Hi David.
Most definitely your problem is DNS from the description of your
configuration. You need to configure your domain controller to forward to
your ISP DNS servers as described below and you may have to remove the root
zone if it is present because if it is you will not be able to configure
forwarding. You need to disable DHCP on your firewall if used and configure
it on your domain controller and configure the DHCP scope to point to the
domain controller as DNS servers and use your firewall/router as the default
gateway. The domain controller must have a static IP address. The support
tools are on the install disk for the operating system in the support/tools
folder where you have to run the setup program there to install the set of
support tools. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;300429&sd=tech ---
how to configure DHCP.
To Remove the Root DNS Zone
1. In DNS Manager, expand the DNS Server object. Expand the Forward
Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.
Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS
requests to external servers. If a DNS server cannot find a resource record
in its zones, it can send the request to another DNS server for additional
attempts at resolution. A common scenario might be to configure forwarders
to your ISP's DNS servers.
To Configure Forwarders
1. In DNS Manager, right-click the DNS Server object, and then click
Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want
to forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you
want to forward.
David Kerber said:
Given your description, DNS could be the problem; I'll take a look and
post back.
Right now, my network's firewall machine is set as the DNS server for
all machines on the in-house network, including the domain controller.
Only the firewall machine looks at the ISP DNS servers for resolution
when something isn't in its own cache.
A couple of questions:
If the DC points to itself for DNS, how do I tell it where to
forward requests for addresses not in its domain (outside world
addresses, that is)?
Where can I find the netdiag tool? It's not being found on either
my client or the domain server.
Thanks!