What are some likely causes to domain member PC losing contact to domain controller?

windows domain-name-system

Several of our client Windows 10 client PC suddenly lost their connection to mapped drives against shared folders located on a domain controller (DC) called SBS2011 running Windows SBS Server.

I have verified that the DC can be ping (via IP & host names) from the client PC & vice versa.

NSlookup shows it cannot resolve the SBS2011 DC since :

PS C:\Users\Admin> nslookup sbs2011 Server: UnKnown Address: 10.1.1.2

*** UnKnown can't find sbs2011: Non-existent domain

So it looks like a DNS issue to me.

Could having external DNS servers (eg. OpenDNS servers) in the DNS Scope Options (see attached) cause client PC issues in resolving IP of their local DC server ?

My initial thinking is that since the client PCs are being handed (via DHCP) DNS server settings that point to both the DC & the internet OpenDNS servers - that this would lead to the client PC trying to resolve internal name of the DC by heading out into the internet.

IPConfig /all on a client PC will show:

DHCP Enabled: Yes

IPv4 Address: 10.1.1.73(Preferred)

Subnet Mask: 255.0.0.0

Default Gateway: 10.1.1.1

DHCP Server : 10.1.1.2

DNS Servers : 10.1.1.2 | 208.67.222.222 | 208.67.220.220

enter image description here

An experienced system administrator's advice below made me think that this may be the cause :

[99.999% of the time it is an improper configuration on your network card settings, pointing to a dns server out on the web and not the dc as your dns server. also your server can only be the dns, there cannot be any internet dns servers setup on your nic cards of both the server and the workstations. the server needs to point to itself, and the workstations need to point to the server for all dns resolution. the dns service on the server will determine where to send the clients/server when it does a look up ]


The best method is to set the DNS to just the DC in the clients, and to set your DNS fowarder with the public’s one.

The way DNS work is not at 100% like you wrote, as the PC will use its first DNS resolver for all query, if the DNS don’t answer, because the server is off or other reasons, the PC switch to the other DNS server listed and will stick to it, and will use that one unless it fail too.

So as you can guess if the PC use the public DNS, all your domain query will fail as unknown, but the PC don’t try on the other DNS, as it got an answer, an unknown answer, but he got one.

Related

SNI for a SMTP server
Set required attribute on Html.Textbox
DbContext AutoDetectChangesEnabled set to false detecting changes
Remove line through marker in matplotlib legend
Log4J2 property substitution - default
proguardRelease FAILED when compiling apk with assembleRelease in Android Studio
How can I delete a user in linux when the system says its currently used in a process [closed]
What is the correct way to obtain (-1)^n?
NameError: name 'get_ipython' is not defined
How do you define constants in Elixir modules?
%matplotlib line magic causes SyntaxError in Python script
Detect when input value changed in directive