For a Project I hade change the DNS Server settings on several client computers. All Clients hade fixed IP and DNS Settings on the clients and the customer want not to change to a DHCP. I can understand this approach because fixing the IP of computers can improve network security and awareness. My first approach was to look inside the GPO of Windows XP. And after 2 minutes searching look what I fond under: “Computer Configuration – Administrative Templates – Network – DNS Client – DNS Servers”
“ Defines the DNS servers to which a computer sends queries when it attempts to resolve names.
Warning: The list of the DNS servers defined in this setting supersedes DNS servers configured locally and those configured using DHCP. The list of DNS servers is applied to all network connections of multihomed computers to which this setting is applied.
To use this setting, click Enable, and then enter a space-delimited list of IP addresses (in dotted decimal format) in the available field. If you enable this setting, you must enter at least one IP address.
If this setting is not configured, it is not applied to any computers, and computers use their local or DHCP-configured parameters.”
After reading the description I Thanked this is it. So let me show you first the test environment. We got to server and a Client. The server running Windows 2003 and the client runs XP. The two servers (dc01.planetgeek.ch/ 172.16.111.120 and sql.platnetgeek.ch / 172.16.111.124) have installed DNS servers. The Client has only one DNS configured the dc001.
Setting up the new GPO and link it to the client pc.
Now we use the client to review the impact of this GPO setting. First we use the gpresut to look if the GPO was adapted.
After we are sure that the GPO was applied I do an “ipconfig /all” to check the DNS settings.
Okay it looks like the DNS setting is not applied. I checked the result several times, rebooted the PC, used netsh to look on the DNS settings and searched for event log entries. Then I tried nslookup on the console. Look on witch DNS server the request goes.
It looks like the network tools (ipconfig, netsh and the tcp/ip Settings gui) from windows XP did not recognize the GPO Setting. I guess if you use this in large company this will end up in a debugging nightmare. Normally I hate this Microsoft bashing, because the Company make good and stable products. But this time the guys from Redmond did a very lousy job.
