Hi all
Here's my problem: I have a small network with a win2k server. The domain and mail server are hosted by ISP, let's say mydomain.com. The internal domain is also mydomain.com, so if I set my server to be primary DNS, logon to the domain is fast, but email is not working. If I set the ISP DNS to be primary and my server secondary, the email is working but the logon takes forever. Email is set like (E-Mail Removed). Any suggestions?

In news:890C3223-3D25-4C26-B187-(E-Mail Removed),
mike <(E-Mail Removed)> posted a question
Then Kevin replied below:
> Hi all,
> Here's my problem: I have a small network with a win2k server. The
> domain and mail server are hosted by ISP, let's say mydomain.com. The
> internal domain is also mydomain.com, so if I set my server to be
> primary DNS, logon to the domain is fast, but email is not working.
> If I set the ISP DNS to be primary and my server secondary, the email
> is working but the logon takes forever. Email is set like
> (E-Mail Removed). Any suggestions?

Don't use your ISP's DNS at all in your NIC, use only your local DNS.
To fix the email problem, use the DNS managment console, open Forward Lookup
Zones then open mydomain.com Forward Lookup Zone, in the menu select Action
then new host, in the name field type mail or whatever the mail server
hostname is, give it the IP address of the mailserver.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

> > Here's my problem: I have a small network with a win2k server. The
> > domain and mail server are hosted by ISP, let's say mydomain.com. The
> > internal domain is also mydomain.com, so if I set my server to be
> > primary DNS, logon to the domain is fast, but email is not working.
> > If I set the ISP DNS to be primary and my server secondary, the email
> > is working but the logon takes forever. Email is set like
> > (E-Mail Removed). Any suggestions?
>
> Don't use your ISP's DNS at all in your NIC, use only your local DNS.
> To fix the email problem, use the DNS managment console, open Forward
Lookup
> Zones then open mydomain.com Forward Lookup Zone, in the menu select
Action
> then new host, in the name field type mail or whatever the mail server
> hostname is, give it the IP address of the mailserver.

Well the above isn't enogh :-) you'll also need to add an MX record
otherwise the mail exchange won't work; another solution which will
work and will avoid the problem at all is using a subdomain for your
LAN, for example, if your public domain is "mydomain.com" you may
use "lan.mydomain.com" for your LAN, this means that the machines
on the LAN will have names like (e.g.) server.lan.mydomain.com this
will allow you to configure the DNS as primary for such a zone and
will avoid the problems you're experiencing

Regards


--

* ObiWan

DNS "fail-safe" for Windows 2000 and 9X clients.
http://ntcanuck.com

Support and discussions forum
http://ntcanuck.com/net/board

408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm

ObiWan wrote:
<snip>

> Well the above isn't enogh :-) you'll also need to add an MX record
> otherwise the mail exchange won't work;

Not quite - they just need to be able to resolve mail.whatnot.com to an IP
address. Don't need to create an internal MX record at all. That's for
external senders trying to send mail *to* the domain in question...the MX
record has to exist for the domain's public DNS.

another solution which will
> work and will avoid the problem at all is using a subdomain for your
> LAN, for example, if your public domain is "mydomain.com" you may
> use "lan.mydomain.com" for your LAN, this means that the machines
> on the LAN will have names like (e.g.) server.lan.mydomain.com this
> will allow you to configure the DNS as primary for such a zone and
> will avoid the problems you're experiencing

True, but not necessary. Split brain DNS can work just fine. ;-)
>
> Regards

> > Well the above isn't enogh :-) you'll also need to add an MX record
> > otherwise the mail exchange won't work;
>
> Not quite - they just need to be able to resolve mail.whatnot.com to an IP
> address. Don't need to create an internal MX record at all. That's for
> external senders trying to send mail *to* the domain in question...the MX
> record has to exist for the domain's public DNS.

Sure .. or for internal machines implementing their own smtp service
to send mail internally; some printers and other similar devices have
such a capability ... and need an MX :-) so adding it won't hurt imo

> > another solution which will
> > work and will avoid the problem at all is using a subdomain for your
> > LAN, for example, if your public domain is "mydomain.com" you may
> > use "lan.mydomain.com" for your LAN, this means that the machines
> > on the LAN will have names like (e.g.) server.lan.mydomain.com this
> > will allow you to configure the DNS as primary for such a zone and
> > will avoid the problems you're experiencing
>
> True, but not necessary. Split brain DNS can work just fine. ;-)

Well .. yes, although since the original poster stated that it's a small
network such a change won't require too much to be implemented
and will avoid future problems ... better keeping on the safe side :-)

Regards

ObiWan wrote:
>>> Well the above isn't enogh :-) you'll also need to add an MX record
>>> otherwise the mail exchange won't work;
>>
>> Not quite - they just need to be able to resolve mail.whatnot.com to
>> an IP address. Don't need to create an internal MX record at all.
>> That's for external senders trying to send mail *to* the domain in
>> question...the MX record has to exist for the domain's public DNS.
>
> Sure .. or for internal machines implementing their own smtp service
> to send mail internally; some printers and other similar devices have
> such a capability ... and need an MX :-) so adding it won't hurt imo

I've yet to run into such a situation. Re internal machines/SMTP servers -
all that should be needed is basic name resolution. Re printers - well, I've
yet to see that, too.
>
>>> another solution which will
>>> work and will avoid the problem at all is using a subdomain for your
>>> LAN, for example, if your public domain is "mydomain.com" you may
>>> use "lan.mydomain.com" for your LAN, this means that the machines
>>> on the LAN will have names like (e.g.) server.lan.mydomain.com this
>>> will allow you to configure the DNS as primary for such a zone and
>>> will avoid the problems you're experiencing
>>
>> True, but not necessary. Split brain DNS can work just fine. ;-)
>
> Well .. yes, although since the original poster stated that it's a
> small network such a change won't require too much to be implemented
> and will avoid future problems ... better keeping on the safe side :-)

Sure, maybe, if you're starting from scratch. But it really isn't a very big
deal to use your registered Internet domain name as your AD domain name, and
tends to make things like Exchange admin easier. :-)
>
> Regards

> > Sure .. or for internal machines implementing their own smtp service
> > to send mail internally; some printers and other similar devices have
> > such a capability ... and need an MX :-) so adding it won't hurt imo
>
> I've yet to run into such a situation. Re internal machines/SMTP servers -
> all that should be needed is basic name resolution. Re printers - well,
I've
> yet to see that, too.

Well, the fact that you never faced such an issue doesn't mean it
can't happen <g> as I wrote, adding an MX to the internal DNS
won't hurt (nor it will take up so much time) and may be of help in
case such a thing will be needed in a future

> >> True, but not necessary. Split brain DNS can work just fine. ;-)
> >
> > Well .. yes, although since the original poster stated that it's a
> > small network such a change won't require too much to be implemented
> > and will avoid future problems ... better keeping on the safe side :-)
>
> Sure, maybe, if you're starting from scratch. But it really isn't a very
big
> deal to use your registered Internet domain name as your AD domain name,
and
> tends to make things like Exchange admin easier. :-)

I suppose you skipped the part of the post about the "small network"
that's why I proposed to use the subdomain since not having too much
machines will make it easy to use the subdomain approach so that the
subdomain will already be in place if/when the network will grow

Regards

"mike" wrote in message
news:890C3223-3D25-4C26-B187-(E-Mail Removed)...
: Here's my problem: I have a small network with a win2k server. The domain
and mail server are hosted by ISP, let's say mydomain.com. The internal
domain is also mydomain.com, so if I set my server to be primary DNS, logon
to the domain is fast, but email is not working. If I set the ISP DNS to be
primary and my server secondary, the email is working but the logon takes
forever. Email is set like (E-Mail Removed). Any suggestions?

Hi Mike...

What you have is called a split horizon. It would be better to not have
external and internal domain names the same, as you already know but here
are the issues.

1. You need to add a record for your SMTP/POP3 server in your internal DNS.
2. Point all of your clients and your server ONLY to your internal DNS
server.
3. Make sure you do not have a root entry in your forward lookup zone, which
you probably do not have or you could not surf the net.
4. You do not need an MX record because your email server is external. You
do not have control over that IP block. Your ISP needs to take care of
that, which they are already doing.
5. If you have a web site and your ISP or someone else is hosting it, then
you need another Address for that in your internal DNS or you will never get
there.
6. Your ISP can also set a blank host record for your domain so anyone
external to your LAN can get to your web site, if one exists, with
http://yourdomain.com/. Anyone on your LAN MUST use
http://www.yourdomain.com/ because other wise it would not get past your
router. DO NOT create a blank host record and point it to the external
site.
7. You will never be able to get to any host with your domain that is
external to your LAN without an entry into your DNS, even if your ISP has
one in their DNS. The reason is you will be pointing all of your systems to
the internal DNS so they will not know it exists. Nobody external to your
network will have this issue because the SOA is your ISP's DNS, not yours.
8. You can set a forwarder in your DNS Server configuration which may speed
up address resolution to any external hosts but it is not required. Without
it, the root hints will be used and this eliminates a single point of
failure in case your ISP's DNS ever goes down.

What Kevin told you is all you need if everything else in place, unless you
have a web site. I set my internal networks as internal.domain.tld so
eliminate the issues you're experiencing. It doesn't matter what you call
it, as long as it is a dotted name.

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/service...p?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default...b;EN-US;308201