Network practice: Don't ignore DNS settings when establishing a domain controller

xiaoxin

Network practice: Don't ignore DNS settings when establishing a domain controller [Copy link]

The domain controller is the core of the company's network management. Its failure often leads to the failure of the login of all users' computers in the network. However, when setting up the domain controller, people often ignore the setting of DNS, which causes frequent DNS failures in the domain. Do you know the importance of DNS? What consequences will be caused if the DNS setting goes wrong? The author is responsible for the maintenance of the company's servers. Recently, he encountered a sudden DNS-related server failure in actual work.

　　Failure phenomenon

　　The company is not very large, with about 50 computers and purchased two IBM servers. Because a certain application software used internally requires the support of Windows domain, the Windows 2000 Server domain is enabled on these two IBM servers. One is used as the domain controller DC, and the other is set as the backup domain controller BDC.
　　Since the backup domain controller mainly plays an auxiliary role in the management domain, basically no modification or operation is done after the configuration is completed. However, recently, the primary domain controller DC server cannot log in to the system desktop. Every time the domain controller is started, it stays on the login interface (that is, the interface before the administrator account and password are required to operate). The login information below shows "Connecting to the network". After waiting for nearly an hour, there is still no progress. Restart the server and press F8 to enter safe mode normally. However, the above problem will occur as soon as it enters normal mode.

　　Troubleshooting

　　Since the system login always stays at "Connecting to the network", the author suspects that there is a problem with the network, such as the primary domain controller cannot resolve itself through DNS. The author tried to enter safe mode to disable the network card, so that the system will not search the network or try to connect to the network. Sure enough, after disabling the network card, the system can enter the desktop normally. However,
　　disabling the network card is not a cure. Although the server can log in to the desktop, other clients cannot use the services provided. Why can I log in without a network card? The author once again focused the troubleshooting ideas on domain name resolution. It is well known that in a domain-enabled network, the domain name resolved by DNS corresponds to the computer one by one. Any computer that does not retain the correct DNS corresponding name on the primary domain controller will not be able to use the network.
　　The author checked the configuration of the DNS service on the primary domain controller and found that the DNS address of the primary domain controller was set to the IP address of the backup domain controller. It seems that there is a problem with the DNS resolution on the backup domain controller. I immediately went to the backup domain controller for inspection. It turned out that the connection between the network cable and the network card interface on the backup domain controller was loose, which means that the backup domain controller was actually disconnected from the entire network. After plugging the network cable on the backup domain controller tightly, the system can be normally entered when the network card on the primary domain controller is started, and the fault is eliminated.

　　Advanced thinking

　　This fault seems to be caused by the loose network cable on the backup domain controller. In fact, it is the result of a configuration problem when we established the domain because we ignored the configuration of DNS. When establishing a domain, it is best to configure DNS according to the following rules.
　　1. Install the DNS service on both the DC and the BDC, instead of enabling it on only one server, to prevent DNS resolution errors and provide redundancy for DNS resolution.
　　2. Set the local DNS server of the DC to its own IP address, and the local DNS server of the BDC is also set to its own IP address.
　　3. The DC auxiliary DNS server address should be set to the address of the BDC, and the corresponding auxiliary DNS server address on the BDC should be set to the IP address of the DC.
　　In this way, we will not easily have problems when performing DNS resolution. Because when you log in to the primary domain controller to perform DNS resolution and connect to the network, the local DNS settings will be automatically queried. Even if the BDC network cable is loose or turned off, it will not affect the DC login.
　　Summary: Configuring a domain controller in a Windows system is a very troublesome thing, and there is no regularity in the occurrence of failures. Therefore, you must follow the corresponding rules in the initialization operation when upgrading the network to a domain, so as to minimize the probability of failure.

Author: Ruan Zheng

Source: Computer News