Solved

Windows NT 4.0 Domain, upgraded to Server 2003, now with DNS issues

Posted on 2003-12-01
4
388 Views
Last Modified: 2010-04-14
Hi all,

First, the background. We were running a NT 4.0 Domain, with a Windows NT 4.0 Server machine as the Primary and only Domain Controller. Last week we upgraded the network to add a new Windows 2003 Server machine as the Domain Controller. To do this (because the old machine wasn't capable of coping with Window 2000 or better) I created a virtual machine running NT 4.0 Server as the Backup Domain Controller, promoted it to the Primary Domain Controller (and then removed the old machine), upgraded it to Windows 2000 Server, and after using adprep to prepare the network, added the new Windows 2003 Server to the network as a Domain Controller, and removed the virtual machine.

The problem we are having is that the new server (Bob - internal IP 10.1.1.167) is running DNS because it is the Domain Controller. However the gateway machine that connects the internal network to the outside world is a linux server, and previously we had all the machines that were allowed to connect to the internet with out ISP's DNS servers as their prefered and secondary DNS.

As far as I am aware, what we need to do is set all the machines in the office with Bob as their prefered and only DNS server, and then set Bob to forward anything it can't deal with (ie, anything not on the 10.1.1.* subnet) to the ISP's DNS server.

Am I right? If I am, how?

If I'm not, what am I supposed to be doing.

Information that might be relevant:

Internal Domain Name: DOMAIN
Internal DNS Domain Name: location.company.com.au
Internal DNS Server: 10.1.1.167
Internal gateway: 10.1.1.1

At the moment, we either have 10.1.1.167 as the prefered DNS server, and we seem to be able to browse inside the network easily, but can't get to any external web site, or we have the ISP's DNS servers as Prefered and secondary and can access external website, but we can't browse internally inside the network, and everything that involves network access is horendously slow.

Can anyone help?
0
Comment
Question by:halloranelder
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
Raybans earned 400 total points
ID: 9856708
I had a similar prroblem recently

on the Active Directory Server (or domain controller) when I looked in DNS it had forwarding zone of "."

solution for me was to delete the "." zone
and the "domainname.local" zone

so that the forwarding zones are empty

then I did a refresh on the server icon itself in the DNS console

right click on the DNS server and choose the forward tab, and enter all the servers that I want as forwards for anything the server can not resolve, ie either your ISP or your gateway.

and check the other tabs to make sure your happy with them

then refresh again

the next thing I did was make a forward sone for our domain.
domainname.local
so that the domain would not get confused for domainname.com

but probem at this stage is server can do DNS and surf the web, put clients cannot

a reverse zone was needed.

use the reverse zone wizard to create one, entering the first 3 parts of your IP ei, 10.1.1

it will make a reverse zone lookup with 1.1.10.inard-arp (i think my spelling here is wrong)

inside that zone make a pointer record for your domain controller.

then the clients can do a reverse dns lookup, which will let them recognise 10.1.167 (the AD server) as a DNS server and resolve names.

0
 
LVL 10

Assisted Solution

by:ryangorman
ryangorman earned 100 total points
ID: 9857094
I'd be very cautious about deleting zones other than the "." zone. Its unnecessary and demonstrates a lack of understanding of DNS under AD.

Your problem appears very simple and is easily fixed. All your internal clients should point to the internal DNS servers as internal DNS is key to Active Directory. *Each* internal DNS server then needs to be configured with DNS forwarders. This can only be done if there is no "." forward lookup zone.

Therefore each client queries the internal DNS for internal and external DNS queries and the internal DNS server forwards external query to it's forwarders.

I recommend creating reverse lookup zones but the system will work without them.

It sounds like Raybans muddled his way through his DNS/AD installation but got there in the end. I'll take assist points for clarity.
0
 
LVL 2

Expert Comment

by:Raybans
ID: 9861643
thanks ryangor man :-D
0
 

Author Comment

by:halloranelder
ID: 9863938
Yay! It works.

Thanks to the both of you. Much appreciated.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Read about the ways of improving workplace communication.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question