help with dns

[John Felts]

First off, I dont know DNS well. Hopefully this will be a quick answer to
what my problem is however. I'm running a Win2K Advanced Server with XP / 2K
machines connecting to the domain. A firewall running NAT. I had problems
with 2K machines logging into the server taking too long because the clients
werent setup to have the domain server as a DNS server as well. I recently
added that, and all seems to be working but i'm getting odd thing in
nslookup when I check external domains. For instance, if I do a nslookup on
yahoo.com it will show as mycompany.com as the name, and yahoo.mycompany.com
as the alias.

One thing to add I also have an odd configuration where my web hosting is
external, and the domains match. So, mycompany.com is offsite, and my domain
is mycompany.com as well. I simply added a forward lookup zone of www on my
local server so users could connect to the external www.mycompany.com

Any help appreciated,

-John

 

[Kevin D. Goodknecht [MVP]]

In

First off, I dont know DNS well. Hopefully this will be a quick
answer to what my problem is however. I'm running a Win2K Advanced
Server with XP / 2K machines connecting to the domain. A firewall
running NAT. I had problems with 2K machines logging into the server
taking too long because the clients werent setup to have the domain
server as a DNS server as well. I recently added that, and all seems

All members of an AD domain must use only tour local AD DNS server, no ISP's
DNS in any NIC on any machine.

to be working but i'm getting odd thing in nslookup when I check
external domains. For instance, if I do a nslookup on yahoo.com it
will show as mycompany.com as the name, and yahoo.mycompany.com as
the alias.

This is what happens when there is a wildcard record used you need to remove
the wildcard record. If you have your ISP's DNS in your NIC it may be the
ISP or whoever holds the public zone that has the wildcard record.

One thing to add I also have an odd configuration where my web
hosting is external, and the domains match. So, mycompany.com is
offsite, and my domain is mycompany.com as well. I simply added a
forward lookup zone of www on my local server so users could connect
to the external www.mycompany.com

This is not an odd configuration it is pretty common, You could have just
added a host named www with the website IP to the local mycompany.com
forward lookup zone.

 

[John Felts]

In

All members of an AD domain must use only tour local AD DNS server, no ISP's
DNS in any NIC on any machine.

I want my ISP's DNS in the NICs in case my PDC goes down, then the users can
still access the internet and mail server ok.

This is what happens when there is a wildcard record used you need to remove
the wildcard record. If you have your ISP's DNS in your NIC it may be the
ISP or whoever holds the public zone that has the wildcard record.

This only happens on local machines, and not on my local DNS server, so I
can assume the problem is in my configuration. Can you give an example of
where to look for a wildcard record? I'm unfamiliar with that.

This is not an odd configuration it is pretty common, You could have just
added a host named www with the website IP to the local mycompany.com
forward lookup zone.

Thanks again for the help, much appreciated.

-John

 

[Kevin D. Goodknecht [MVP]]

In

I want my ISP's DNS in the NICs in case my PDC goes down, then the
users can still access the internet and mail server ok.

If your local DNS goes down you will have more to worry about than internet
access, it won't take but a minute to add your ISP's DNS if necessary to
gain access to the internet. But it will cause many problems with your local
domain, you will not have access to your network using your ISP's DNS.

This only happens on local machines, and not on my local DNS server,
so I can assume the problem is in my configuration. Can you give an
example of where to look for a wildcard record? I'm unfamiliar with
that.

Since this only happens on your local machines then I'll bet the wildcard is
in your public zone. There is one way to test this use nslookup then change
he server to the authoritative DNS for your public domain then try
anyname.mycompany.com if it returns anyname.mycompany.com as an alias then
whoever set your zone up put in a wildcard CNAME record in the zone. It is
pretty easy to do but Wildcard records cause real headaches. Especially if
you are using your public DNS in your setup, it will make it nearly
impossible for your clients to access local resources because when your
clients are using your ISP's DNS no matter what name you put in it will
return the wildcard CNAME record.
I promise you it will fix your problems and make life a lot easier if you
only use your local DNS. Your local DNS is the only DNS that can resolve
your local domain, which is the only DNS that will resolve your domain
controllers SRV records, which is the only DNS that can resolve your local
network.

If you want this problem to go away remove your ISP's DNS from all NICs on
all machines, I am sure you have not added a wildcard record to your local
DNS zone because MSDNS does not allow the creation of wildcard records in
the GUI.

 

[John Felts]

Did some more research and found that I didnt have a reverse lookup zone for
my DNS server, or record. After creating these everything is peachy now.

Thanks for the help!