Problem when trying to change to a different DNS source for Active Directory

domain-name-system domain-controller windows-server-2003

Solution 1:

Active Directory is entirely dependent on DNS to function properly. You should only be using AD DNS servers. You should change this back ASAP.

If you really wanted to offload this to another server, you'd have to mirror the _mcsds zone that's in your AD DNS server as well as all of the records for each server that hosts resources in your domain. This is still a very bad idea. DNS doesn't have a massive overheard, there's no reason to offload it.

Not to sound like a jerk, but this is very basic knowledge. You should start poking around technet and read everything that you can.

Solution 2:

Active Directory relies heavily on DNS for its internal working, not only for mapping hostnames to IP addresses, but for a lot of domain functions, like finding a domain controller. Every AD domain corresponds to a DNS zone, and every computer in the domain needs to use DNS servers that fully know what is inside this zone; this is usually automatically configured on domain controllers which also host the DNS service (the first DC in a domain is also by default a DNS server).

In short, yes, you really should point all computers back to your DC, or the domain will not work correctly. If you want to resolve external names (i.e. Internet names) using other DNS servers, you can configure them as forwarders on your DC; but each and every domain-joined computer, including the domain controller itself, should use it and only it as its DNS server.

Lots and lots of information here.

Solution 3:

Windows looks for Domain Controllers by querying for a DNS SRV record. When you pointed your primary DNS to your router, I'm willing to bet these records never got created - that's probably why new computers can't locate a Domain Controller. That aside, your Domain Controllers should always be your primary DNS servers - Active Directory relies heavily on DNS and you've probably got more things breaking that you don't even realise.

From How Domain Controllers Are Located in Windows XP (but relevant to all versions of Windows really):

When a client logs on or joins the network, the client must be able to locate a domain controller. The client sends a DNS Lookup query to DNS to find domain controllers, preferably in the client's own subnet. Therefore, clients find a domain controller by querying DNS for a record of the form LDAP._TCP.dc._msdcs.domainname

The bottom line is: Change DNS back to your Domain Controllers ASAP.

Solution 4:

As MarkM stated in his answer, the DC and all AD joined computers should point to the DC\DNS server for DNS.

If you have a problem with the stability of the DC then the solution is to fix the DC, not to change the DNS settings.

Solution 5:

Your domain controller does not need to be a DNS server however the DNS records that were stored on your microsoft DNS server have to be in place regardless of the dns server platform. If you were to replicate the dns over to the router (which is likely not a real DNS server) things would be fine provided clients could register with it. As other have stated put it back until you have a better idea of what is required for DNS to support active directory

Related

Is it Debian really more stable for servers than Ubuntu LTS? [closed]
OpenSSH server Authentication refused
Running script in Crontab every 3 days once
Why are Unix applications documented with an number in parenthesis with man?
What if I store 10TB on azure servers and then keep the vm powered off?
Using Crontab to tar a directory at a regular interval
Basic wiki engine to a personal site
To restart a service (e.g httpd), should I use /etc/init.d httpd restart or /sbin/service httpd restart?
Recover an SSH private key?
Is it worth hiring a hacker to perform some penetration testing on my servers? [closed]
Is it possible or advisable to virtualize a PBX system? How would one go about this?
Setting up Postgres: Can't connect remotely to Postgres server