Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

Stupid DNS question...

I'll admit it, I know very little about DNS, I'm a DNS moron. I've always lucked out and had another guy on the team (usually a UNIX guy) who has taken care of DNS related issues. Well I don't have that luxury now, and I'm too lazy to look it up myself so I need some help!

I recently put up a 2k domain controller that is running DHCP, DNS, and a few other services. This machine has two NIC's in it, with the external access NIC being configured to use our ISP's DNS entries.

Before this server went up, every machine (workstation) here had a public IP address and was able to successfully resolve our POP server address which is hosted offsite: mail.ourdomain.com. Ever since I put our 2k DNS box up, mail.ourdomain.com is unreachable so I've had to resort to using the POP server's IP address.

How do I fix this and what exactly has happened here?
0
Gabe_Rivera
Asked:
Gabe_Rivera
  • 24
  • 14
  • 9
  • +1
1 Solution
 
SysExpertCommented:
If all they are using DNs for is accessing a single site then you can use the Hosts files and push it out in a login script.

To fix the DNS, you should See :

From: Housenet    Date: 04/03/2001 05:08AM PST NAT port 25 SMTP not working - all else OK
                 -Lets go through your Nat setup & find the problem.
                 -2 Nics correct ?
                 -Did you enable special ports or address assignment? (dont).
                 -Dhcp server installed ? Pass options to client 003,006,015,044,046..Specify the inside IP of the server
                 for everthing. If its a DC specify the Fqdn of the 2000 domain (not internet domain in the dhcp domain option).
                 -Again if its a DC the foward lookup zone for the Lan should be the only zone listed & bound to the
                 inside IP of the server. (unless you're hosting internet zones)..
                 -The root zone on the DNS server must be deleted & forwarders option must be used (enter ISP's DNS in
                 forwarders), & dont mess with the root hints..
                 -On the server & all clients tcpip properties should be pointing only to the inside IP of the server.

                 -Is it a DC, & can you confirm any of what Im asking here ?


ALso see

 http://www.microsoft.com/windows2000/docs/w2kdns.doc

I hope this helps !

0
 
mikecrCommented:
Are you saying that your running DNS server on this machine? If you are, go into DNS and configure your zone for your company, or make one up, make sure you delete the (.) or root zone. Then right click on the server and choose properties and go int the forwarders tab and put the ISP's entries in there. The make sure that your clients get the IP address of your DNS server assigned to them and they will be all set. What your server can't resolve it will pass to your ISP. Take the ISP's entries off of the other NIC unless you absolutely need them.
0
 
GUEENCommented:
Is your internal NIC the first bound adapter (and not the external nic?)
From DNS manager | interfaces tab
stop it from binding to external NIC here
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Gabe_RiveraAuthor Commented:
Shekerra, my public interface was listed before the private NIC in the interface section. I removed the public interface NIC altogether, and sure enough I could resolve the address that previously couldn't be resolved. However, none of my client machines can resolve the address? Shed some light here for me? Has the DNS update not gone through yet or something?
0
 
mikecrCommented:
Are your clients using your DNS server to resolve names?
0
 
Gabe_RiveraAuthor Commented:
Yes. All clients are pointing to the DNS boxes internal NIC... or I should say that is the address they're getting from DHCP.
0
 
mikecrCommented:
If you do an nslookup on an external site, what do you get? Does it time out trying to resolve the name or do you get an error message from your DNS server?
0
 
Gabe_RiveraAuthor Commented:
If I ping mail.mydomain.com from the DNS server, it resolves the IP of the offsite mail server that serves our POP mail. If I ping mail.mydomain.com from a workstation, I get the following.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\grivera>nslookup mail.sammonsgroup.com
Server:  atlas.sammonsgroup.com
Address:  192.168.0.2

*** atlas.sammonsgroup.com can't find mail.sammonsgroup.com: Non-existent domain


C:\Documents and Settings\grivera>ping mail.sammonsgroup.com
Ping request could not find host mail.sammonsgroup.com. Please check the name an
d try again.

C:\Documents and Settings\grivera>nslookup mail.mydomain.com
Server:  atlas.mydomain.com
Address:  192.168.0.2

*** atlas.mydomain.com can't find mail.mydomain.com: Non-existent domain


C:\Documents and Settings\grivera>
0
 
Gabe_RiveraAuthor Commented:
Whoops, I meant to change the domain names in all of it, hit send message on accident! =)
0
 
GUEENCommented:
Did you ipconfig /flushdns on the computers?
0
 
Gabe_RiveraAuthor Commented:
No, I hadn't done that, but I just did and I am still where I started.
0
 
GUEENCommented:
What is in your event logs in relation to DNS?
0
 
Gabe_RiveraAuthor Commented:
There are about 5 or 6 entries from today, and they all say this:

DNS Server has updated its own host (A) records.  In order to insure that its DS-integrated peer DNS servers are able to replicate with it, they have been updated with the new records through dynamic update.
--------------------------------

0
 
GUEENCommented:
backtracking here:
So you are now set up to point to internal DNS only for resolution and is forwarding (other requests to ISP on external server)configured on the DNS server as well as the PTR records?
0
 
Gabe_RiveraAuthor Commented:
Umm, no idea what a PTR record is. But if I understand the rest of your question correctly, yes:

All clients are setup for DHCP, so they're handed the IP of my DNS server for DNS resolution. I set up forwarders on the DNS box which point to my ISP's DNS boxes.
0
 
GUEENCommented:
0
 
Gabe_RiveraAuthor Commented:
No 6702's in a long time. All I have recently are 6701's.
0
 
GUEENCommented:
PTR is a pointer to record(s) for reverse lookup
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q289583

0
 
Gabe_RiveraAuthor Commented:
Bumping up the point reward for this since it's taking up so much time. I appreciate the help very much, by the way.

Ok well I went and checked the settings on the DHCP server as that article suggested and it is setup the way it should be. It is set to automatically update DHCP client information in DNS, the radio button for "Always update DNS" is selected, and so is enable updates for DNS clients that do not support dynamic updates.

No clue what the heck is going on here!!
0
 
GUEENCommented:
Is smtp the only problem? Do you use exchange (how is your mail set up?)
0
 
Gabe_RiveraAuthor Commented:
Well right now our mail is POP based and it's hosted off site. Within the next 6 weeks I'll be throwing an Exchange server up, which will also be on this DNS box in question.
0
 
mikecrCommented:
Try changing the DNS server to look at himself for name resolution instead of the ISP. Then go into DNS and on Forwarders tab, add the ISP's DNS entries there. Let us know what happens.
0
 
Gabe_RiveraAuthor Commented:
Ummm, I thought this was how I was already set up??

IP properties, my server's internal NIC is pointing to itself for DNS resolution and I have my ISP's DNS entries set in the IP forwarding section.
0
 
mikecrCommented:
Okay, now that you have verified this, make sure that the DNS address that the workstations are getting to resolve names is that server. Try to go to a website and let us know what happens. Oh, how are your clients getting onto the internet? Are they being natted thru the Windows 2000 machine or thru a router???
0
 
Gabe_RiveraAuthor Commented:
All of the clients can get to any website, that was never a problem to begin with. The problem is they (the client workstations) can't resolve mail.mydomain.com but the server can!

The DNS server is also acting as a router, that is how they are getting out to the Internet.
0
 
mikecrCommented:
Okay, sorry about that. Now, do you have an MX record in DNS for you mail server?
0
 
Gabe_RiveraAuthor Commented:
No, I have no MX records.
0
 
mikecrCommented:
Do you have any DNS resource records in your zone that point to mail.ourdomain.com? Can you ping mail.ourdomain.com from any of the workstations and does it resolve to the correct IP address?
0
 
Gabe_RiveraAuthor Commented:
No, I don't have any resource records in my zone that point to mail.mydomain.com.

And once again, I can ping mail.mydomain.com from the server and it resolves the correct IP address, I can not do this from ANY of the workstations though.
0
 
mikecrCommented:
Wow, this is extremely strange. Do an nslookup on the mail server from a problem workstation and post the results here. Let's see who they are actually looking at to resolve names. You don't happen to have any hosts file on the server for any reason do you?
0
 
Gabe_RiveraAuthor Commented:
No host files.

C:\Documents and Settings\grivera>nslookup mail.mydomain.com
Server:  atlas.mydomain.com
Address:  192.168.0.2

*** atlas.mydomain.com can't find mail.mydomain.com: Non-existent domain
0
 
Gabe_RiveraAuthor Commented:
There is definitely something that is screwed up. On the monitoring tab in the DNS section, if you run the simple query and recursive querys against the DNS server, they both come back as failed.

I don't understand how this can be so screwed up and yet still work like a champ.
0
 
Gabe_RiveraAuthor Commented:
Ok, another update for you.

I got frustrated and just deleted the forward look up zone and reverse lookup zones. I created a new one of each... now the clients can resolve the mail.mydomain.com address!?! I am still failing the query and recursion tests though, not sure why.

0
 
mikecrCommented:
Did you restart the DNS service on the server? Also, do and ipconfig /flushdns on the server also. If you don't flush the dns cache before you do that it will cause it to fail also.
0
 
Gabe_RiveraAuthor Commented:
Yep, restarted the service just now, flushed the DNS and still getting the fail results.
0
 
mikecrCommented:
Okay, here's some helpful information.

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q258263

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q303811

Check event viewer and see if there are any errors. Also, do you have a firewall of some kind in front of this box?
0
 
Gabe_RiveraAuthor Commented:
This box is also an ISA server, so yes.
0
 
mikecrCommented:
Stop the Firewall service and tell me if it works then. Are you proxying requests for the internet? If you are the DNS forwarder is trying to resolve a request to the internet and the request is being proxied so the firewall is denying it because it is not coming from the same ip that it was requested on. See if stopping that service solves the problem. If it does, I believe I might know a work around.
0
 
Gabe_RiveraAuthor Commented:
Yeah, I'm using ISA out of the box so we're using both firewall and proxy services. I stopped the firewall service, ran the tests and they failed once again. I checked both MS articles you submitted and still no luck.
0
 
GUEENCommented:
Do you have service pack 2 installed on the server?
0
 
GUEENCommented:
Also instead of using the DNS tool directly from admin tools - open up your MMC and add the dns there and test from there.
0
 
Gabe_RiveraAuthor Commented:
Yes, service pack 2 is installed.

Running the DNS snap in from the MMC is one of the things listed in a previous suggested MS article, it make no difference.

What I don't understand is I have another server I just brought online, configured DNS and it runs like a champ... even the tests work properly. I see no difference in the way my problematic server and the server that works are configured. The only difference is the problematic server has two NIC's and is running SBS 2000 and is also acting as a router.
0
 
mikecrCommented:
At this point I would probably uninstall the DNS service, delete the zone files, then reinstall the DNS service and recreate any zones and see if that fixes the problem. Just make sure that you point the domain controller to the new DNS server.
0
 
Gabe_RiveraAuthor Commented:
What do you mean point the domain controller to the new DNS server? This box is the domain controller!
0
 
mikecrCommented:
If you created another DNS server and it is working fine, and you have the Domains zone located on it, point the domain controller to the new server for DNS resolution while you remove and reinstall the DNS service. You may want to change your DHCP to pass the new DNS server also. This way clients can do name resolution while your working on this other DNS issue.
0
 
Gabe_RiveraAuthor Commented:
Good deal, thanks for the input. I'll give this a shot and get back to you with the results.
0
 
Gabe_RiveraAuthor Commented:
I ended up trashing all of these servers, blowing away ISA and everything. I'm going to start over from scratch, but I appreciate everyone's help.
0
 
mikecrCommented:
No problem, if you run into any more issues, let us know. Oh, by the way, don't put DNS on the box running ISA server. It's a real pain configuring rules for DNS updates.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 24
  • 14
  • 9
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now