Solved

Windows NT 4.0 Domain, upgraded to Server 2003, now with DNS issues

Posted on 2003-12-01
4
387 Views
Last Modified: 2010-04-14
Hi all,

First, the background. We were running a NT 4.0 Domain, with a Windows NT 4.0 Server machine as the Primary and only Domain Controller. Last week we upgraded the network to add a new Windows 2003 Server machine as the Domain Controller. To do this (because the old machine wasn't capable of coping with Window 2000 or better) I created a virtual machine running NT 4.0 Server as the Backup Domain Controller, promoted it to the Primary Domain Controller (and then removed the old machine), upgraded it to Windows 2000 Server, and after using adprep to prepare the network, added the new Windows 2003 Server to the network as a Domain Controller, and removed the virtual machine.

The problem we are having is that the new server (Bob - internal IP 10.1.1.167) is running DNS because it is the Domain Controller. However the gateway machine that connects the internal network to the outside world is a linux server, and previously we had all the machines that were allowed to connect to the internet with out ISP's DNS servers as their prefered and secondary DNS.

As far as I am aware, what we need to do is set all the machines in the office with Bob as their prefered and only DNS server, and then set Bob to forward anything it can't deal with (ie, anything not on the 10.1.1.* subnet) to the ISP's DNS server.

Am I right? If I am, how?

If I'm not, what am I supposed to be doing.

Information that might be relevant:

Internal Domain Name: DOMAIN
Internal DNS Domain Name: location.company.com.au
Internal DNS Server: 10.1.1.167
Internal gateway: 10.1.1.1

At the moment, we either have 10.1.1.167 as the prefered DNS server, and we seem to be able to browse inside the network easily, but can't get to any external web site, or we have the ISP's DNS servers as Prefered and secondary and can access external website, but we can't browse internally inside the network, and everything that involves network access is horendously slow.

Can anyone help?
0
Comment
Question by:halloranelder
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
Raybans earned 400 total points
ID: 9856708
I had a similar prroblem recently

on the Active Directory Server (or domain controller) when I looked in DNS it had forwarding zone of "."

solution for me was to delete the "." zone
and the "domainname.local" zone

so that the forwarding zones are empty

then I did a refresh on the server icon itself in the DNS console

right click on the DNS server and choose the forward tab, and enter all the servers that I want as forwards for anything the server can not resolve, ie either your ISP or your gateway.

and check the other tabs to make sure your happy with them

then refresh again

the next thing I did was make a forward sone for our domain.
domainname.local
so that the domain would not get confused for domainname.com

but probem at this stage is server can do DNS and surf the web, put clients cannot

a reverse zone was needed.

use the reverse zone wizard to create one, entering the first 3 parts of your IP ei, 10.1.1

it will make a reverse zone lookup with 1.1.10.inard-arp (i think my spelling here is wrong)

inside that zone make a pointer record for your domain controller.

then the clients can do a reverse dns lookup, which will let them recognise 10.1.167 (the AD server) as a DNS server and resolve names.

0
 
LVL 10

Assisted Solution

by:ryangorman
ryangorman earned 100 total points
ID: 9857094
I'd be very cautious about deleting zones other than the "." zone. Its unnecessary and demonstrates a lack of understanding of DNS under AD.

Your problem appears very simple and is easily fixed. All your internal clients should point to the internal DNS servers as internal DNS is key to Active Directory. *Each* internal DNS server then needs to be configured with DNS forwarders. This can only be done if there is no "." forward lookup zone.

Therefore each client queries the internal DNS for internal and external DNS queries and the internal DNS server forwards external query to it's forwarders.

I recommend creating reverse lookup zones but the system will work without them.

It sounds like Raybans muddled his way through his DNS/AD installation but got there in the end. I'll take assist points for clarity.
0
 
LVL 2

Expert Comment

by:Raybans
ID: 9861643
thanks ryangor man :-D
0
 

Author Comment

by:halloranelder
ID: 9863938
Yay! It works.

Thanks to the both of you. Much appreciated.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now