In news:%(E-Mail Removed),
fd <(E-Mail Removed)> posted their thoughts, then I offered mine
> Hi, I am having a problem trying to resolve a DNS configuration
> issue. First, a little background may help. I recently inherited
> this network setup; The network is running Windows 2000 Server sp4
> with a WatchGuard Firebox and an HP web server. The DC is running
> Windows 2000sp4 with Active Directory. The DC, Firebox, HP webserver
> and all the workstations have
> 62.xxx static IP addresses . When I first started working on the
> problem, I found that nobody could logon to the domain so when the
> network was setup, it was setup as a workgroup. I found that the DNS
> server still had the root dns zone entry. I followed the steps in KBA
> #260371. I also setup the DC as a DNS server and now all workstations
> are configured to statically use the DC dns IP. These changes
> enabled all workstations to join the domain. I thought I had fixed
> the DNS problem but when I run nslookup, set the type=A, type in the
> domain name "issa" I get the error "primary-server.issa can't find
> ISSA: Non-existent domain.
Nslookup is an FQDN based query tool. IT has it's own internal mechanism,
not like ping, which uses the system's services to work. Nslookup queries
needs to be an FQDN to work. It doesn not work like ping, where you can give
it the single name and it will affix the suffix for the query.
> However, when I add a "dot" to the name
> (ISSA.), it resolves correctly and says issa "A" records point to
> my ISP DNS servers.
Sounds like you have your ISP's DNS server address in your IP properties. In
an AD structure, they need to be removed. It also sounds like your AD domain
name is the same as your external domain name (called a split-horizon
namespace).
> Am I correct in understanding that when you run
> nslookup and you have to add a "dot" to the domain name, this means
> that you do not have a FQDN?
Yes, due to DNS' hierarchal "tree' structure.
> The other problem that we have is that
> the domain has a single label DNS name.
That is NOT GOOD.
> I found KBA #300684 and hope
> it's recommendations fix the "5781 netlogon error" but I am wondering
> if there is a fix for the FQDN error or do I have to remove DNS from
> the server and start over?
There is no real fix. That article states a 'bandaid". There are many other
implications with single label domain names, such as the inablity for GPOs
to work correctly, DDNS registrations (with SP4), excessive bandwidth due to
DNS not knowing what to do with a single label name and therefore heavily
querying the Internet ISC Root DNS servers, etc. The AD domain name needs to
be renamed to the proper format.
> The next step is setting up DHCP but I
> don't want to move in that direction until I'm sure the DNS is
> working correctly. I hope I explained the problem clearly enough and
> thanks in advance for your help.
>
> FD
This has been discussed countless of times in the very recent past. You can
search on 'single label" to view the posts with your options and some
how-to's. Either way, it's really a matter of naming your AD domain name
properly. Just renaming it in DNS will not help AD since AD will need to
register into DNS, and AD uses the AD domain name, then looks at it's
PRimary DNS Suffix name, then looks for that name in DNS.
Sorry for the bad news.--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
|
Similar Threads
