DNS and domains

[J Case]

I have just created a new Win 2k domain, set up a trust with our
current production domain to act as an intermediate while we go
through the process of upgrading to the 2k domain. Here is the
problem, internet is flaky. Sometimes it works, other times it
doesn't. If I change the DNS IP address on the client computer
between the existing DNS server on our network and the public DNS
server provided by our ISP it will start working but will quit after a
while. We have a current DNS server in the old NT4 domain and I am
trying to use that one, but its not working. Is there something I am
missing? I am new to dealing with DNS at this level so any help would
be greatly appreciated.

J Case

 

[Ace Fekay [MVP]]

In

I have just created a new Win 2k domain, set up a trust with our
current production domain to act as an intermediate while we go
through the process of upgrading to the 2k domain. Here is the
problem, internet is flaky. Sometimes it works, other times it
doesn't. If I change the DNS IP address on the client computer
between the existing DNS server on our network and the public DNS
server provided by our ISP it will start working but will quit after a
while. We have a current DNS server in the old NT4 domain and I am
trying to use that one, but its not working. Is there something I am
missing? I am new to dealing with DNS at this level so any help would
be greatly appreciated.

J Case

It's to your benefit to go to W2k DNS to prepare for the upgrade to AD since
NT4 DNS cannot support AD. My suggestion, is whatever DNS you are using
(preferably you change it to W2k DNS) is to only use that DNS by all your
machines. Then configure a forwarder to your ISP for efficient Internet
resolution. This will control all resolution to go thru your DNS server(s)
first and let your DNS resolve by recursion to a forwarder. This is really
very essential in AD, since if you use your ISP's DNS in your client and DC
properties with AD in place, expect numerous AD errors.

If you're going to change to W2k DNS, here's an article on how to do
configure a forwarder:
http://support.microsoft.com/?id=300202

NT4 is similar, by rt-clicking on the DNS server name in the console,
properties. You;ll find it under the Forwarding tab. I can suggest to use
4.2.2.2 as your forwarder, it seems pretty reliable.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have just created a new Win 2k domain, set up a trust with our
current production domain to act as an intermediate while we go
through the process of upgrading to the 2k domain. Here is the
problem, internet is flaky. Sometimes it works, other times it
doesn't. If I change the DNS IP address on the client computer
between the existing DNS server on our network and the public DNS
server provided by our ISP it will start working but will quit after a
while. We have a current DNS server in the old NT4 domain and I am
trying to use that one, but its not working. Is there something I am
missing? I am new to dealing with DNS at this level so any help would
be greatly appreciated.

J Case

All domain members _must_ use the local DNS only. If you use your ISP's DNS
on any member or DC network performance will be really bad and logons will
take forever, well almost forever.
If the local DNS is not resolving internet names for you make sure you have
deleted the root " . " Forward Lookup Zone. After this zone is deleted DNS
will enable Root Hints, and you can configure a forwarder to your ISP's DNS.
DO NOT USE YOUR ISP's DNS IN ANY POSITION on any interface of an AD Domain
Member.

 

[J Case]

I apologize for misleading you, our current DNS server is a Win2k
machine not NT4. I should have specified that. I enabled a forwarder
on that machine to go to our ISP's DNS address they provided us with.
It's still early but i'm still having the "sometimes" problem. Is
there a possible timeout problem? I'm assuming that the separate
domains have no effect on DNS resolution for the internet, am I
accurate on this point? Currently the Win2k domain only consists of a
single DC and my client computer. This is for testing purposes. I
tried deleting the "." forward lookup zone in the "test" soon to be
"production" domain, however that did not enable root hints. On top
of the dialog box under the tab "root hints" it says that it is the
root server and root hints are not required. Once again thank you for
all your help.

J Case

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I apologize for misleading you, our current DNS server is a Win2k
machine not NT4. I should have specified that. I enabled a forwarder
on that machine to go to our ISP's DNS address they provided us with.
It's still early but i'm still having the "sometimes" problem. Is
there a possible timeout problem?

Niot sure what timeout you are asking about, but if you check the box on the
Forwarders tab "Do not use recursion" Your DNS server will wait for the
forwarder to answer, although I cannot remember how long it will wait before
it times out.

I'm assuming that the separate

domains have no effect on DNS resolution for the internet, am I
accurate on this point?

You do have only one DNS server, correct?
NT4 doesn't need DNS but Win2k domains do, without exception.

Currently the Win2k domain only consists of a

single DC and my client computer. This is for testing purposes. I
tried deleting the "." forward lookup zone in the "test" soon to be
"production" domain, however that did not enable root hints. On top
of the dialog box under the tab "root hints" it says that it is the
root server and root hints are not required. Once again thank you for
all your help.

All you need to do on this one is refresh the DNS console, (or you can close
and re-open it)
Then Root Hints will appear and you can enable your forwarder.

Am I assuming correctly that after you get the Win2k domain up and running
that you are going to use ADMT to migrate the NT4 domain accounts into the
new AD domain?
That would be your easiest approach since you have already set up trust.

 

[J Case]

I've finally been able to isolate the solution to the "sometimes"
internet but it would not allow timely logons. If I remove the IP
address of my DC in the 2k domain from the client the internet works
consistently. However if the IP address of the DC is in the DNS for
the client computer then it "sometimes." Is there a way to solve
this? I cannot place a forwarder or root hint into the DNS for the
new domain. Is there a way to work around this? Help on this is
greatly appreciated.

J Case

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I've finally been able to isolate the solution to the "sometimes"
internet but it would not allow timely logons. If I remove the IP
address of my DC in the 2k domain from the client the internet works
consistently. However if the IP address of the DC is in the DNS for
the client computer then it "sometimes." Is there a way to solve
this? I cannot place a forwarder or root hint into the DNS for the
new domain. Is there a way to work around this? Help on this is
greatly appreciated.

Delete the " . " Forward Lookup zone, refresh the DNS console (or close and
re-open it) set a forwarder to your ISP.

Do not use your ISP's DNS on any client or DC, in TCP/IP properties. ISP's
DNS can only be used as a forwarder.

If your AD domain is the same as your public domain and you are trying to
access sites or servers hosted on the internet in that domain, such as
www.example.com, open you local example.com forward lookup zone and add a
new host named www, give it the IP address of the website and click create.

Using your local DNS is not an option, it is required, never use your ISP's
DNS in TCP/IP properties, in any position.

 

[Ace Fekay [MVP]]

In

Delete the " . " Forward Lookup zone, refresh the DNS console (or
close and re-open it) set a forwarder to your ISP.

Do not use your ISP's DNS on any client or DC, in TCP/IP properties.
ISP's DNS can only be used as a forwarder.

If your AD domain is the same as your public domain and you are
trying to access sites or servers hosted on the internet in that
domain, such as www.example.com, open you local example.com forward
lookup zone and add a new host named www, give it the IP address of
the website and click create.

Using your local DNS is not an option, it is required, never use your
ISP's DNS in TCP/IP properties, in any position.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

The slow lookups could be based on teh ISP's DNS as a forwarder. Try this
one:
4.2.2.2

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[J Case]

Thank you Kevin and Ace for all your help, it is greatly appreciated.
Unfortunately, due to politics in my business, they want me to create
the new domain from scratch. But once again I appreciate all the help
it works like a champ, and i've already started joining other
computers to the new domain.

J Case

 

[Ace Fekay [MVP]]

In

Thank you Kevin and Ace for all your help, it is greatly appreciated.
Unfortunately, due to politics in my business, they want me to create
the new domain from scratch. But once again I appreciate all the help
it works like a champ, and i've already started joining other
computers to the new domain.

J Case

My pleasure.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================