+ Post New Thread
Results 1 to 9 of 9
Windows Server 2000/2003 Thread, DNS Resolution fails for non-domain joined machines in Technical; Hello all, I am experiencing a weird issue with 2003 DNS. (DISCLAIMER: I know very little about DNS). - I ...
  1. #1

    Join Date
    Sep 2009
    Posts
    36
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    11

    DNS Resolution fails for non-domain joined machines

    Hello all,

    I am experiencing a weird issue with 2003 DNS. (DISCLAIMER: I know very little about DNS).

    - I am unable to resolve any of my servers on clients that are not joined to the domain.
    - I can ping my DNS/DC via name, but any other hosts (e.g. servers) fail unless by ip address.

    - NSLOOKUPs fail to resolve ANY names. I cant even resolve the name of the DNS server itself:
    *** Can't find the server name for address 10.x.x.x: Non-existent domain
    (Then attempts to use master DNS server at council datacenter and fails to resolve)

    - Performing the same on a doimain joined machine:
    *** Can't find the server name for address 10.x.x.x: Non-existent domain
    (But attempt to resolve by master DNS succeeds)

    - NSLOOKUP non-domain joined forcing query against my dns:
    *** Can't find the server name for address 10.x.x.x: Non-existent domain
    Fails to resolve

    - NSLOOKUP as above, on domain joined:
    *** Can't find the server name for address 10.x.x.x: Non-existent domain
    Resolves the name correctly.


    Now I have had a good look on the dns server. All looks ok, nothing in the logs of any interest. Entries for relevant servers exist. This is a new job which I have picked up the existing infrastructure.

    Any help would be most greatfully appreciated.

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,706
    Thank Post
    354
    Thanked 807 Times in 722 Posts
    Rep Power
    348
    Check what your DHCP server domain is on the non domain joined client and see if that matches.

    Could be that your DHCP is passing out bob.com and when you need internallan.internal so the items you're looking up are being looked up as item.bob.com instead of item.internallan.internal

  3. #3

    Join Date
    Sep 2009
    Posts
    36
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Stupid question ... :-) How do I check this ?

    If you mean in address leases, name = computername.correctdomain.

  4. #4
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,365
    Thank Post
    66
    Thanked 178 Times in 150 Posts
    Rep Power
    61
    Quote Originally Posted by vladker View Post
    Stupid question ... :-) How do I check this ?

    If you mean in address leases, name = computername.correctdomain.
    Basically if your servers netbios name is SERVER1

    Its DNS name will be SERVER1.domain.suffix like SERVER1.contoso.lan or similar.

    Test by pinging those names in your non domain joined machines

  5. #5

    Join Date
    Sep 2009
    Posts
    36
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Thanks,

    OK, I am able to ping my servers using SERVER1.domain.suffix on non-joined machine.

    I also tried an NSLOOKUP using the same. Interestingly, the name was resolved by the master DNS server, but my DNS server still refuses to resolve it !?

  6. #6
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,365
    Thank Post
    66
    Thanked 178 Times in 150 Posts
    Rep Power
    61
    Can be because your DNS servers only respond to domain clients?

    See if anonomous logon is added to the security permissions of your forward lookup zone

  7. #7

    Join Date
    Sep 2009
    Posts
    36
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    I have applied "Anonomous Logon" to the forward lookup, and I have checked that the permission has propogated onto the particular record that I am looking to resolve. Unfortunately, this appears to have had no affect :-) I assume I don't need to restart the service etc ?

  8. #8
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,365
    Thank Post
    66
    Thanked 178 Times in 150 Posts
    Rep Power
    61
    You would still need to resolve the fullname plus domain suffix even after you have allowed anon logon readonly on the zone

  9. #9

    Join Date
    Nov 2013
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'm sure you figured this out by now, but just in case not. In DHCP, go to the top of your scope and right click it. Go to PROPERTIES, then click the NETWORK ACCESS PROTECTION TAB. Make sure it's disabled. This will allow non domain computers to authenticate through to your DNS server.



SHARE:
+ Post New Thread

Similar Threads

  1. Outlook Anywhere for Non-Domain Client
    By yowhel in forum Windows
    Replies: 6
    Last Post: 6th August 2011, 02:13 AM
  2. Authenticating Non domain machines on a RADIUS wireless system using IAS.
    By maniac in forum Network and Classroom Management
    Replies: 5
    Last Post: 12th May 2011, 12:46 AM
  3. DHCP not updating DNS server for non windows machine ?
    By albertwt in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 22nd November 2010, 02:47 PM
  4. Replies: 11
    Last Post: 10th February 2010, 01:48 PM
  5. Restrict Access for Non-Domain Users
    By jag2050 in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 1st October 2009, 12:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •