T
Todd Eichmann
Guest
I'm working on a project to move our servers from the current Microsoft DNS over a third-party product. Before decommissioning the DNS role from our servers, we want to make sure all devices have stopped using Microsoft DNS so I've been capturing debug traffic from the DNS servers in order to validate this expectation. Imagine my surprise when I find that all my Windows servers - servers that have been reconfigured to use the new DNS servers - are still querying the Microsoft DNS servers. This behavior is true for 2008, 2012, and 2016 servers.
Some clarification:
To get a benchmark of our efforts, we captured debug logs on the DNS servers to try and identify what was still using (statically configured) our Microsoft DNS servers, expecting to see printers, cameras, and other devices. We were quite surprised to see all these server IP addresses show up in the logs.
What I've tried so far:
1) Using a PowerShell script to remotely update the DNS settings on the servers. This worked as expected - I can manually and programmatically validate this - but it didn't actually change the nameservers that were being queried.
2) Perform a change-no-change setting update. Meaning, if the address configured on the server is 10.10.10.10, I simply manually re-type 10.10.10.10 and accept this "change".
3) Manually type in the old DNS server addresses, accept the changes, close the networking dialog, and then manually repeat the process with the new DNS server addresses.
Of course, a restart of the server does resolve the problem, but I'm a little surprised that this is even necessary and would really prefer to make these changes without having to reboot. Admittedly, this is the first time I've had a project like this, so I don't know if this is actually expected behavior. I'm pretty sure I'm not fighting a GPO or something behind the scenes because in all cases where I've set the DNS settings, they're not getting overwritten (I've even confirmed this via the registry).
I'd very much like to hear any thoughts regarding this and how I might get around the need for a restart.
Thank you in advance for your time!
-Todd
Continue reading...
Some clarification:
- Our domain systems were configured (in the network adapter settings) to use two Microsoft DNS servers, let's say 10.0.0.10 and 10.0.0.20. It also is worth mentioning that the DNS servers were also the Domain Controllers.
- We exported the all zones from Microsoft DNS and imported them into the new DNS servers, let's say their addresses are 10.0.0.100 and 10.0.0.200.
- After confirming that the new DNS was handling queries properly, we removed all the zones from the Microsoft DNS servers and configured Microsoft DNS service with Forwarders pointing at the new DNS servers under the service properties. (Right click on DNS Server > Properties > Forwarders tab.)
- Over the last several weeks, we've been gradually updating the DNS settings of all systems with statically assigned network settings, changing the DNS properties so the new servers - 10.0.0.100 and 10.0.0.200 - are being used.
To get a benchmark of our efforts, we captured debug logs on the DNS servers to try and identify what was still using (statically configured) our Microsoft DNS servers, expecting to see printers, cameras, and other devices. We were quite surprised to see all these server IP addresses show up in the logs.
What I've tried so far:
1) Using a PowerShell script to remotely update the DNS settings on the servers. This worked as expected - I can manually and programmatically validate this - but it didn't actually change the nameservers that were being queried.
2) Perform a change-no-change setting update. Meaning, if the address configured on the server is 10.10.10.10, I simply manually re-type 10.10.10.10 and accept this "change".
3) Manually type in the old DNS server addresses, accept the changes, close the networking dialog, and then manually repeat the process with the new DNS server addresses.
Of course, a restart of the server does resolve the problem, but I'm a little surprised that this is even necessary and would really prefer to make these changes without having to reboot. Admittedly, this is the first time I've had a project like this, so I don't know if this is actually expected behavior. I'm pretty sure I'm not fighting a GPO or something behind the scenes because in all cases where I've set the DNS settings, they're not getting overwritten (I've even confirmed this via the registry).
I'd very much like to hear any thoughts regarding this and how I might get around the need for a restart.
Thank you in advance for your time!
-Todd
Continue reading...