Help. DNS is driving me crazy

D

Dooma

I just upgraded to win2 from NT 4.0. I have a DHCP server and a 2K Domain
controller. On 2k controller, When I add my local DNS IP address in the
first order and my ISP DNS as the second choice, users can logon to the
domain but no Internet. When I put my ISP DNS IP address first and My local
DNS Ip address second, I can not see active directory but I can browse the
internet.


How can I use 2 DNS addresses at the same time to browse the Internet and
access AD?

Thanks in advance
 
P

Phil M.

I just upgraded to win2 from NT 4.0. I have a DHCP server and a 2K
Domain
controller. On 2k controller, When I add my local DNS IP address in
the first order and my ISP DNS as the second choice, users can logon
to the domain but no Internet. When I put my ISP DNS IP address first
and My local DNS Ip address second, I can not see active directory but
I can browse the internet.


How can I use 2 DNS addresses at the same time to browse the Internet
and access AD?
Click to expand...

In the Domain properties go to the forwarders tab, check "enable
forwarders," add the IP addresses for your ISP.

-Phil
 
C

Cary Shultz [A.D. MVP]

The only IP Address ( DNS ) that any of your clients should have ( Domain
Controllers, Member Servers, WIN2000/WINXP clients ) is your internal DNS.
There are no two-ways about this! Your ISP DNS IP addresses have no
business being anywhere except in the Forwarders tab. Period. Fix your
DHCP so that it gives out ONLY your internal DNS information.

Did you delete the "." zone in your Forward Lookup Zone?

HTH,

Cary
 
E

Enkidu

I just upgraded to win2 from NT 4.0. I have a DHCP server and a 2K Domain
controller. On 2k controller, When I add my local DNS IP address in the
first order and my ISP DNS as the second choice, users can logon to the
domain but no Internet. When I put my ISP DNS IP address first and My local
DNS Ip address second, I can not see active directory but I can browse the
internet.

How can I use 2 DNS addresses at the same time to browse the Internet and
access AD?
Click to expand...
Hi Dooma, Cary has given you the answer. The *reason* is that when a
client makes a DNS request of a server and the server responds it will
not try the second server on the list. Now the response may be "here
is the IP which belongs to that name" or the reponse may be "I can't
resolve that name". Even if the first server reponds with "I can't
reolve that name" the client has a response and doesn't check the
second DNS server.

If however the first server is down, then the second server will be
queried. This explains your results : the first server was responding
(with a result or with no result) and the second server was *never*
used.

As Cary said, configure your clients with *internal DNS server
addresses* only. Configure the internal DNS servers to point to
themselves for DNS in their NIC properties. Then configure your
internal DNS with the internal zones, and configure the internal DNS
to *forward* any request for the outside world to the ISP DNS servers.

Then when a client asks for resolution of an internal name the request
will be handled by the internal DNS, and when the client requests an
external name the request will go first to the internal DNS, which
will then query the ISP's DNS, get a response, and pass it back to the
client.

Cheers,

Cliff

(MVP)
 
D

Dave Shaw [MVP]

You can't.

Configure your clients to query your internal DNS only and configure your
internal DNS to forward to your ISP.

-ds
 
S

Someone

I Thank everyone that responded to this post. I had the
same problem, and I used the solution posted here to
solve my domain problem. It is now working fine. Thanks
to you all.
 
C

Cary Shultz [A.D. MVP]

Glad that we could be of service.

Cary

Someone said:
I Thank everyone that responded to this post. I had the
same problem, and I used the solution posted here to
solve my domain problem. It is now working fine. Thanks
to you all.
Click to expand...
 
D

Dooma

Yes. It is working fine now. Thanks.


Cary Shultz said:
The only IP Address ( DNS ) that any of your clients should have ( Domain
Controllers, Member Servers, WIN2000/WINXP clients ) is your internal DNS.
There are no two-ways about this! Your ISP DNS IP addresses have no
business being anywhere except in the Forwarders tab. Period. Fix your
DHCP so that it gives out ONLY your internal DNS information.

Did you delete the "." zone in your Forward Lookup Zone?

HTH,

Cary
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS Resolution 2
MS DNS redirect second level domain A record. 4
DNS error when using nslookup 4
NT4 Domain upgrade to Windows 2000 AD 4
DNS configuration 2
AD is not writing required DNS records to DNS 4
Cannot join domain...very odd 2
Problem with DC browsing another DC... 2

Top