To avoid DNS resolution issues, all computers joined to the gs.doi.net Active Directory should only point to a gs.doi.net AD DNS server for DNS resolution. Non-AD joined computers should be configured to use AD for DNS, NTP, and other services.
During DNS outages or when changing DNS settings, it is recommended to restart any service reliant on DNS (sendmail, postfix, MSSQL, etc) or restart the server itself to ensure cache is cleared.
When choosing DNS servers, first select the Domain Controller closest to the site’s location. Then, choose regional DCs for a total of 4 or more DNS Server options.
The list of all domain controllers is available at: Active Directory Integration (sharepoint.com)
DHCP Server Configuration
Documentation for Installation, Configuration, and Management of Windows DHCP Server is available on the DHCP TST Webpage.
In order to meet requirements from OMB Memo 21-31, all USGS Windows DNS and DHCP Servers must forward their logs to the DOI’s Enterprise Splunk, the Department’s SIEM (Security Information Management and Security Event Management) system. Deployment of the Splunk Agent is automated for USGS DHCP servers using BigFix. There are additional steps to be completed as DHCP Servers are setup or decommissioned. Sites must open a ticket with the Service Desk to notify the Domain Administrators that a DHCP Server change has occurred, even if the IP Address was previously authorized.
Steps to Configure DNS Servers (Scope Option 006) on a Windows DHCP Server:
Open the DHCP management console.
- Click on IPv4
- Scope
- Right click Scope Options.
- Enter the IP Addresses of the chosen DNS Servers (per the guidance above)

For ADDNS to work properly on scopes/subnets not running Windows, it is recommended to set DHCP to “Enable DNS dynamic updates”, “Always dynamically update DNS records”, and “Dynamically update DNS records for DHCP clients that do not request updates”.
This should be set on the server or scope or can be set per address/reservation if needed.

DHCP IP Helper Address
Sites with a VoIP phone system can leverage their DHCP server to provide leases to IP phones. Because the DHCP server and IP phones are usually on different subnets, an IP helper needs to be configured on the site’s router.
To request an IP helper be added to your router config, open a ticket with the Service Desk and request that they assign it to the Telecom team. Provide the information below:
- The IP address of your DHCP server
- Your site location or router IP
Steps for Manual Configuration or Verification of DNS Settings on Endpoints
Windows
- Open Network and Sharing Center
- Open the Network connection
- Click Properties on the Ethernet Status screen
- Click on IPv4 and click Properties
- Click Advanced on the IPv4 Properties screen
- Click DNS on the Advanced TCP/IP Settings screen

Linux
Open /etc/resolv.conf and enter your server listings.

Mac
- Open Network Preferences
- Open your connection in use (wifi, ethernet, etc)
- Click on DNS tab.

For support from the USGS DNS Team, contact “GS Enterprise DNS Core” gs_enterprise_dns_core@usgs.gov.
For configuration management questions for Client and Server endpoints, open a ticket with the Technical Support Teams through the Service Desk.