DNS

[John Hedley]

Introduction: I'm MCSA mostly because the AD portion of MCSE was irrelevant
to my clientele (until now) and unbelievably dense- I found organic
chemistry easier than the 1561 class. Here's the situation:

Small company with an externally hosted domain name simulated.com. This is
hosted by a leading hosting company and provides them with linux server
running apache and sendmail. They are not, for good reason, interested in
hosting email or web.

They recently acquired a poweredge server with 10 licenses as part of an
upgrade in their infrastructure. Previously they were running PII's with
Win98 under a workgroup situation. They are now running mostly PIII and IV
with Win2K loaded on them. The server was the last phase and until it went
into production they were using the same workgroup configuration.

The network is a single node lan with a layer 2 switch connected to a SOHO
firewall connected to a ZyXEL dsl modem in bridge mode. They have a static
IP dsl line but are so far from their CO that the aren't getting much past
256 up and down (hence no hosting of email and web).

They elected to go with active directory on their new server. Their
in-house tech, who also happens to be the owner's son, chose to go with a
domain name of, you guessed it, simulated.com.

He created his AD with little incident with the server name being
DOMAINC.simulated.com. He appears to have set up the server with a proper
DNS configuration with forwarders for proper access to the public internet-
except, of course, his own domain. When he discovered he couldn't get email
from the pop server (which is just simulated.com not mail.x or pop.x etc.)
and couldn't access his website or the control panel for that site he did
what came logically: he created a 'same as parent folder' Host record in his
forward lookup zone that points to his externally hosted server.

Now he can get web access and email on his server, so he's happy.

Now comes the part where he and Dad call me in a panic: He can't get any of
his computers or users to join the domain. Every time he runs the Network
ID Wizard he gets the following error on the Computer Domain window:

*The domain name "LLBSIM.COM" is either invalid or does not exist*

Here's what I've tried under the assumption it's a DNS issue:

+created the computer account manually
+flushed the dns cache on the local machine
+removed the Host record pointing the the externally hosted server
+added a SRV IP record pointing to the ldap service being hosted on
DOMAINC.simulated.com.

At this point I gave up and started googling but, honestly, I have no idea
what terminology I should be searching. Searching the error message usually
points me to posts that cite the two KB articles on configuring DNS for
public internet access.

His Forward Lookup Zone has the following records (the server has two NICs
both configured identically expect, of course, for static address):

Record 1

Name: (same as parent folder)
Type: Start of Authority
Data: [3], domainc.simulated.com,admin.teamb.net

Record 2

Name: (same as parent folder)
Type: Name Server
Data: domainc.simulated.com.

Record 3

Name: domainc
Type: Host
Data: 192.168.1.50

Record 4

Name: domainc
Type: Host
Data: 192.168.1.60

Record 5

Name: (same as parent folder)
Type: Host
Data: xxx.xxx.xxx.xxx

I have tested and can ping simulated.com at the xxx.xxx.xxx.xxx address
properly and the server is resolving all addresses properly.

What is the solution to my dilemma? Besides scrapping the existing
architecture and adopting a different domain name?

 

[Ace Fekay [MVP]]

Nice long post, but I'll try to summarize with one question. Are the
machines also including the external DNS server in their IP properties? If
so, they need to be removed and configure a forwarder for efficient Internet
resolution. It maybe trying to query the external DNS for that domain name's
LDAP services, which it does not have an answer for, so the need to point to
your own DNS that's hosting the AD zone is essential in an AD
infrastructure, no matter how small.

Here's how to configure a forwarder. If the option is grayed out, delete the
root zone. This will show how:
http://support.microsoft.com/?id=300202

Here's more info on DNS and AD's requirements:
http://support.microsoft.com/?id=291382

Here's an AD and DNS troubleshooting guide:
http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================



In

Introduction: I'm MCSA mostly because the AD portion of MCSE was
irrelevant to my clientele (until now) and unbelievably dense- I
found organic chemistry easier than the 1561 class. Here's the
situation:

Small company with an externally hosted domain name simulated.com.
This is hosted by a leading hosting company and provides them with
linux server running apache and sendmail. They are not, for good
reason, interested in hosting email or web.

They recently acquired a poweredge server with 10 licenses as part of
an upgrade in their infrastructure. Previously they were running
PII's with Win98 under a workgroup situation. They are now running
mostly PIII and IV with Win2K loaded on them. The server was the
last phase and until it went into production they were using the same
workgroup configuration.

The network is a single node lan with a layer 2 switch connected to a
SOHO firewall connected to a ZyXEL dsl modem in bridge mode. They
have a static IP dsl line but are so far from their CO that the
aren't getting much past 256 up and down (hence no hosting of email
and web).

They elected to go with active directory on their new server. Their
in-house tech, who also happens to be the owner's son, chose to go
with a domain name of, you guessed it, simulated.com.

He created his AD with little incident with the server name being
DOMAINC.simulated.com. He appears to have set up the server with a
proper DNS configuration with forwarders for proper access to the
public internet- except, of course, his own domain. When he
discovered he couldn't get email from the pop server (which is just
simulated.com not mail.x or pop.x etc.) and couldn't access his
website or the control panel for that site he did what came
logically: he created a 'same as parent folder' Host record in his
forward lookup zone that points to his externally hosted server.

Now he can get web access and email on his server, so he's happy.

Now comes the part where he and Dad call me in a panic: He can't get
any of his computers or users to join the domain. Every time he runs
the Network ID Wizard he gets the following error on the Computer
Domain window:

*The domain name "LLBSIM.COM" is either invalid or does not exist*

Here's what I've tried under the assumption it's a DNS issue:

+created the computer account manually
+flushed the dns cache on the local machine
+removed the Host record pointing the the externally hosted server
+added a SRV IP record pointing to the ldap service being hosted on
DOMAINC.simulated.com.

At this point I gave up and started googling but, honestly, I have no
idea what terminology I should be searching. Searching the error
message usually points me to posts that cite the two KB articles on
configuring DNS for public internet access.

His Forward Lookup Zone has the following records (the server has two
NICs both configured identically expect, of course, for static
address):

Record 1

Name: (same as parent folder)
Type: Start of Authority
Data: [3], domainc.simulated.com,admin.teamb.net

Record 2

Name: (same as parent folder)
Type: Name Server
Data: domainc.simulated.com.

Record 3

Name: domainc
Type: Host
Data: 192.168.1.50

Record 4

Name: domainc
Type: Host
Data: 192.168.1.60

Record 5

Name: (same as parent folder)
Type: Host
Data: xxx.xxx.xxx.xxx

I have tested and can ping simulated.com at the xxx.xxx.xxx.xxx
address properly and the server is resolving all addresses properly.

What is the solution to my dilemma? Besides scrapping the existing
architecture and adopting a different domain name?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory