Link to home
Start Free TrialLog in
Avatar of DB12
DB12

asked on

Internet connectivity lost, but ipconfig /registerdns temporarily fixes until reboot - More in Body

Infrastructure:
We have one domain controller on Windows 2000 Server with a private address of 192.168.206.4, running DNS.  We have an Exchange 5.5 server on NT 4.0 running DNS as well with an inside private address of 192.168.206.2, which is also running DHCP with a scope of 192.168.206.10 - .254.  Our Proxy Server went down in December and we purchased a SonicWall 3060 box that serves as our firewall with an inside address of 192.168.206.3.  The SonicWall, in the beginning, was configured for serving DHCP.  (we'll get to that in a sec)  Users had to be configured with DNS of our ISP for internet access (non-authoritative), but DNS IP address had to be placed in top/first order in front of internal DNS servers.  

Monday this week, our Novell server locked up and went totally down.  Shortly thereafter, almost all users had either 1) no internet, 2) no Novell, 3) no Email, or 4) no ERP / no printer (neither Novell NDPS printing or straight TCP/IP printing)...or, for the fortunate....all the above.    The temporary fix seems to be to turn off DCHP from the SonicWall and also configure each user with a static IP address, giving the Sonicwall gateway  internal and external addressing, giving all three DNS servers above with the ISP server first, and loading HOSTS and LMHOSTS files into each computer.  

The result?  Internet access.  Novell was fixed on Tuesday.  Email access is good.  We're happy running on ERP (printing too).  The problem.....internet access seems to drop off after an unknown amount of time (being that we have no way of knowing just how long it takes....for one user, it's a matter of rebooting, for another user...he's still up and running happy (Windows XP Home by the way).  We have all flavors of Windows... 95/98/ME/2000/XP Home and Pro.    Running the command  IPCONFIG /REGISTERDNS on Windows XP and 2000 seems to temporarily fix this.  On 95/98/ME, obviously this is not included, therefore if HOSTS and LMHOSTS don't work, they're screwed.

This is a DNS problem, it sounds....but what?  Reverse lookups?   How to get the internet firewall into DNS or at least a reference to it?    Then there's Novell....some people still can't get get into Novell, but have Internet, Email, and ERP....     (don't ya just love working here?   LOL)
Small company, no resources, and fussy users have led me to ask this 500 pointer...

Much thanks in advance,
DB12
Avatar of chicagoan
chicagoan
Flag of United States of America image

1st off you need to stabilize the environment.
I'd set the AD machine to be the authoritative DNS, and the NT machine to be slave and use these for your DNS servers.
(You really ought to consider another AD box)
Take a good look at your zone files and make sure there aren't conflicts or omissions.
I'd set them both to be forwarding DNS servers to reduce DNS traffic through your firewall and use your ISP's DNS servers for resolution, proxy that through the Sonic Wall if you must.

I'd run DHCP on your AD machine, or the NT machine if that's not possible.

Then if you're still having problems you can start to delve into the other issues.
Do you have DNS resolution, are the proper PTR records in place (not an issue for internet access).
Once DNS is working properly, you can start looking into the traffic, what happens to a tracerroute?
Get to that device and see what the problem is, work your way outward.
I don't see the correlation with your Novell server, internet access and straight TCP/IP printing, unless there were some IP services there.
Avatar of DB12
DB12

ASKER

Sorry so late in commenting chicagoan.  Yes, attempting to stabilize the environment.  The AD machine is the authoritative DNS (we have 7 new servers in their rack enclosure, but no power, no config yet......one will be new DC and a second DC)     Took a look at zones.  We have forwarding and reverse setup.  They're not fowarding through firewall (??how to??....examples or cut n paste of a working config would be nice).... DHCP was running, but now off.  All have static IPs (that's taken a day and some change to do)...  
Everyone is now on a private address space of :
192.168.206.x
sub  255.255.255.0

gateway   192.168.206.3   Metric 1
               207.178.x.x           Metric 2           both are Sonicwall box  

DNS NS
207.178.x.x         ISP Name server
192.168.206.4     AD NS
192.168.206.2     NT Server NS


This has returned internal connectivity and intermitent internet.  Folks will loose their internet connection after a few minutes, hours, and in some cases, days.   The XP and 2000 folks have the advantage of opening up a DOS Shell and doing an  IPCONFIG /REGISTERDNS   which returns internet accessability to them. ?!?!?  Why isn't DNS refreshing their internet connections?   Is it the Sonicwall?   What to do..?~     The Novell server is rebuilt now, but today FS2 went down for no apparent reason, but that's a whole different story and as of yet, not addressed due to the other higher priorities.    Any further assistance would be appreciated!!   Thanks !!!!!



DB12

On the DHCP server make sure that the internal DNS IP address is listed first in the scope options.

I agree, you want your DNS to be resolving your internal hosts, especially the DC.
In the DNS console, enter the address of your ISP's DNS servers (or the sonic walls if they're proxying DNS) and check "enable forwarders".


>gateway   192.168.206.3   Metric 1
>               207.178.x.x           Metric 2           both are Sonicwall box  
Is this 2 sonic walls or two interfaces on 1?
the 207.x.x.x address is world-routable... if that's the outside interface of your single sonic wall it shouldn't be a gateway.
Avatar of DB12

ASKER

Eddkhamou, yes internal DNS is first.

Chicagoan, I'll check the DNS for the ISP DNS servers (you know, the kicker to this is that we're switching over to MCI/UUnet at the end of the month...rah)

The Sonicwall's internal address is the 192.168.206.3 and it's outside address that's directly attached to the router is 207.x.x.x           I should remove that 207 address as a gateway from the users' settings?   Gulp....(counting....102 computers to touch again)

Thanks for all the assistance BTW!!!  DB12
If you're using DHCP you need only change it's config.
You should NOT be using the outside interface of the firewall as a gateway.
Avatar of DB12

ASKER

Sorry for the delay, but it's been hell.        Ok...here's what I've got.     The NT Server DNS is fowarding and acting as a slave to the AD machine.    

DHCP has scopes as follows   192.168.206.10 - .253

DHCP Options  -  router   192.168.206.3   (internal Sonicwall)
                 DNS servers   192.168.206.4 (AD machine)
                               192.168.206.2 (NT machine)
                 domain name

DHCP Global Options have router and DNS servers as above
DCHP defaults as above

I have managed to receive a lease for IP address in all flavors of Windows OS.  I am able to get email, connect to ERP, and see network drives.  I still cannot, for the life of me, connect to the internet.  The only way to connect to the internet is if the non-authoritative DNS server is added at the top of the DNS server group  (207.178.128.20)   Only then can anyone connect.    

Earlier, I attempted at making changes at DNS on the NT Server.  Was successfull at connecting to the internet on a 2000, and an XP Home machine.  Only the 98 and ME machines were a problem, but now all flavors cannot connect without the above mentioned setting.

???? ideas ???    And, thanks for the great input and suggestions!!!!
DB

ASKER CERTIFIED SOLUTION
Avatar of chicagoan
chicagoan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial