Yes, it has a second entry. it's pointing to our T1 provider - a
216.127.X.X
AD clients MUST point to the AD DNS server ONLY.
Point ALL AD clients to the DNS server set up for your AD domain ONLY.
Point your AD DNS server to itself in the properties of TCP/IP. During logon
the proper SRV records from the DCs will get registered on the DNS server.
You may have to relog in or re start your server so the SRV records get
registered when the netlogon service runs.
Check to see if they are listed:
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;241515
These SRV records MUST be found by AD clients. Pointing AD clients to *any*
*other* DNS server (even as a second entry) WILL cause problems. The reason
being, your ISP is not going to allow your AD servers to register themselves
on their DNS server, nor do you want your private internal DNS records
exposed to the world by registering them on a public DNS server.
For Internet access, either set up your AD DNS server to forward requests
and list your ISP's DNS server(s) as the forwarders (This is the ONLY place
on your AD domain your ISP's DNS servers should be listed) or you can use
root hints.
Those 2 links I originally sent explain how to set up DNS to work properly
within your AD domain and how to get Internet access. Follow them closely,
it is not stated *anywhere* in those articles that you add your ISP's DNS
server as the second DNS server on AD clients.
Once you fix DNS you may have to run ipconfig /flushdns followed by ipconfig
/registerdns.
hth
DDS W 2k MVP MCSE