What are some likely causes to domain member PC losing contact to domain controller?

Several of our client Windows 10 client PC suddenly lost their connection to mapped drives against shared folders located on a domain controller (DC) called SBS2011 running Windows SBS Server.

I have verified that the DC can be ping (via IP & host names) from the client PC & vice versa.

NSlookup shows it cannot resolve the SBS2011 DC since :

PS C:\Users\Admin> nslookup sbs2011 Server: UnKnown Address: 10.1.1.2

*** UnKnown can't find sbs2011: Non-existent domain

So it looks like a DNS issue to me.

Could having external DNS servers (eg. OpenDNS servers) in the DNS Scope Options (see attached) cause client PC issues in resolving IP of their local DC server ?

My initial thinking is that since the client PCs are being handed (via DHCP) DNS server settings that point to both the DC & the internet OpenDNS servers - that this would lead to the client PC trying to resolve internal name of the DC by heading out into the internet.

IPConfig /all on a client PC will show:

DHCP Enabled: Yes

IPv4 Address: 10.1.1.73(Preferred)

Subnet Mask: 255.0.0.0

Default Gateway: 10.1.1.1

DHCP Server : 10.1.1.2

DNS Servers : 10.1.1.2 | 208.67.222.222 | 208.67.220.220

enter image description here

An experienced system administrator's advice below made me think that this may be the cause :

[99.999% of the time it is an improper configuration on your network card settings, pointing to a dns server out on the web and not the dc as your dns server. also your server can only be the dns, there cannot be any internet dns servers setup on your nic cards of both the server and the workstations. the server needs to point to itself, and the workstations need to point to the server for all dns resolution. the dns service on the server will determine where to send the clients/server when it does a look up ]


The best method is to set the DNS to just the DC in the clients, and to set your DNS fowarder with the public’s one.

The way DNS work is not at 100% like you wrote, as the PC will use its first DNS resolver for all query, if the DNS don’t answer, because the server is off or other reasons, the PC switch to the other DNS server listed and will stick to it, and will use that one unless it fail too.

So as you can guess if the PC use the public DNS, all your domain query will fail as unknown, but the PC don’t try on the other DNS, as it got an answer, an unknown answer, but he got one.