Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cannot access internet from clients through Windows 2000 Server - DNS Issue?

Posted on 2003-11-27
Medium Priority
Last Modified: 2010-04-13
I have recently installed Windows 2000 Server and have configured it for DHCP,DNS, and AD. After creating all the user accounts (27), we have decided to add Internet access through a 4 port LinkSys broadband router with a static IP address so that all the users on the network can access the internet.

My problem is that I must have screwed up DNS somehow because I can only access the internet from the server and not from any of the clients. I can ping the ISP's DNS servers from the clients but URL's will not resolve and the clients' browsers end up with "Cannot find server or DNS error" page being displayed.

My configuration is as follows:
Server IP:
Gateway: (Broadband Router)

Pushing DNS Server as :
Pushing IP Addresses
Pushing Gateway:

No "." zone
DNS Server:
Forwards: ISP's DNS Server IP's
No Recursion

I'm desperate here as I have spent countless hours trying to make this work for my customer but to no avail.

Question by:BHHanley
LVL 11

Expert Comment

ID: 9834666
r u able to ping external websites using their FQDNs i mean say like ping www.yahoo.com.. tell me what happens then.. and then can you ping using IP address alone... ? and make sure that you are able to ping your domain server from the clients.(both by FQDN as well as IP) and in the TCP/IP properties of the clients have obtain IP and DNS automatically since you have DHCP enabled.

one more step to do is to open up a command prompt on the client and type in "ipconfig /flushdns" of course without quotes. Let me know what happens..

Expert Comment

ID: 9835374
This may sound like a stupid question, but did you make sure your router doesn't have DHCP turned on? That could be answering before your server. Run ipconfig /all and see what DHCP Server responded.


Expert Comment

ID: 9835478
Hi Hanley...

Can you pls little bit more clear about the setup u planned for internet access from the Client Systems..
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions


Expert Comment

ID: 9835696
Check if the DNS forwardings are working for clients by manually configuring a client with an static IP pointing to the Router as Gateway and your interal DNS Server. Internal DNS requests work correctly? Try resolving external adresses on the client with both - "ping" and "nslookup".
LVL 15

Expert Comment

by:Rob Stone
ID: 9836994
Do the clients work if you just type the IP of the URL instead?

Author Comment

ID: 9840587
I do apologize for the delay as I was forced to try some other tactic to make this all work.
I have been able to establish network access and internet access for all user by doing the following:

I have installed 2 network cards.
Server is (NIC - Internal Network)
Subnet is
Gateway is
DNS is

External is (NIC - External Network)
Subnet is
Gateway is
DNS is

DHCP on the server is pushing:
Option 3 -
Option 6 -
Option 15 - server.name.com

No "." zone
DNS Server:
Forwards: ISP's DNS Server IP's
No Recursion

Stopped RRAS and Restarted with NAT on the External NIC.

Installed WINS for older clients - IP:

I can now browse the network and access the internet from the clients. The main problems now are
1. Though the DHCP is pushing the Server's NIC for the gateway, some of the clients are pulling the NIC from the external NIC as the gateway!

2. Logons are extremely slow (up to 10 minutes) and access to the mapped drives and or shares on the server are also extremely slow (up to 2 minutes).

3. I am getting some master browser errors on the server and I am wondering wether these are contributing to the slow logons and share problems.

I have followed most of the suggestions for the slow logons (Disable SMB signing on the server, GP edit for Always wait for the network..., NIC settings etc.) but to no avail. Would the Master Browser errors be responsible? I also would like a bit more information on WINS as I am not sure if I have set this up correctly.

Author Comment

ID: 10046274
I would request a refund as no answer solved my situation.


Accepted Solution

Drob8 earned 1500 total points
ID: 10049915
Let me go over this one more time to try and help. If you have a Linksys router, then I would say you shouldn't need to have dual NICs in your server unless you're trying to do something else (RRAS as your firewall). Even in that configuration, I would recommend moving RRAS off of your DNS server, especially if it is a DC as well. There are known issues with that type of setup.

With that being said, here's a fairly rough setup:

Get rid of the second NIC. You can just disable it in the Network Properties to start.

Network: (
Router's inside IP:

Server's IP:
Server's Gateway:
Server's Primary DNS:

DHCP Settings:
Option 3:
Option 6:
Option 15: name.com (get rid of server)

DNS Settings:
No "." zone (as you said)
Forwarders are valid DNS servers from ISP. Check for typos
Do you have Root Hints? It's actually recommended that you remove them to enforce all DNS lookups go to the forwarders instead of directly to the root servers. I don't know if I agree with that recommendation, but in any case, if they are there, it can help.
You can perform self tests on the DNS server. In DNS Management, right click the server and select Properties. Inside Monitoring, check the simple and recursive query boxes and click Test. Verify both tests are passed.
Do you have any Event Log errors under DNS Servers?

With the server config out of the way, can you still ping sites by name from the server?

At a command prompt on the server, run: netstat -an | find "LISTENING"
Verify that the server is listening on port 53 both on TCP and UDP. It should be on unless you specificed the address in DNS Management.

Go to a client. At a command prompt, run: ipconfig /all
Verify that they are getting the correct information per your DHCP configuration.
On that same client, run nslookup. To ensure that you are querying your Windows server, type: server
At the next prompt, try: www.microsoft.com. You should get a non-authoritative answer.
To ensure that your ISP's DNS servers are valid, try the same procedure with those servers instead
This should also confirm that your router is NATing correctly.

Give that a shot and let me know if it takes you anywhere.


Expert Comment

ID: 10049924
Sorry...typo in the nslookup part. Type: server, not .100. I'm used to the gateway being .1 and the server being something else. Sorry.

BTW, if you don't have any Win9x clients, you can probably get away with WINS, but if you do have Win9x clients, you will probably want to have it.


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The number of companies understanding the potential of IoT on B2B market is growing with each day. And yet only a small share of IoT developers have managed to equalize incomes and stay competitive in the international market.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question