Name resolution issue

[CAMC1]

Hi,

We use windows 2000 SP4 Active directory domain.
Accessing servers, shares, SQL, internet is no problem
Usually, on XP pro (SP2) computers, I have problem pinging a server just
outside the firewall
(Which has A Public record)

I can ping using IP no problem, I can not using A record.
If I modify local "hosts" file to add A record, then it works.

If I try to put A record to my DNS FWD lookup zone, doesn't help

Am I missing anything here?

Thanks
MC

 

[esowash]

Sounds like you're doing everything right....are you flushing your
local DNS cache after adding the record to your DNS zone?

 

[Herb Martin]

Hi,

We use windows 2000 SP4 Active directory domain.
Accessing servers, shares, SQL, internet is no problem
Usually, on XP pro (SP2) computers, I have problem pinging a server just
outside the firewall
(Which has A Public record)

I can ping using IP no problem, I can not using A record.
If I modify local "hosts" file to add A record, then it works.

If I try to put A record to my DNS FWD lookup zone, doesn't help

Am I missing anything here?

Yes.

How do we know?

If you can ping by IP then clearly you can ROUTE.

If you add a name to the forward lookup zone (in which your clients live)
of your server then clearly it MUST resolve if their DNS is setup correctly.

Therefore when you combine the two, it must work.

So something is missing. Did you put the name in the SAME zone as the
clients Domain/Zone? IF not what zone did you use?

Did you specify the full name in the Ping? I.e.,, ping server.domain.com ?
If not, do you get different results when you specify this than when you
don't
specify it? (That is likely just a misunderstanding of appending suffixes
automatically.)

What specifically happens when you do the ping? What happens when you
use NSLookup to look up this name from YOUR SPECIFIC DNS server?

From client:
nslookup server.domain.com DNS.Server.IP.Address

You must NOT include any external DNS servers on you DNS client NIC->
IP settings.

 

[CAMC1]

I did not flush local DNS cache.
Server that I am trying to ping is outside of the firewall which has public
IP address and a Record on the internet
(record is kept for our domain zone at BELL webhosting which is pointing to
public IP)

problem is pinging from inside our LAN, by full DNS record name.

I can can ping any resource inside and oustide our LAN but this one.

then I tried to add our LAN, DNS servers forward lookup zones as the first
part of the A record
example: on the internet A record is myserver.mydomain.com, on my local
DNS zone, a record for myserver --> Public IP#

Nothing different than any other setup I have done.

MC

 

[Herb Martin]

I did not flush local DNS cache.
Server that I am trying to ping is outside of the firewall which has
public
IP address and a Record on the internet
(record is kept for our domain zone at BELL webhosting which is pointing
to
public IP)

problem is pinging from inside our LAN, by full DNS record name.

I can can ping any resource inside and oustide our LAN but this one.

Can you ping it by address? (Just to prove it would answer IF you could
resolve the name).

Once you know that it is a DNS problem, your testing should generally
switch to NSLookup.

Prove that EACH DNS server in the chain (use by DNS clients, forwarded
to by internal DNS servers, etc) can resolve the record.

then I tried to add our LAN, DNS servers forward lookup zones as the first
part of the A record
example: on the internet A record is myserver.mydomain.com, on my local
DNS zone, a record for myserver --> Public IP#

What do you mean you "tried" to add the record. If you use MyDomain.com
AND you add the record with the name MYSERVER it will then resolve
as MyServer.MyDomain.Com when that DNS Server is queried -- or when
any DNS server that replicates with this DNS server OR which can find this
DNS server/zone is queried.

Nothing different than any other setup I have done.

What happens when you type:

nslookup myserver.mydomain.com IP.Your.DNS.Server

If this fails to return the answer you didn't add it (or it has subsequently
been
deleted) OR you client can't query that DNS server.

Check EVERY DNS server (as "yourDNSServer") listed in the CLIENT "IPconfig
/all"
-- they must ALL return the same answers.

Internal (domain) computers must be set to use STRICTLY
the INTERNAL DNS Server (set) which can resolve the DCs
and other internal resources, on all interfaces.

 

[CAMC1]

Here is more detailed info:
I put a host record in mydomain local DNS forward lookup zone for
myserver --> IP Addresss (Which this IP is public, and and server is
outside my local domain)

ping Myserver PublicIP, no problem
ping myserver Name works no problem
ping myserver.mydomain.com can not ping,

So for some reason, in my LAN, my DNS servers can not interpet
myserver is actually same as myserver.ozoptics.com

Myserver has a public record, which I can ping from ouside of my LAN
MC

 

[CAMC1]

I think this was somewhat SYNC issue between 2 DNS servers. Seem to work
now.
Thanks
MC

 

[Herb Martin]

Here is more detailed info:
I put a host record in mydomain local DNS forward lookup zone for

Give the name precisely. You say above "mydomain local" -- I cannot
tell whether you used just "mydomain", "mydomain.local", "mydomain.com"
or something else -- belong you try "mydomain.com not local.

myserver --> IP Addresss (Which this IP is public, and and server is
outside my local domain)

ping Myserver PublicIP, no problem

Likely you machines DNS Suffix(es) were appending giving something
like MyServer.mydomain.local (or whaterver zone you placed the
record within.)

ping myserver Name works no problem

Case doesn't matter -- so this is samer as previous.

ping myserver.mydomain.com can not ping,

And if you didn't put it in mydomain.com this might be normal.

What zones do you have INTERNALLY?

How do you resolve external names? (forwarding?)

So for some reason, in my LAN, my DNS servers can not interpet
myserver is actually same as myserver.ozoptics.com

Of course not. It is either in that zone or not. You either give it that
zone or not (and if not, you machine either provides that suffix
automatically
OR NOT.)

Myserver has a public record, which I can ping from ouside of my LAN
MC

In general DNS only provides names of the form NAME + .DOMAIN.com
in some SPECIFIC zone.

DNS names are always resolved by DNS servers using the full name.