Windows NT 4.0 Domain, upgraded to Server 2003, now with DNS issues

Hi all,

First, the background. We were running a NT 4.0 Domain, with a Windows NT 4.0 Server machine as the Primary and only Domain Controller. Last week we upgraded the network to add a new Windows 2003 Server machine as the Domain Controller. To do this (because the old machine wasn't capable of coping with Window 2000 or better) I created a virtual machine running NT 4.0 Server as the Backup Domain Controller, promoted it to the Primary Domain Controller (and then removed the old machine), upgraded it to Windows 2000 Server, and after using adprep to prepare the network, added the new Windows 2003 Server to the network as a Domain Controller, and removed the virtual machine.

The problem we are having is that the new server (Bob - internal IP 10.1.1.167) is running DNS because it is the Domain Controller. However the gateway machine that connects the internal network to the outside world is a linux server, and previously we had all the machines that were allowed to connect to the internet with out ISP's DNS servers as their prefered and secondary DNS.

As far as I am aware, what we need to do is set all the machines in the office with Bob as their prefered and only DNS server, and then set Bob to forward anything it can't deal with (ie, anything not on the 10.1.1.* subnet) to the ISP's DNS server.

Am I right? If I am, how?

If I'm not, what am I supposed to be doing.

Information that might be relevant:

Internal Domain Name: DOMAIN
Internal DNS Domain Name: location.company.com.au
Internal DNS Server: 10.1.1.167
Internal gateway: 10.1.1.1

At the moment, we either have 10.1.1.167 as the prefered DNS server, and we seem to be able to browse inside the network easily, but can't get to any external web site, or we have the ISP's DNS servers as Prefered and secondary and can access external website, but we can't browse internally inside the network, and everything that involves network access is horendously slow.

Can anyone help?
halloranelderAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RaybansTechnical ManagerCommented:
I had a similar prroblem recently

on the Active Directory Server (or domain controller) when I looked in DNS it had forwarding zone of "."

solution for me was to delete the "." zone
and the "domainname.local" zone

so that the forwarding zones are empty

then I did a refresh on the server icon itself in the DNS console

right click on the DNS server and choose the forward tab, and enter all the servers that I want as forwards for anything the server can not resolve, ie either your ISP or your gateway.

and check the other tabs to make sure your happy with them

then refresh again

the next thing I did was make a forward sone for our domain.
domainname.local
so that the domain would not get confused for domainname.com

but probem at this stage is server can do DNS and surf the web, put clients cannot

a reverse zone was needed.

use the reverse zone wizard to create one, entering the first 3 parts of your IP ei, 10.1.1

it will make a reverse zone lookup with 1.1.10.inard-arp (i think my spelling here is wrong)

inside that zone make a pointer record for your domain controller.

then the clients can do a reverse dns lookup, which will let them recognise 10.1.167 (the AD server) as a DNS server and resolve names.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ryangormanCommented:
I'd be very cautious about deleting zones other than the "." zone. Its unnecessary and demonstrates a lack of understanding of DNS under AD.

Your problem appears very simple and is easily fixed. All your internal clients should point to the internal DNS servers as internal DNS is key to Active Directory. *Each* internal DNS server then needs to be configured with DNS forwarders. This can only be done if there is no "." forward lookup zone.

Therefore each client queries the internal DNS for internal and external DNS queries and the internal DNS server forwards external query to it's forwarders.

I recommend creating reverse lookup zones but the system will work without them.

It sounds like Raybans muddled his way through his DNS/AD installation but got there in the end. I'll take assist points for clarity.
RaybansTechnical ManagerCommented:
thanks ryangor man :-D
halloranelderAuthor Commented:
Yay! It works.

Thanks to the both of you. Much appreciated.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.