DNS forwarding problem

D

dinendra

I have an Active directory integrated DNS in my LAN. There
are 3 DNS servers(Single DNS name space) located in 3
VLANs in the same Active directory forest.
I have an External Internet DNS server(Writable ISP DNS)
located in a DMZ. My problem is if i enter a forwarder in
the AD DNS to the Ext DNS for internet name resolution,
users can't browse the Internet. All the users have the AD
DNS server IP as the Prefered DNS entry. If i use the Ext
DNS server IP as the Prefered DNS server, then users can
browse. The issue is, the forwarder entry is not working.
What could be the reason for this?
Please advice

Dinendra
 
K

Kevin D. Goodknecht [MVP]

In
dinendra said:
I have an Active directory integrated DNS in my LAN. There
are 3 DNS servers(Single DNS name space) located in 3
VLANs in the same Active directory forest.
I have an External Internet DNS server(Writable ISP DNS)
located in a DMZ. My problem is if i enter a forwarder in
the AD DNS to the Ext DNS for internet name resolution,
users can't browse the Internet. All the users have the AD
DNS server IP as the Prefered DNS entry. If i use the Ext
DNS server IP as the Prefered DNS server, then users can
browse. The issue is, the forwarder entry is not working.
What could be the reason for this?
Please advice

Dinendra
Click to expand...

If the external machine cannot resolve names it could be a root "." zone,
disable recursion checked on the Advanced tab, Root hints not resolved, no
gateway on its NIC or a number of other things.

BTW, No member of the AD domain should use the external DNS in their NIC in
any position unless it has a zone for the AD Domain.
 
M

Michael Johnston [MSFT]

Does the DNS server in the DNS have Internet name resolution? Also make sure that none of your DNS servers have the "."
root zone configured.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS Forwarding Not Work 2
DNS effect on changing IP addressing scheme 2
DNS security 1
Problem DNS 1
DNS Forwarding 2
Dns on 2000 member server. 4
How to limit external DNS clients? 1
New AD DNS Configuration Question 12

Top