THE SETUP
The following image is understood as such:
- VLAN 10 (192.168.4.X) is a management VLAN connecting servers and equipment together.
- VLAN 20 (192.168.10.X) is a production VLAN used by users for software development.
- Top DC is a Parent Domain Controller serving DNS requests for the management network VLAN 10.
- Top Server is a Member Server supplying file shares for the management network (VLAN 10) and the Production Network (VLAN 20)
- Child DC is a Child Domain Controller under the Parent Domain forest and acts as a DNS server for the production level environment serving DNS requests for VLAN 20.
- Top DC and Top Server are members of the parent domain and have a NIC for the production network to allow for file shares and other services.
THE PROBLEM Child client is trying to access the file share for Top DC using UNC path \TOP-DC over the production VLAN. When doing so it is unable to connect. Child client is able to ping the address for TOP-DC (192.168.10.11) without an issue. Child Client can access Top Server using UNC path \TOP-SERVER over the production VLAN without an issue. Because the TOP-DC is not accessible by UNC I checked the Child DC DNS Server and the Parent DC DNS server.
The Parent DNS server shows the A record for the Top DC VLAN 20 address in the Top Domain Zone. The Child DNS server shows the same A record in the copy of the Top Domain-Zone. So as I understand it the A record is in the DNS so it should resolve.
When on the Child Client I do an Nslookup. It will resolve Child DC DNS as it should. It also finds the VLAN 20 record in the copy of the Top Level Zone.
So why does it not resolve? If I go onto the Top DC and do an ipconfig /flushdns and ipconfig /registerdns the record comes back..... But only temporarily. Maybe 6-12 hours later the records disappears again. Why does it keep disappearing and how do I make it stay?
For management interface probably you need to disable DNS registration, so then client always will be routed to proper IP of the servers. If both interface have DNS registration enabled sometimes client can cache/get the response from wrong IP of the server, from wrong VLAN and then in that case is unable to reach it until TTL will expire or getting both IP at once, sometimes works, sometimes not -> unexpected round-robin situation.
Thanks,