Cannot access internet from clients through Windows 2000 Server - DNS Issue?

I have recently installed Windows 2000 Server and have configured it for DHCP,DNS, and AD. After creating all the user accounts (27), we have decided to add Internet access through a 4 port LinkSys broadband router with a static IP address so that all the users on the network can access the internet.

My problem is that I must have screwed up DNS somehow because I can only access the internet from the server and not from any of the clients. I can ping the ISP's DNS servers from the clients but URL's will not resolve and the clients' browsers end up with "Cannot find server or DNS error" page being displayed.

My configuration is as follows:
Server IP:
Gateway: (Broadband Router)

Pushing DNS Server as :
Pushing IP Addresses
Pushing Gateway:

No "." zone
DNS Server:
Forwards: ISP's DNS Server IP's
No Recursion

I'm desperate here as I have spent countless hours trying to make this work for my customer but to no avail.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

r u able to ping external websites using their FQDNs i mean say like ping tell me what happens then.. and then can you ping using IP address alone... ? and make sure that you are able to ping your domain server from the clients.(both by FQDN as well as IP) and in the TCP/IP properties of the clients have obtain IP and DNS automatically since you have DHCP enabled.

one more step to do is to open up a command prompt on the client and type in "ipconfig /flushdns" of course without quotes. Let me know what happens..
This may sound like a stupid question, but did you make sure your router doesn't have DHCP turned on? That could be answering before your server. Run ipconfig /all and see what DHCP Server responded.

Hi Hanley...

Can you pls little bit more clear about the setup u planned for internet access from the Client Systems..
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Check if the DNS forwardings are working for clients by manually configuring a client with an static IP pointing to the Router as Gateway and your interal DNS Server. Internal DNS requests work correctly? Try resolving external adresses on the client with both - "ping" and "nslookup".
Rob StoneCommented:
Do the clients work if you just type the IP of the URL instead?
BHHanleyAuthor Commented:
I do apologize for the delay as I was forced to try some other tactic to make this all work.
I have been able to establish network access and internet access for all user by doing the following:

I have installed 2 network cards.
Server is (NIC - Internal Network)
Subnet is
Gateway is
DNS is

External is (NIC - External Network)
Subnet is
Gateway is
DNS is

DHCP on the server is pushing:
Option 3 -
Option 6 -
Option 15 -

No "." zone
DNS Server:
Forwards: ISP's DNS Server IP's
No Recursion

Stopped RRAS and Restarted with NAT on the External NIC.

Installed WINS for older clients - IP:

I can now browse the network and access the internet from the clients. The main problems now are
1. Though the DHCP is pushing the Server's NIC for the gateway, some of the clients are pulling the NIC from the external NIC as the gateway!

2. Logons are extremely slow (up to 10 minutes) and access to the mapped drives and or shares on the server are also extremely slow (up to 2 minutes).

3. I am getting some master browser errors on the server and I am wondering wether these are contributing to the slow logons and share problems.

I have followed most of the suggestions for the slow logons (Disable SMB signing on the server, GP edit for Always wait for the network..., NIC settings etc.) but to no avail. Would the Master Browser errors be responsible? I also would like a bit more information on WINS as I am not sure if I have set this up correctly.
BHHanleyAuthor Commented:
I would request a refund as no answer solved my situation.

Let me go over this one more time to try and help. If you have a Linksys router, then I would say you shouldn't need to have dual NICs in your server unless you're trying to do something else (RRAS as your firewall). Even in that configuration, I would recommend moving RRAS off of your DNS server, especially if it is a DC as well. There are known issues with that type of setup.

With that being said, here's a fairly rough setup:

Get rid of the second NIC. You can just disable it in the Network Properties to start.

Network: (
Router's inside IP:

Server's IP:
Server's Gateway:
Server's Primary DNS:

DHCP Settings:
Option 3:
Option 6:
Option 15: (get rid of server)

DNS Settings:
No "." zone (as you said)
Forwarders are valid DNS servers from ISP. Check for typos
Do you have Root Hints? It's actually recommended that you remove them to enforce all DNS lookups go to the forwarders instead of directly to the root servers. I don't know if I agree with that recommendation, but in any case, if they are there, it can help.
You can perform self tests on the DNS server. In DNS Management, right click the server and select Properties. Inside Monitoring, check the simple and recursive query boxes and click Test. Verify both tests are passed.
Do you have any Event Log errors under DNS Servers?

With the server config out of the way, can you still ping sites by name from the server?

At a command prompt on the server, run: netstat -an | find "LISTENING"
Verify that the server is listening on port 53 both on TCP and UDP. It should be on unless you specificed the address in DNS Management.

Go to a client. At a command prompt, run: ipconfig /all
Verify that they are getting the correct information per your DHCP configuration.
On that same client, run nslookup. To ensure that you are querying your Windows server, type: server
At the next prompt, try: You should get a non-authoritative answer.
To ensure that your ISP's DNS servers are valid, try the same procedure with those servers instead
This should also confirm that your router is NATing correctly.

Give that a shot and let me know if it takes you anywhere.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sorry...typo in the nslookup part. Type: server, not .100. I'm used to the gateway being .1 and the server being something else. Sorry.

BTW, if you don't have any Win9x clients, you can probably get away with WINS, but if you do have Win9x clients, you will probably want to have it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.