Solved

DNS problem on LAN's client PC when win2000 srv is not main server

Posted on 2004-03-26
5
768 Views
Last Modified: 2010-03-18
I have the LAN settings:

1 LAN IP's - 192.168.1.1-192.168.1.254
2 LAN IP's - 192.168.2.1-192.168.2.254

windows 2000 srv active directory is set at 192.168.1.2 (not connected to the internet)
temporary winXP (connected to internet and shared to the LAN) is set at 192.168.1.1, ISP IP=100.200.100.200

if I set primary DNS on client PC's 192.168.1.2 and secondary 100.200.100.200 client cannot resolve internet addresses,
if I set primary DNS on client PC's 100.200.100.200 and secondary 192.168.1.2 client cannot resolve active directory names.

How can I solve this problem to get full DNS support for ISP and Active directory?

0
Comment
Question by:Povilas
  • 2
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 200 total points
ID: 10688920
Your clients and your DC need to point *only* to your internal DNS, under no circumstances to your ISP's DNS. Then remove the root zone (".") on your W2k DNS, and configure forwarders to point to your ISP's DNS. Check the FAQ for more information.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Windows 2000 DNS and Active Directory Information and Technical Resources
http://support.microsoft.com/?kbid=298448

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202
0
 
LVL 11

Expert Comment

by:kabaam
ID: 10690108
Just to add a comment here.  I see this alot and wanted to through this in.
This is a clip from the MS DNS whitepapers

"Servers are queried in the order they are given in the list, which is defined by the servers priorities. If one server in the list returns a positive or negative answer, then no other servers in that list are posed the same question"

basically saying that the purpose of a client setting of primary and secondary dns servers is for redundancy only.
Both primary and secondary servers are assumed to hold the exact same information.
If the primary gives ANY response at all... the client assumes the secondary will have the same response and not bother.
If the primary does not respond... no comms back... then the client will use the secondar.  Redundancy only.

oBda gave you what you need to set up your DNS server to allow recursive queries and set up forwarders
gl
CHAD
0
 
LVL 1

Author Comment

by:Povilas
ID: 10690250
How exactly should I configure forwarder and DNS IP on clients.

clients are from 192.168.1.4-192.168.1.254
2000 server is 192.168.1.2
ISP XP server is with two LAN cards IP: 192.168.1.1 and 100.200.111.233
0
 
LVL 11

Assisted Solution

by:kabaam
kabaam earned 50 total points
ID: 10690303
your clients dns settings should only list your local domain dns servers.
configure your dns servers to do recursive queries.
add forwarders to your dns zones... pointing to ISP dns servers


recursive queries:
client asks primary dns server for IP... dns server doesnt know... but looks at forwarder address and asks that server.
0
 
LVL 1

Author Comment

by:Povilas
ID: 10690466
the problem might be, when I'll try to seperate two LAN's.

XP server (will be Linux server for firewall and router function):
LANcard1: 192.168.1.1 (LAN switch 1)
LANcard2: 192.168.2.1 (LAN switch 2)
WANcard3: 100.200.100.200
WANcard4: 100.200.100.201

2000 server (with active directory for 192.168.1.* LAN domain users):
LANcard1: 192.168.1.2

Domain clients:
LANcard1: 192.168.1.3-192.168.1.254 (No need for DHCP)

NON domain clients:
LANcard1: 192.168.2.2-192.168.2.254 (very important to have totally automatic DNS and DHCP, and to have no access to Domain LAN)

How DMS and DHCP configuration must look like to work for Domain computers, and for non-domain user that will have no permisions to 192.168.1.* LAN. My win2000 srv will not be able to provide DNS queries for 192.168.2.* LAN !!! (packets will go from switch to ISP router).
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question