Help with DNS Forwarders

[joking]

Hi,

I am setting up my windows 2000 Advanced server at the office.

Here is a little idea about my network structure.

I have a Linux machine acting as a firewall.
This machine is connected to the internet directly and connected to
another machine (windows 2000 server ).

I am trying to set up a DNS forwarder from the windows machine to the
linux,
but the checkbox is disabled.

I read that deleting the "." from the zone list will solve the problem,
but will it affect anything ?

N.B.: whenever trying to delete this "." zone, i get this warning
message: Warning ! Deleting the root zone will delete it also from the
Active Directory ...........

Should i continue or not ?

Thank you

 

[Danny Sanders]

I read that deleting the "." from the zone list will solve the problem,

but will it affect anything ?

The only thing it will affect is your ability to enable forwarders. It will
let you.

I am trying to set up a DNS forwarder from the windows machine to the
linux,

If you want to forward to the Linux machine delete the "." forward lookup
zone.

hth
DDS W 2k MVP MCSE

 

[Frankster]

Just to add to Danny's reply... if you don't like what it "does" (really,
should be no problem) you can always just add it back. Easy.

This is a very common question here and a very common first obstacle to many
folks when setting up a DNS server.

-Frank

 

[Ace Fekay [MVP]]

In

Hi,

I am setting up my windows 2000 Advanced server at the office.

Here is a little idea about my network structure.

I have a Linux machine acting as a firewall.
This machine is connected to the internet directly and connected to
another machine (windows 2000 server ).

I am trying to set up a DNS forwarder from the windows machine to the
linux,
but the checkbox is disabled.

I read that deleting the "." from the zone list will solve the
problem, but will it affect anything ?

N.B.: whenever trying to delete this "." zone, i get this warning
message: Warning ! Deleting the root zone will delete it also from the
Active Directory ...........

Should i continue or not ?

Thank you

To reiterate Danny and Frankster's response, yes, go ahead and delete it. No
problem.

To alleviate YOUR concerns, if any, here's a couple of articles to dwelve
into that explains it as well:

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
(forwarding) :
http://support.microsoft.com/?id=323380

300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000
(forwarding) :
http://support.microsoft.com/?id=300202

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

 

[joking]

Thank you all for your reply,
One more question.
I am having problem with the internet connection in my network. I have
connection on my server but not on my other computers.

Should i add the DNS of my ISP to the forwarders ?
Plz advice

 

[Ace Fekay [MVP]]

In

Thank you all for your reply,
One more question.
I am having problem with the internet connection in my network. I have
connection on my server but not on my other computers.

Should i add the DNS of my ISP to the forwarders ?
Plz advice

Did you delete the "." zone?

Can you be more specific with the problem you're having? What exactly is the
problem? How is the 'server' connected?

You described the Linux as having two NICs, one is connected to the ISP, and
the other to the 2000 server. How about the 2000 server? Does that have one
NIC or two?

If two NICs on the 2000 server, is the other NIC connected to the private
internal subnet? Or is only one NIC being used and it is in the same switch
as the workstations? If two NICs, is RRAS configured wtih NAT or is it
configured to route traffic? If routing, it could be a static route issue,
or lack of one on the Linux box. Has a static route been configured on the
Linux box describing the internal subnet?

From the server and workstations: Can you ping by a URL name? Can you ping
by IP address? Or not at all?

Can you provide an unedited "ipconfig /all" (copy and paste from CMD to your
reply please) from the 2000 server and a sample workstation please? An
ipconfig /all will give us a better 'view' of your network and is extremely
helpful.

Also, make sure that you remove the ISP's DNS from all internal machines.
Only use your internal DNS, and yes, I recommend a forwarder, and in your
case, I am assuming it will be the Linux box. Since the Linux box is your
firewall, make sure that .

Ace

 

[joking]

hi Ace Fekay,

I will tell what i ve done so far and the specs of my server.

Specs
--------
In the windows 2000 machine i have 2 NCs.
One is connected to the linux and the 2nd to the internal network.
1st network card specs
------------------------------
IP: 10.154.237.250
mask: 255.255.255.0
gateway: 10.154.237.250
DNS: 10.154.237.250

2nd network card specs
-------------------------------
IP: 10.5.72.2
mask: 255.255.255.0
gateway: 10.5.72.1 <-- IP of the linux
DNS: 10.5.72.1

Today i deleted the "." zone and i added the IP of the linux 10.5.72.1
as a forwarder

------------------------------------------------
From the SERVER i can ping googl.com and i can access the webpage.
But i cannot do it from my other PCs.
......
One interresting thing i found out today is the following.
From the server i can ping any machine BUT i cannnot access it.

EX: i can ping 10.154.237.104 ( My machine IP )... but i cannot access
it \\10.154.237.104

The error msg given is: 'No logon server detected' ( or smthg like this
)

I appreciated your help

 

[Kevin D. Goodknecht Sr. [MVP]]

hi Ace Fekay,

I will tell what i ve done so far and the specs of my server.

Specs
--------
In the windows 2000 machine i have 2 NCs.
One is connected to the linux and the 2nd to the internal network.
1st network card specs
------------------------------
IP: 10.154.237.250
mask: 255.255.255.0
gateway: 10.154.237.250
DNS: 10.154.237.250

2nd network card specs
-------------------------------
IP: 10.5.72.2
mask: 255.255.255.0
gateway: 10.5.72.1 <-- IP of the linux
DNS: 10.5.72.1

Today i deleted the "." zone and i added the IP of the linux
10.5.72.1 as a forwarder

------------------------------------------------
From the SERVER i can ping googl.com and i can access the webpage.
But i cannot do it from my other PCs.
.....
One interresting thing i found out today is the following.
From the server i can ping any machine BUT i cannnot access it.

EX: i can ping 10.154.237.104 ( My machine IP )... but i cannot access
it \\10.154.237.104

An ipconfig /all would have given a better picture, because it gives all the
relevant information.
That said, this is apparently a couple of problems. You cannot use the Linux
for DNS on any interface in TCP/IP properties, if this is Active Directory,
use the Linux only as a forwarder.
The likely issue with Network Places in the binding order of the NIC. Click
on Network Places with your right mouse button, choose properties, in the
Windows that opens (Network Connections) in the Advanced Menu select
Advanced settings, move the internal Connection to the top of the
Connections pane and make sure Files sharing and Client for MS Networks is
enabled.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Ace Fekay [MVP]]

In

hi Ace Fekay,

I will tell what i ve done so far and the specs of my server.

Specs
--------
In the windows 2000 machine i have 2 NCs.
One is connected to the linux and the 2nd to the internal network.
1st network card specs
------------------------------
IP: 10.154.237.250
mask: 255.255.255.0
gateway: 10.154.237.250
DNS: 10.154.237.250

2nd network card specs
-------------------------------
IP: 10.5.72.2
mask: 255.255.255.0
gateway: 10.5.72.1 <-- IP of the linux
DNS: 10.5.72.1

Today i deleted the "." zone and i added the IP of the linux
10.5.72.1 as a forwarder

------------------------------------------------
From the SERVER i can ping googl.com and i can access the webpage.
But i cannot do it from my other PCs.
.....
One interresting thing i found out today is the following.
From the server i can ping any machine BUT i cannnot access it.

EX: i can ping 10.154.237.104 ( My machine IP )... but i cannot access
it \\10.154.237.104

The error msg given is: 'No logon server detected' ( or smthg like
this )

I appreciated your help

As Kevin said, an ipconfig /all would have been much better for us and less
typing on your part.

The internal NIC on the server has a gateway. This MUST be removed. A
machine can only have one default gateway, which should be on the NIC
connected to the outside world.

Do you have the server configured for Routing or for NAT? (This questions is
VERY important).

Ace

 

[Ace Fekay [MVP]]

In

hi Ace Fekay,

I will tell what i ve done so far and the specs of my server.

Specs
--------
In the windows 2000 machine i have 2 NCs.
One is connected to the linux and the 2nd to the internal network.
1st network card specs
------------------------------
IP: 10.154.237.250
mask: 255.255.255.0
gateway: 10.154.237.250
DNS: 10.154.237.250

2nd network card specs
-------------------------------
IP: 10.5.72.2
mask: 255.255.255.0
gateway: 10.5.72.1 <-- IP of the linux
DNS: 10.5.72.1

Today i deleted the "." zone and i added the IP of the linux
10.5.72.1 as a forwarder

------------------------------------------------
From the SERVER i can ping googl.com and i can access the webpage.
But i cannot do it from my other PCs.
.....
One interresting thing i found out today is the following.
From the server i can ping any machine BUT i cannnot access it.

EX: i can ping 10.154.237.104 ( My machine IP )... but i cannot access
it \\10.154.237.104

The error msg given is: 'No logon server detected' ( or smthg like
this )

I appreciated your help

By the way, which netwrok card is connected to the Linux network, the one
with 10.5.72.2? If so, this is the only card to have a gateway. The other
one should have no gateway. But now I look at the other card, which has the
10.154.237.250 address, the gateway is the same IP. Why was a gateway
specified and why was itself specifiied? -->>>>>This is the one I
believe that should be removed.

Also, repeating my question, is the server configured for Routing or for
NAT?

As for the connection attempt, my first guess is the presence of an internal
gateway is probably causing the issue.

Ace