DNS, Internet Connectivity



I have three Domain Controllers in one domain; a Windows 2000 server as my
FSMO, DNS and DHCP server, a backup 2000 DC for user authentications and
applications and a 2003 server as a Terminal Services server.
I am having connectivity drops to an Application Services Provider. Most of
my users access their applications via Http, Https, Citrix and SSH.
They are blaming our connectivity issues on my DNS settings.
I have all Three DC's setup as Active Directory Integrated with the main
Windows 2000 DC Forwarders set to our T1's DNS servers and the other two DC's
forwarding to the first server.
Any help or advice on this matter would be deeply appreciated.
Does Microsoft have any Network Monitoring Tools that I can use to see if my
configurations are causing the problem?
Thank you.


Shouldn't all three Integrated DCs (DNS servers) forward to the same place?
Normally your router or the ISP designated DNS servers?

What is in the TCP/IP properties of your DNS clients (including your server
DNS clients)?

Perhaps an IPCONFIG /ALL from the servers and clients would help diagnose



Thank you for your reply.
The 2003 and 2000 BDC servers have the Windows 2000 DC with the FSMO roles
as the DNS and WINS server.
Perhaps the 2003 and BDC should be setup as Standard Primary?
I thought if all the servers had the ISP's DNS servers listed, the names
would be resolved by three separate servers?
I appreciate your feedback.


Your DNS clients (including the server DNS client side) will only use one
DNS server - the one it can contact and get a reply). The only reason you
include more than one in your TCP/IP properties is so that if one is not
able to be contacted it will revert to the next. These entries should all be
IPs on your LAN side and not be the DNS provided by your ISP (should be your
LAN DNS server IPs).

It is important to distinguish between a DNS server's *forwarder* and a DNS
client's multi-DNS entry. They perform totally different functions.

Again, am IPCONFIG /ALL from your servers as well as a connected client
would probably prove valuable.

Off hand, it sounds like your ISP may be right and that you may have a DNS



First of all, you don't need forwarders at all. You would add a forwarder to
a local DNS server to offload recursive Internet lookups to your ISP's DNS
server. But your own server is perfectly capable of resolving both internal
and Internet names all by itself.

I'm perplexed by your reply to Frank. Your local DNS servers should either
be AD integrated or secondaries to your designated authoratative AD DNS
server. AD Integrated is the easiest, but note that Server 2003 does some
things differently. If you have 3 DNS servers, I would make the 2 W2K
servers AD Integrated zones, and the W2K3 a secondary zone.

If you want to forward to your ISP, that is done in the server settings, not
in the TCP/IP properties. Local computers (both servers and workstations) in
an AD domain should point ONLY to your local DNS servers for resolution on
their TCP/IP properties page. If you point them to you ISP as an "alternate"
(not a forwarder), they will attempt to use that only if the "preferred" DNS
server does not reply. They will not query the preferred and then query the
alternate if a name does not resolve. If the preferred answers "NX DOMAIN",
it accepts that and the query ends right there. Alternate DNS servers should
be your other local DNS servers. Otherwise, if for some reason a computer
uses your ISP's DNS server it will not be able to resolve local names and


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads