Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

DNS issue - DC in DMZ

DNS issue - DC in DMZ

DNS issue - DC in DMZ

I have 2x W2K8R2 RWDCs on the LAN ( and About 6mths ago I added an RODC in the DMZ ( All ~1000 Win7/8 devices have worked perfectly since. So have the ~2500 BYOD WiFi devices (iOS, Android, Win7/8, Chromebook) that authenticated to AD via a captive portal.

We've had many issues with Macs for a long time and we brought in a consultant to build a new Mac image and iron out all the issues. He's pointed out that they have intermittent issues when users try and logon and suspects it's an issue with DNS. He does a DNS lookup for domain.local and gets 3 resutls returned -, and Notice that it's .0 not .46. He suspects that is the issue as DNS roundrobin returns results in a different order on each attempt (as it should) and that would explain why the logon issue is intermittent. But......nslookup on Windows gives the same results. And ~2300 Win/BYOD devices have not had any issues for 6mths. It's only domain joined Macs that have a problem.

I had a look in DNS and found the following entries in the forward lookup zone for domain.local:
  • (same as parent folder) Host (A) 4/8/2014 2:00:00AM
  • (same as parent folder) Host (A) 4/8/2014 3:00:00AM
  • (same as parent folder) Host (A) static
  1. Why is the RODC a static entry when the others are dynamic?
  2. Why is the RODC a network address not a host address?
  3. Why is it only domain joined Mac devices that have issues? This is more for curiosity than anything. The fact that it's only Mac playing up doesn't surprise me as they've never played nicely on a Windows domain.
I could easily change the DNS entry for the RODC to the host address but that doesn't explain Q1 or Q2? I'd rather know why it's like this so I can address the root cause rather than trying to put a bandaid on it.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close