ISP DNS server and Internal DNS server

D

David Quick

Hi
I have a new active directory. And the DNS server does not
work propley. I cannot add new computers to the domain etc
but old ones work (ones that could connect to the old
domain) still connect.The domain name is the same. The
problem im facing is that the DNS server in the TCP/IP is
set to my ISP's server not my servers IP number and my
servers DNS server is set to my ISP's DNS server not local
host 127.0.0.1. Any help would be very use full
 
H

Herb Martin

David Quick said:
Hi
I have a new active directory. And the DNS server does not
work propley. I cannot add new computers to the domain etc
but old ones work (ones that could connect to the old
domain) still connect.The domain name is the same. The
problem im facing is that the DNS server in the TCP/IP is
set to my ISP's server not my servers IP number and my
servers DNS server is set to my ISP's DNS server not local
host 127.0.0.1. Any help would be very use full
Click to expand...

Well, then change them. ALL of the internal machines, including
the DNS and DCs, should point their CLIENT NIC properties
to the internal DNS.

THEN if you wish, set the FORWARDER properties on the
DNS server to point to the externan DNS, e.g., ISP, server.
 
D

dave quick

thanks you i have fixed the problem now i have added a an
other DNS zone which is my ISPs Ip dns server and all the
internal machines DNS server points to my DNS server. but
the active directy still doesn;t work proply every time a
user connects i get a trust error in my event log. but the
user and computers are listed in the users and computers
on the domain.

thanks for your help
 
J

Jeff Cochran

I have a new active directory. And the DNS server does not
work propley. I cannot add new computers to the domain etc
but old ones work (ones that could connect to the old
domain) still connect.The domain name is the same. The
problem im facing is that the DNS server in the TCP/IP is
set to my ISP's server not my servers IP number and my
servers DNS server is set to my ISP's DNS server not local
host 127.0.0.1. Any help would be very use full
Click to expand...

So the problem is your client DNS is set to use the wrong server,
correct? And the reason you haven't changed them to use the correct
server is...? Well, I give up. Is there a reason you didn't change
them?

Jeff
 
H

Herb Martin

Almost all such problems (authentication & DC replication) are DNS based
problems.

Run DCDiag on EACH DC, save the results to a file and report (or fix) any
errors.

DNS must be dynamic.
Ever DC must point to (this) the dynamic DNS in it's OWN NIC properties.
So must ordinary clients.

If you changed any of the DCs or the DYNAMIC setting, restart "NetLogon"
server on each DC.
 
S

Shane Brasher

Hello All,

I have posted the below response several times before, as the steps may
seem very basic it still holds true as a very simple AD/DNS deployment.


Active Directory with DNS on the same server.

TCP/IP settings

1.)Right click "My network places" and select properties.
2.)For the LAN connection right click and select properties.
3.)On the properties page double click TCP/IP
4.)At the bottom of the protocols page select Preferred DNS Server option
and enter the IP address for the server itself.
5.)Click the advanced button. In the advanced setting make sure the
"Register this connection's address in DNS" selection is checked at the
bottom of the display.

DNS settings

1.)Open up the DNS console.
2.)Once opened, right click on the server in the right hand pane and select
properties.
3.)Once the properties page is up, select the "Forwarders" tab.
4.)Check the "Enable forwarders" selection at the top.
5.)Add the IP address of the DNS in which to forward requests. If this is
the only DNS , add the IP address for the ISP's DNS. (note- In the TCP/IP
settings, we selected the choice for DNS to point to itself. If name
resolution cannot be resolved then a request is made to the forwarders. If
resolution cannot be made via the internal DNS and there are no forwarders
listed, then resolution will be made via the root hints.)
6.)Click OK.
7.)Expand the "Forward Lookup Zones"
8.)If there is a folder with a dot "." listed then delete it. (note- This
indicates to the server that it is the root server, which means do not go
beyond this server for name resolution.)
9.)Right click the domain folder and select properties. Make sure that
"Allow dynamic updates is selected."

Close out the DNS console.

Open up a command prompt and type the following:

1.)At the prompt type ipconfig /flushdns and wait for the services to
flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

If you receive an error during this process go to control panel, admin.
tools, services. Make sure the DHCP client service is started, even if
they are not using DHCP they still need the service started. Once all of
this is done. Open the DNS console again. Expand the forward lookup zones,
then expand the domain folder. You should see the underscore folders below:

_msdcs
_sites
_tcp
_udp


Run Netdiag on the server with the /v switch for any errors.

301423 HOW TO: Install the Windows 2000 Support Tools to a Windows 2000
http://support.microsoft.com/?id=301423

Link to netdiag KB article.
321708 HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows
2000
http://support.microsoft.com/?id=321708




Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
A

Ace Fekay [MVP]

In
Shane Brasher said:
Hello All,

I have posted the below response several times before, as the steps
may seem very basic it still holds true as a very simple AD/DNS
deployment.


Active Directory with DNS on the same server.

TCP/IP settings

1.)Right click "My network places" and select properties.
2.)For the LAN connection right click and select properties.
3.)On the properties page double click TCP/IP
4.)At the bottom of the protocols page select Preferred DNS Server
option and enter the IP address for the server itself.
5.)Click the advanced button. In the advanced setting make sure the
"Register this connection's address in DNS" selection is checked at
the bottom of the display.

DNS settings

1.)Open up the DNS console.
2.)Once opened, right click on the server in the right hand pane and
select properties.
3.)Once the properties page is up, select the "Forwarders" tab.
4.)Check the "Enable forwarders" selection at the top.
5.)Add the IP address of the DNS in which to forward requests. If
this is the only DNS , add the IP address for the ISP's DNS. (note-
In the TCP/IP settings, we selected the choice for DNS to point to
itself. If name resolution cannot be resolved then a request is made
to the forwarders. If resolution cannot be made via the internal
DNS and there are no forwarders listed, then resolution will be made
via the root hints.)
6.)Click OK.
7.)Expand the "Forward Lookup Zones"
8.)If there is a folder with a dot "." listed then delete it. (note-
This indicates to the server that it is the root server, which means
do not go beyond this server for name resolution.)
9.)Right click the domain folder and select properties. Make sure
that "Allow dynamic updates is selected."

Close out the DNS console.

Open up a command prompt and type the following:

1.)At the prompt type ipconfig /flushdns and wait for the
services to flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

If you receive an error during this process go to control panel,
admin. tools, services. Make sure the DHCP client service is
started, even if they are not using DHCP they still need the service
started. Once all of this is done. Open the DNS console again.
Expand the forward lookup zones, then expand the domain folder. You
should see the underscore folders below:

_msdcs
_sites
_tcp
_udp


Run Netdiag on the server with the /v switch for any errors.

301423 HOW TO: Install the Windows 2000 Support Tools to a Windows
2000 http://support.microsoft.com/?id=301423

Link to netdiag KB article.
321708 HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in
Windows 2000
http://support.microsoft.com/?id=321708




Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no
rights.
Click to expand...

Nice post Shane. Going to archive it incase someone else needs it!
:)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New DNS server 4
Dns Server on windows 2000 8
DNS server cannot do query suddenly 2
New office - DNS server set up question 6
best practice dns 5
DNS Forwarding Not Work 2
Cannot contact other DNS Server 6
DNS Configuration 1

Top