New to DNS

[Guest]

Confused:

I am running a windows 2003 environment with ad and integrated dns. When I
run queries from the DNS console(monitoring tab) they fail. I have recently
switched to two new external dns servers. I have made the necessary changes
in the dns console and within dhcp. When I run ipconfig/all from the server
and client(s)the correct entries appear. We are able to access dns names
inside the corp. and outside websites with no problems.

1.)When I run nslookup on the internal ip address of my dns server it comes
back with the ip address and dns name of the external server….is this
correct?

When I run nslookup on the ip address or on the dns server name I either get
the external dns or Domain not found reply. I have added a reverse lookup
zone pointing to my internal dns server, yet nslookup indicates that this is
not happening.

2.) When I run the queries…… what exactly are they checking….The internal ip
address of the internal dns server?

Could really use some advice…….

 

[Ace Fekay [MVP]]

In

Confused:

I am running a windows 2003 environment with ad and integrated dns.
When I run queries from the DNS console(monitoring tab) they fail. I
have recently switched to two new external dns servers. I have made
the necessary changes in the dns console and within dhcp. When I run
ipconfig/all from the server and client(s)the correct entries appear.
We are able to access dns names inside the corp. and outside websites
with no problems.

1.)When I run nslookup on the internal ip address of my dns server it
comes back with the ip address and dns name of the external
server..is this correct?

When I run nslookup on the ip address or on the dns server name I
either get the external dns or Domain not found reply. I have added a
reverse lookup zone pointing to my internal dns server, yet nslookup
indicates that this is not happening.

2.) When I run the queries.. what exactly are they checking..The
internal ip address of the internal dns server?

Could really use some advice...

Actually, with an AD network, all domain members (DCs, clients and servers),
need only use your internal DNS server(s) only. Reason why, is AD stores
it's resources and service locations in DNS in the form of SRV records
(those folders with the underscore in them). They are used for a multitude
of things, such as finding the domain when a client logons, domain
replication from one DC to another, authentication, and more. To illustrate,
if a client queried the external DNS server with a query such as, "Where is
my domain", will that server have the answer? NO.

That's also the reason why it's resolving your external address.

Recommendation: Point all machines only to the internal servers, and
configure a forwarder to your ISP's DNS. This way all machines query your
DNS and if it doesn;'t have the answer, it asks outside. If the forwarding
option is grayed out, delete the root zone, (it looks like a period),
refresh the console, and try again. If not sure how to configure this, this
article will guide you thru it:
http://support.microsoft.com/?id=300202



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.