We had a security incident recently where we needed to rebuild the network. For the time being we are just putting things back the way they were until we have more time to come up with a better go forward plan.
We have many locations that do not have their own server infrastructure on site and use our main location for DNS. These remote sites are located in that same site per ADSaS. The VPN tunnels at these sites can only see our main location. We have other sites with DNS servers in them that the remote sites do not need to see.
When we go to a machine at set its DNS server and do lookups to our domain the query result is returning all our DNS servers in our organization. This includes servers it cannot see. After several passes of
ipconfig /release and
ipconfig /renew it finds the correct DNS server and we can move forward.
I turned on DNS Client logging on these machines and I can results like this...
Query response for name ourdomain.net, type 1, interface index 0 and network index 0 returned 0 with results 10.20.13.1;10.20.20.50;10.20.40.51;10.20.68.2;10.20.66.2;10.20.66.51;
and what happens is that the order of the results shifts after each release renew.
When I look at NS for our sites it looks correct. I am trying to keep the information lean as I do not know what would be useful to include and being too verbose will put off some people.
Why are the DNS clients being offered DNS server IPs that exist outside their site. Those are all valid DNS servers but not for all PCs. Some of those are relative to there own sites.