Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Attempt to resolve DNS Name Failed

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      scorpion2087
      last edited by

      I am using PF sense as router for NAT and windows server 2008 for DHCP Service only but i am getting this error while joining a computer on server :- "an attempt to resolve the dns name in the domain being joined failed"

      can anybody help me in this
      vpn.png
      vpn.png_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        And that is a horrific choice for AD domain for one.  You should use fqdn, something like value.tld

        http://support.microsoft.com/kb/300684
        Deployment and operation of Active Directory domains that are configured by using single-label DNS names

        For the following reasons, the best practice is to create new Active Directory domains that have fully qualified DNS names:

        Single-label DNS names cannot be registered by using an Internet registrar.
            Client computers and domain controllers that are joined to single-label domains require additional configuration to dynamically register DNS records in single-label DNS zones.
            Client computers and domain controllers may require additional configuration to resolve DNS queries in single-label DNS zones.
            Some server-based applications are incompatible with single-label domain names. Application support may not exist in the initial release of an application, or support may be dropped in a future release.
            Transitioning from a single-label DNS domain name to a fully qualified DNS name is non-trivial and consists of two options. Either migrate users, computers, groups, and other states to a new forest. Or, perform a domain rename of the existing domain. Some server-based applications are incompatible with the domain rename feature that is supported in Windows Server 2003 and newer domain controllers. These incompatibilities either block the domain rename feature or make the use of the domain rename feature more difficult when you try to rename a single-label DNS name to a fully qualified domain name.
            The Active Directory Installation Wizard (Dcpromo.exe) in Windows Server 2008 warns against creating new domains that have single-label DNS names. Because there is no business or technical reason to create new domains that have single-label DNS names, the Active Directory Installation Wizard in Windows Server 2008 R2 explicitly blocks creating such domains.

        Secondly - where are you pointing for dns?  Pfsense - how does pfsense know to resolve your AD dns?  Do you have a forwarder setup?  Pretty much the answer to using AD, is all members should ONLY Point to AD dns.. While using other name servers is possible.  The dns you point to needs to be able to resolve your AD records.. Highly doubt pfsense can do this, and if forwarding to your ISP they for sure can not, etc.

        Point your members or want to be members of your domain to your DNS for your domain. This is normally the DC in a simple soho AD setup.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • S Offline
          scorpion2087
          last edited by

          buddy i understand
          see first time i tried to install all this on VMWARE ESXi

          My DHCP server has only one LAN connection and i am using PFsense for NAT and Internet

          IP address and VM network diagram is attached please have a look till that time i try above resolution provided by u

          ip.png
          ip.png_thumb
          pf1.png
          pf1.png_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            Sure looks like your pointing to pfsense 10.10.10.2 for dns - how is pfsense going to resolve your AD??

            Have you ever setup/run AD before?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • S Offline
              scorpion2087
              last edited by

              No could you please help me in that

              1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                heheh - what do you not understand about using your AD for dns?

                Your using it for dhcp.. Point your clients to 10.10.10.3 (your AD server) for dns.

                You ran DC promo right - it walked you through setting up DNS for your AD.. Now point to that computer (DC) that you ran dc promo on.  Members of an AD should ONLY have the AD dns..  You then setup your AD dns to forward to external or other DNS.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • S Offline
                  scorpion2087
                  last edited by

                  buddy i am using it for first time thats why i am so much confuse
                  Server 2008 is acting as DHCP, AD and also DNS is installed in that.

                  so what should i do please help me i m stuck completely

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    So your clients that you want to join the domain need to point to the server 2008 IP for DNS.  So they can resolve the AD dns entries.  you then can setup DNS on your 2k8 server to use pfsense as its forwarder.  So your AD clients can then resolve say google.com

                    Your clients ask your AD dns, which in turn asks pfsense - which in turn asks your isp or public dns for say www.google.com

                    pfsense or the internet has no idea about your AD..  This is why you have to point your clients to AD dns.  They should ONLY Point to this - nothing else.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.