DNS on W2k Advanced Server

Archived from groups: microsoft.public.win2000.dns (More info?)

Our LAN failed yesterday.
I was able to connect just fine to the internet, but no
login or local network was available.

I was puzzled by this, because the consultants to the
network admin say it is a problem with the ISP.

In reviewing my understanding of LANs, I concluded that the
network configuration is wrong. Noticing that I have a two
DNS numbers in my local workstation pointing to external
servers, its no wonder.

In looking here (newsgroup) I see that the Domain
Controller should have its DNS settings pointing to itself
(our Server is 192.168.0.9) and the first DNS setting on
each workstation should be this DNS number. That way if
the ISP burps or terminates, the LAN is still operating,
unlike what happened yesterday.

The network consultant tells our netadmin that our Advanced
Server is not set up as a DNS server. Yet we are operating
in Active Directory. How is this possible?

And, where should I go from here? I do not want this
happening again. (network down, internet up)
5 answers Last reply
More about advanced server
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Jim Muir" <jpmuir@ibh.org> wrote in message
    news:201ba01c45877$b7704fc0$a001280a@phx.gbl...
    > Our LAN failed yesterday.
    > I was able to connect just fine to the internet, but no
    > login or local network was available.
    >
    > I was puzzled by this, because the consultants to the
    > network admin say it is a problem with the ISP.

    That is foolish on it's face - unless the DCs are all beyond the
    ISP (e.g., branch office to the ISP to the main office) then the
    ISP can have NOTHING to do with your problem.

    Fire the consultant -- or send him back to the work for which he
    was actually hired and qualified.

    (Really, that is just plain silliness from someone who is SELLING
    his expertise -- perfectly fine for a beginning admin who is seeking
    help of course.)

    > In reviewing my understanding of LANs, I concluded that the
    > network configuration is wrong. Noticing that I have a two
    > DNS numbers in my local workstation pointing to external
    > servers, its no wonder.

    Correct. All internal clients much point ONLY to internal DNS
    servers when you have such servers.

    > In looking here (newsgroup) I see that the Domain
    > Controller should have its DNS settings pointing to itself
    > (our Server is 192.168.0.9) and the first DNS setting on
    > each workstation should be this DNS number.

    Not just first but all -- if you have more than one DNS server
    then more than one can be listed but do NOT list the ISP DNS
    on the clients.

    Clients include the servers, DNS/DCs/etc, so the rule is simplified
    once you realize that client NIC settings apply to all internal machines.

    > That way if
    > the ISP burps or terminates, the LAN is still operating,
    > unlike what happened yesterday.

    True but that is not the reason. The reason is that the ISP has
    no knowledge of the internal DNS servers (most of the time) and
    cannot help resolve those names (presumably through firewall
    filters) anyway.

    > The network consultant tells our netadmin that our Advanced
    > Server is not set up as a DNS server. Yet we are operating
    > in Active Directory. How is this possible?

    Badly. <grin>

    You must have an INTERNAL DNS server which contains a
    zone corresponding to you AD domain name and which is
    DYNAMIC.

    It does not have to be "on the DC" but that is the most common
    location for the DNS server(s).

    The zone much be dynamic, and all clients must point their
    NIC properties to ONLY the internal, dynamic DNS server
    (set).

    Remember that "servers" are DNS clients too.

    If you change any of the above, you must restart the NetLogon
    service on each DC which might be affected.
    (Otherwise they must be rebooted.)

    > And, where should I go from here? I do not want this
    > happening again. (network down, internet up)

    See above.

    How much are you paying the consultant?

    --
    Herb Martin


    >
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks Herb. I knew I was right (although partially wrong
    as to use of the external ISP in the DNS settings on the
    workstations and servers.

    I have instructed the Netadmin to reset the DNS settings on
    the internal units to the main server and that is it.

    It appears in the MMC DNS properties that forwarding is
    properly in place except for one entry 192.168.2.11 that
    doesn't match our network addresses 192.168.0.xxx would
    there be any danger of deleting it?
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    <anonymous@discussions.microsoft.com> wrote in message
    news:202c501c4588b$122b69f0$a001280a@phx.gbl...
    >
    > Thanks Herb. I knew I was right (although partially wrong
    > as to use of the external ISP in the DNS settings on the
    > workstations and servers.
    >
    > I have instructed the Netadmin to reset the DNS settings on
    > the internal units to the main server and that is it.
    >
    > It appears in the MMC DNS properties that forwarding is
    > properly in place except for one entry 192.168.2.11 that
    > doesn't match our network addresses 192.168.0.xxx would
    > there be any danger of deleting it?
    >

    If it "doesn't make sense" then 'no, no danger' but if anything
    quits working have it written down so that you can consider
    restoring it.

    An internal address in "forwarding" is NOT ALWAYS wrong,
    however:

    Many times internal DNS server forward to one "firewall" or
    top level server that plays the role of "root" (either formally
    or just by having delegations that lead to all other zones) or
    which consolidates requests across a WAN line.

    The latter is frequently on the internal firewall which is charged
    with all requests that actually go to the internet so that it's
    cache is consolidated (collective) and so that no internal
    machine is ever allowed to make request out in the big, scary
    world. (DCs especially should be restricted to "internal
    access/requests only.")

    Example: All of my internal machines forward to the firewall-
    gateway-router(s) to the Internet. This machine has a CACHING
    ONLY DNS server that forwards or recurses the actual Internet.

    (Weird thing: Such gateways in my design are "domain member
    machines" and as such their OWN CLIENT NIC settings point
    back to the INTERNAL DNS servers and NOT to themselves
    or the ISP.)

    --
    Herb Martin


    >
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:202c501c4588b$122b69f0$a001280a@phx.gbl,
    anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com>
    posted their thoughts, then I offered mine
    > Thanks Herb. I knew I was right (although partially wrong
    > as to use of the external ISP in the DNS settings on the
    > workstations and servers.
    >
    > I have instructed the Netadmin to reset the DNS settings on
    > the internal units to the main server and that is it.
    >
    > It appears in the MMC DNS properties that forwarding is
    > properly in place except for one entry 192.168.2.11 that
    > doesn't match our network addresses 192.168.0.xxx would
    > there be any danger of deleting it?

    Curious, are you saying that in the DNS MMC it shows two DNS servers:
    192.168.2.11 and another one in 192.168.0.x? Or are you saying your network
    has two subnets?

    In addtion to what Herb metioned, I find it easier to forward to your ISP's
    DNS. You can use 4.2.2.2 as your forwarder (its reliable).


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS-IS" with no warranties and confers no
    rights.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory

    HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
    pig. --
    =================================
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:201ba01c45877$b7704fc0$a001280a@phx.gbl,
    Jim Muir <jpmuir@ibh.org> posted a question
    Then Kevin replied below:
    > In looking here (newsgroup) I see that the Domain
    > Controller should have its DNS settings pointing to itself
    > (our Server is 192.168.0.9) and the first DNS setting on
    > each workstation should be this DNS number. That way if
    > the ISP burps or terminates, the LAN is still operating,
    > unlike what happened yesterday.

    DC should point to itself and _all_ workstations should point to the DC,
    _ONLY_. This has nothing to do with internet connectivity, Active Directory
    will not function properly and logons will take close to forever if you
    don't use your local DNS, where the Domain Controller stores the records
    domain members are looking for not only at logon, but anytime you do
    anything.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
Ask a new question

Read More

Internet Service Providers DNS Servers Windows