configured to register its host
name in DNS NEVER put any domain name except a name that supports DDNS for
that name. This is especially true for domain controllers.
This gets even worse if you have your ISP's DNS listed for DNS on the NIC
because not only will it try to register it addresses in the ISP's zone, it
will also try to register its addresses in the zone for the public DNS zone
that hosts example.com. So you could be offending two DNS servers by trying
to register its addresses in them.
I hope my explanation is clear.