Hi! I'm new to the group here and have read the archives but can't
find the answer to my DNS problem...


I've AD-integrated DNS and have implemented Sites on two subnets. The
current setup is fine but I want to add a second DNS server to the
mix. Here's the setup for a single domain.

Site#1 - 10.0.0.0 with SERVER1 as DC
Site#2 - 172.16.0.0 with SERVER3 as DC

SERVER1 hold all FSMO roles, IP = 10.0.0.1
SERVER2 is configured as with RRAS, two NICS with IP = 10.0.0.2 & IP =
172.16.0.1
SERVER3 is a DC (IP = 172.16.0.2)
(the default subnet masks are used)

SERVER1 points to itself for DNS and has a default gateway of 10.0.0.2
SERVER3 points to SERVER1 for DNS and has a default gateway of
10.0.0.2

Everything's fine with the above setup - GPOs processing, replication
is good, no red Xs in Event Viewer etc.
When I ran DCPROMO on SERVER3 the NS and A records were automatically
created in the forward lookup zone on SERVER1

Now I need SERVER3 to be able to resolve 172.16.0.0 addresses for Site
#2 - any pointers welcome!

In news:(E-Mail Removed),
Tharg <(E-Mail Removed)> posted their thoughts, then I offered mine
> Hi! I'm new to the group here and have read the archives but can't
> find the answer to my DNS problem...
>
>
> I've AD-integrated DNS and have implemented Sites on two subnets. The
> current setup is fine but I want to add a second DNS server to the
> mix. Here's the setup for a single domain.
>
> Site#1 - 10.0.0.0 with SERVER1 as DC
> Site#2 - 172.16.0.0 with SERVER3 as DC
>
> SERVER1 hold all FSMO roles, IP = 10.0.0.1
> SERVER2 is configured as with RRAS, two NICS with IP = 10.0.0.2 & IP =
> 172.16.0.1
> SERVER3 is a DC (IP = 172.16.0.2)
> (the default subnet masks are used)
>
> SERVER1 points to itself for DNS and has a default gateway of 10.0.0.2
> SERVER3 points to SERVER1 for DNS and has a default gateway of
> 10.0.0.2
>
> Everything's fine with the above setup - GPOs processing, replication
> is good, no red Xs in Event Viewer etc.
> When I ran DCPROMO on SERVER3 the NS and A records were automatically
> created in the forward lookup zone on SERVER1
>
> Now I need SERVER3 to be able to resolve 172.16.0.0 addresses for Site
> #2 - any pointers welcome!


Hi Tharg,

It seems since you created two Sites, and Server2 is multihomed with an IP
from both sites, there can be some confusion here in regards to AD, since a
machine cannot be part of two sites. Other issues can develop adue to the
multiple entries a multihomed DC creates, especially if RRAS is installed on
it. Usually the consensus is to not multihome a DC but rather just choose a
member server for this task.

Just as an FYI, here's an article on things that can happen:
292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
Controller with Routing and Remote Access and DNS Installed:
http://support.microsoft.com/?id=292822

Ok, just wanted to mention that..

Anyway, a little confusion on my part in what you posted... you mentioned
that
> SERVER3 points to SERVER1 for DNS and has a default gateway of
> 10.0.0.2
but
> SERVER3 is a DC (IP = 172.16.0.2)
and you want to:
> Now I need SERVER3 to be able to resolve 172.16.0.0 addresses for Site
> #2 - any pointers welcome!

What confuses me is that server3's IP is 172.16.0.2 but it's gateway is
10.0.0.2 ? I'm a little confused with that part.

If all the machines have their records auto registered (dynamic updates),
then all their respective records should be in DNS, and provided that you
are using your only DNS, then I'm not understanding why Server3 cannot
resolve any hosts on the 172.16.0.0 subnet?

Your subject implies adding another DNS. I would suggest to install DNS on
Server3 and let the clients on the 172.16.0.0 subnet use that DNS for
resolution. I would suggest to also make that zone AD Integrated as well, so
it gets a copy of the zone from AD.

Sorry if this is not what you're looking for, or maybe there's a typo or I
just plain mis-read your post.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Many thanks for the reply and suggestions Ace - got the secondary DNS
working. Had a wrong gateway on one of the servers as well which
wouldn't help. Still no luck but then I noticed another error: I
hadn't allowed zone transfers!

Thanks again!

Ace Fekay [MVP] wrote:

> Hi Tharg,
>
> It seems since you created two Sites, and Server2 is multihomed with an IP
> from both sites, there can be some confusion here in regards to AD, since a
> machine cannot be part of two sites. Other issues can develop adue to the
> multiple entries a multihomed DC creates, especially if RRAS is installed on
> it. Usually the consensus is to not multihome a DC but rather just choose a
> member server for this task.
>
> Just as an FYI, here's an article on things that can happen:
> 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
> Controller with Routing and Remote Access and DNS Installed:
> http://support.microsoft.com/?id=292822
>
> Ok, just wanted to mention that..
>
> Anyway, a little confusion on my part in what you posted... you mentioned
> that
> > SERVER3 points to SERVER1 for DNS and has a default gateway of
> > 10.0.0.2
> but
> > SERVER3 is a DC (IP = 172.16.0.2)
> and you want to:
> > Now I need SERVER3 to be able to resolve 172.16.0.0 addresses for Site
> > #2 - any pointers welcome!
>
> What confuses me is that server3's IP is 172.16.0.2 but it's gateway is
> 10.0.0.2 ? I'm a little confused with that part.
>
> If all the machines have their records auto registered (dynamic updates),
> then all their respective records should be in DNS, and provided that you
> are using your only DNS, then I'm not understanding why Server3 cannot
> resolve any hosts on the 172.16.0.0 subnet?
>
> Your subject implies adding another DNS. I would suggest to install DNS on
> Server3 and let the clients on the 172.16.0.0 subnet use that DNS for
> resolution. I would suggest to also make that zone AD Integrated as well, so
> it gets a copy of the zone from AD.
>
> Sorry if this is not what you're looking for, or maybe there's a typo or I
> just plain mis-read your post.
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory

In news:(E-Mail Removed),
Tharg <(E-Mail Removed)> posted their thoughts, then I offered mine
> Many thanks for the reply and suggestions Ace - got the secondary DNS
> working. Had a wrong gateway on one of the servers as well which
> wouldn't help. Still no luck but then I noticed another error: I
> hadn't allowed zone transfers!
>
> Thanks again!
>

You're welcome. Good to hear you got it working.
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================