FQDN change

[Guest]

Hi:

We are having problem after we install DNS on an upgraded w2k network (from
NT4). What happen was we used our external name space domain name when we set
up the DNS. I think this is causing clients having problem accessing network
resource (either cannot use them or it is responding very slow to request).
What is the best way to solve this?
Do I setup a child domain and move the computer and user accounts into it?
Would I be better off install a new forest on another domain controller and
blow away the first one?
Our network is small and have only about 30 user accounts.
Any help or suggestions are appreciated.

 

[Danny Sanders]

What happen was we used our external name space domain name when we set

up the DNS.

Using the same name for your AD domain that you use for your Internet domain
would only cause problems when trying to access your resources on the
Internet. Your web page for example. Say your Internet domain is
mycompany.com and you named your AD domain mydomain.com. When internal users
try to access the Internet domain mydomain.com, the AD DNS zone believes it
is authoritive for that domain and will not forward requests. This will
prevent access to that site. This is solved by setting up split DNS.

I think this is causing clients having problem accessing network

resource (either cannot use them or it is responding very slow to
request).
What is the best way to solve this?

This sounds like DNS is set up wrong.


See:
Best Practices for DNS Client settings in Windows 2000 server and in Windows
Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en-us;237675



How to configure DNS for Internet access in Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202





Very basically, point the DNS server set up to host the DNS zone for the AD
domain to itself in the properties of TCP/IP for DNS resolution, point all
AD clients to the DNS server set up for the AD domain ONLY. (Servers are AD
clients also) For Internet access configure the AD DNS server to forward
requests and list your ISP's DNS servers as the forwarder. This is the only
place on your AD domain your ISP's DNS server should be listed.





Slow logins are a sure sign that your AD clients are not pointed to a DNS
server that hosts the SRV records for your domain. The most common mistake
made is using your ISP's DNS server for DNS.



hth

DDS W 2k MVP MCSE

 

[Kevin D. Goodknecht Sr. [MVP]]

Hi:

We are having problem after we install DNS on an upgraded w2k network
(from NT4). What happen was we used our external name space domain
name when we set up the DNS. I think this is causing clients having
problem accessing network resource (either cannot use them or it is
responding very slow to request). What is the best way to solve this?
Do I setup a child domain and move the computer and user accounts
into it? Would I be better off install a new forest on another domain
controller and blow away the first one?
Our network is small and have only about 30 user accounts.
Any help or suggestions are appreciated.

Point all internal clients to the internal DNS ONLY. Then add a host record
named www. with the IP of your website. Forget using the domain name only to
access your website, the domain name must resolve ONLY to the IP address of
your domain controller.
You will have to delete the "." forward lookup zone, if you have one, to get
external resolution.

 

[Herb Martin]

Hi:

We are having problem after we install DNS on an upgraded w2k network
(from
NT4). What happen was we used our external name space domain name when we
set
up the DNS. I think this is causing clients having problem accessing
network
resource (either cannot use them or it is responding very slow to
request).

Probably not. Slow is usually due to a misconfigure DNS
server (not a bad name choice) or misconfigured DNS clients.

See my summary below...

What is the best way to solve this?

First run DCDiag against each DC and run NetDiag against
some sampling of the clients that experience trouble.

Do I setup a child domain and move the computer and user accounts into it?

I wouldn't do this based on your current trouble report.

Internal users should be able to access even your Internet
resources (e.g., web server) as long as they use the FULL
NAME (e.g., www.yourcompany.com and not just
yourcompany.com which is also used by the DCs.)

Would I be better off install a new forest on another domain controller
and
blow away the first one?

Probably not.

Our network is small and have only about 30 user accounts.
Any help or suggestions are appreciated.

--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]