question

LutzRahe-8474 avatar image
0 Votes"
LutzRahe-8474 asked ·

DNS Stub Zone (VMs in Azure)

Hi everyone

I have a question:

We have a huge Active Directory forest (company.local.com) on premise. And also 2 additional Domain Controllers in Azure as part of this (DC-AZ1.company.local.com and DC-AZ2.company.local.com) Both of these 2 DC have the DNS role installed (Active Directory integration). The FSMO role holder DC-A is located on-premise. Also more than 10 other DCs in other on-premise locations

As a part of security restrictions, the DC are NOT allowed to go to the internet, that means for resolving Azure services (e.g. SQL managed databases) these DNS servers could not resolve this. Using a conditional forwarder for these DCs are not allowed too.

To relove this, we have installed 2x "standalone" DNS servers with a Stub Zone. These 2 DNS1 and DNS2 load their Zone information from DC-AZ1.company.local.com and DC-AZ2.company.local.com. Name resolution (nslookup) for servers in the company.local.com domain is not a problem. Also these 2 servers are allowed to go Internet. So they can finde the Azure services (e.g. the SQL managed database) as well.

We have pointed the DNS settings for our VMs in Azure to these 2 DNS servers.

Question 1:

What is now the exact way, when a new server wants to join the domain. Where is he sending the request, where the DNS record is created?

What I think is: (1. Domain join request to DNS1, 2.) Answer with correct Nameserver 3.) Domain join sent to correct Nameserver 4.) After approved, DNS entry ceated 5.) DNS entriy repicated using Active Directory to all other DNS servers)

Or?????

Question 2:

We have in 50% that during the domain join (which takes a long time), we will get an error "that the network name company.local.com isnt available anymore. Sometimes a second try works, sometimes not. (in case of "not working", we are changing the DNS settings from Stub Zone DNS server to AD DNS server (in Azure), then the domain join process will work. After joining, we change back to the Stub Zone DNS server)

Is this a "runtime" problem? Or what can be the reason for this?

Would be very helpful, to clear this DNS miracle a bit

Thank you

Lutz

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
0 Votes"
LeonLaude answered ·

Hi,

Q&A currently supports the products listed over here https://docs.microsoft.com/en-us/answers/products (more to be added later on).

You can reach out to the experts in the dedicated "Windows Server - DNS" forum over here:
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserveripamdhcpdns

(Please don't forget to accept helpful replies as answer)

Best regards,
Leon


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LutzRahe-8474 avatar image
0 Votes"
LutzRahe-8474 answered ·

Hi Leon,

Thank you for your answer.
Funny fact is....I have tried in your recommended forum before...and a MS member (Candy LuoWicresoft(MSFT CSG)) has sent me to this forum :-)

Best,
Lutz

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'd say it's more appropriate in the MSDN forum, unless you're using Azure Active Directory (Azure AD) or Azure DNS, then you can post in their respective forums.


0 Votes 0 ·