Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

Windows NT 4.0 Domain, upgraded to Server 2003, now with DNS issues

Hi all,

First, the background. We were running a NT 4.0 Domain, with a Windows NT 4.0 Server machine as the Primary and only Domain Controller. Last week we upgraded the network to add a new Windows 2003 Server machine as the Domain Controller. To do this (because the old machine wasn't capable of coping with Window 2000 or better) I created a virtual machine running NT 4.0 Server as the Backup Domain Controller, promoted it to the Primary Domain Controller (and then removed the old machine), upgraded it to Windows 2000 Server, and after using adprep to prepare the network, added the new Windows 2003 Server to the network as a Domain Controller, and removed the virtual machine.

The problem we are having is that the new server (Bob - internal IP 10.1.1.167) is running DNS because it is the Domain Controller. However the gateway machine that connects the internal network to the outside world is a linux server, and previously we had all the machines that were allowed to connect to the internet with out ISP's DNS servers as their prefered and secondary DNS.

As far as I am aware, what we need to do is set all the machines in the office with Bob as their prefered and only DNS server, and then set Bob to forward anything it can't deal with (ie, anything not on the 10.1.1.* subnet) to the ISP's DNS server.

Am I right? If I am, how?

If I'm not, what am I supposed to be doing.

Information that might be relevant:

Internal Domain Name: DOMAIN
Internal DNS Domain Name: location.company.com.au
Internal DNS Server: 10.1.1.167
Internal gateway: 10.1.1.1

At the moment, we either have 10.1.1.167 as the prefered DNS server, and we seem to be able to browse inside the network easily, but can't get to any external web site, or we have the ISP's DNS servers as Prefered and secondary and can access external website, but we can't browse internally inside the network, and everything that involves network access is horendously slow.

Can anyone help?
0
halloranelder
Asked:
halloranelder
  • 2
2 Solutions
 
RaybansCommented:
I had a similar prroblem recently

on the Active Directory Server (or domain controller) when I looked in DNS it had forwarding zone of "."

solution for me was to delete the "." zone
and the "domainname.local" zone

so that the forwarding zones are empty

then I did a refresh on the server icon itself in the DNS console

right click on the DNS server and choose the forward tab, and enter all the servers that I want as forwards for anything the server can not resolve, ie either your ISP or your gateway.

and check the other tabs to make sure your happy with them

then refresh again

the next thing I did was make a forward sone for our domain.
domainname.local
so that the domain would not get confused for domainname.com

but probem at this stage is server can do DNS and surf the web, put clients cannot

a reverse zone was needed.

use the reverse zone wizard to create one, entering the first 3 parts of your IP ei, 10.1.1

it will make a reverse zone lookup with 1.1.10.inard-arp (i think my spelling here is wrong)

inside that zone make a pointer record for your domain controller.

then the clients can do a reverse dns lookup, which will let them recognise 10.1.167 (the AD server) as a DNS server and resolve names.

0
 
ryangormanCommented:
I'd be very cautious about deleting zones other than the "." zone. Its unnecessary and demonstrates a lack of understanding of DNS under AD.

Your problem appears very simple and is easily fixed. All your internal clients should point to the internal DNS servers as internal DNS is key to Active Directory. *Each* internal DNS server then needs to be configured with DNS forwarders. This can only be done if there is no "." forward lookup zone.

Therefore each client queries the internal DNS for internal and external DNS queries and the internal DNS server forwards external query to it's forwarders.

I recommend creating reverse lookup zones but the system will work without them.

It sounds like Raybans muddled his way through his DNS/AD installation but got there in the end. I'll take assist points for clarity.
0
 
RaybansCommented:
thanks ryangor man :-D
0
 
halloranelderAuthor Commented:
Yay! It works.

Thanks to the both of you. Much appreciated.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now