Sign in with
Sign up | Sign in
Your question

Split-brain DNS server cannot log into AD domain

Last response: in Windows 2000/NT
Share
August 15, 2005 4:14:33 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I have my DNS servers (Windows 2000) in a split-brain configuration, and
theDNS servers that service the internet cannot log into the Active
Directory domain they are a member of. These DNS servers host the public
zone for "intelemedia.net" which also happens to be the name of the Active
Directory domain (Windows 2000). Since the external DNS servers are set to
query themselves for DNS resolution, how are they supposed to find the
Active Directory integrated DNS servers for intelemedia.net to know which
servers will service their logon request?

Any help would be greatly appreciated.

Thank you!
-Eric
Anonymous
August 15, 2005 6:32:44 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Eric <englebretsonNO@SPAMintelemedia.com> wrote:
> I have my DNS servers (Windows 2000) in a split-brain configuration,
> and theDNS servers that service the internet cannot log into the
> Active Directory domain they are a member of. These DNS servers host
> the public zone for "intelemedia.net" which also happens to be the
> name of the Active Directory domain (Windows 2000). Since the
> external DNS servers are set to query themselves for DNS resolution,
> how are they supposed to find the Active Directory integrated DNS
> servers for intelemedia.net to know which servers will service their
> logon request?

Set the external DNS servers, if they are members of the AD Domain, to point
to the AD DNS servers, only. No AD Domain members should use the external
DNS servers in TCP/IP properties.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
August 16, 2005 1:56:14 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:eNR9dAdoFHA.3552@TK2MSFTNGP10.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which I
then commented about below:
> Eric <englebretsonNO@SPAMintelemedia.com> wrote:
>> I have my DNS servers (Windows 2000) in a split-brain configuration,
>> and theDNS servers that service the internet cannot log into the
>> Active Directory domain they are a member of. These DNS servers host
>> the public zone for "intelemedia.net" which also happens to be the
>> name of the Active Directory domain (Windows 2000). Since the
>> external DNS servers are set to query themselves for DNS resolution,
>> how are they supposed to find the Active Directory integrated DNS
>> servers for intelemedia.net to know which servers will service their
>> logon request?
>
> Set the external DNS servers, if they are members of the AD Domain,
> to point to the AD DNS servers, only. No AD Domain members should use
> the external DNS servers in TCP/IP properties.

Just to add, just because the DNS servers host external zone data, doesn;'t
mean they must point to themselves for DNS. They can still point to, and
actually MUST point to the internal DNS to resolve domain data. A forwarder
from the internal servers to this server or the ISP's DNS will handle
Internet resolution efficiently.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Related resources
August 16, 2005 4:44:20 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

That fixed it. Thank you for correcting my misunderstanding of DNS with AD.

-Eric

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eM53zWgoFHA.4056@TK2MSFTNGP10.phx.gbl...
> In news:eNR9dAdoFHA.3552@TK2MSFTNGP10.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which
> I then commented about below:
>> Eric <englebretsonNO@SPAMintelemedia.com> wrote:
>>> I have my DNS servers (Windows 2000) in a split-brain configuration,
>>> and theDNS servers that service the internet cannot log into the
>>> Active Directory domain they are a member of. These DNS servers host
>>> the public zone for "intelemedia.net" which also happens to be the
>>> name of the Active Directory domain (Windows 2000). Since the
>>> external DNS servers are set to query themselves for DNS resolution,
>>> how are they supposed to find the Active Directory integrated DNS
>>> servers for intelemedia.net to know which servers will service their
>>> logon request?
>>
>> Set the external DNS servers, if they are members of the AD Domain,
>> to point to the AD DNS servers, only. No AD Domain members should use
>> the external DNS servers in TCP/IP properties.
>
> Just to add, just because the DNS servers host external zone data,
> doesn;'t mean they must point to themselves for DNS. They can still point
> to, and actually MUST point to the internal DNS to resolve domain data. A
> forwarder from the internal servers to this server or the ISP's DNS will
> handle Internet resolution efficiently.
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
Anonymous
August 17, 2005 2:56:36 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:u%23JqjoooFHA.3068@TK2MSFTNGP15.phx.gbl,
Eric <englebretsonNO@SPAMintelemedia.com> made this post, which I then
commented about below:
> That fixed it. Thank you for correcting my misunderstanding of DNS
> with AD.
> -Eric

Good to hear!

Ace
!