Problem resolving local FQDN

[Guest]

Its been a long time since I was working with DNS...
My issue.. x2 Win2k AD Dom controllers.Server1 & Server2.
The DNS was setup way before my time on Server2, it has no forwarder DNS to
the internet ( greyed out) and appears to dynamically resolve all the XP
systems fine when looking in the forward lookup zones.
Server2 has its local DNS pointing to the external DNS Ip and the internet
works.
Server1 has the DNS set to Server2 only and cannot see the internet..
Server1 can ping Server2.mydomain.com but Server2 cannot ping
server1.mydomain.com... A NSlookup on Server2 tries to resolve via the web..
If this makes any sense and someone can help me get Server1 to browse the
web using Server2 as its only DNS..

Thanks
Barry



It is

 

[Steve Duff [MVP]]

Your description is a little confusing so I may have this wrong, but have you checked that you do not have a root zone in one of
these servers? That would explain the symptoms I think you've described.

If you want to forward, you have to delete any root (.) zone so your DNS doesn't think it is authoritative for the universe and will
then forward or recurse queries it can't answer.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

 

[Guest]

Hi Steve, "it was confusing" sorry.
but yes I do have the . root zone
I will delete it and check it in the morning.. (Wednesday)
Thanks for assisting..
B

 

[Guest]

I removed the root . but the DNS server2 still is unable to ping
server1.domain.com and server1 has no internet access when its primary DNS is
server2.

 

[Herb Martin]

Original message:

Its been a long time since I was working with DNS...
My issue.. x2 Win2k AD Dom controllers.Server1 & Server2.
The DNS was setup way before my time on Server2, it has no forwarder DNS to
the internet ( greyed out) and appears to dynamically resolve all the XP
systems fine when looking in the forward lookup zones.
Server2 has its local DNS pointing to the external DNS Ip and the internet
works.

This is wrong. All internal DNS clients -- and DCs are very definitely
DNS clients too -- must point STRICTLY at the internal DNS server (set).

This really applies to all internal machines.

Server1 has the DNS set to Server2 only and cannot see the internet..
Server1 can ping Server2.mydomain.com but Server2 cannot ping
server1.mydomain.com... A NSlookup on Server2 tries to resolve via the web..
If this makes any sense and someone can help me get Server1 to browse the
web using Server2 as its only DNS..

I removed the root . but the DNS server2 still is unable to ping
server1.domain.com and server1 has no internet access when its primary DNS is
server2.

It's due to having the client DNS settings incorrect on this server.


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]