Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS problem on LAN's client PC when win2000 srv is not main server

Posted on 2004-03-26
5
Medium Priority
?
823 Views
Last Modified: 2010-03-18
I have the LAN settings:

1 LAN IP's - 192.168.1.1-192.168.1.254
2 LAN IP's - 192.168.2.1-192.168.2.254

windows 2000 srv active directory is set at 192.168.1.2 (not connected to the internet)
temporary winXP (connected to internet and shared to the LAN) is set at 192.168.1.1, ISP IP=100.200.100.200

if I set primary DNS on client PC's 192.168.1.2 and secondary 100.200.100.200 client cannot resolve internet addresses,
if I set primary DNS on client PC's 100.200.100.200 and secondary 192.168.1.2 client cannot resolve active directory names.

How can I solve this problem to get full DNS support for ISP and Active directory?

0
Comment
Question by:Povilas
  • 2
  • 2
5 Comments
 
LVL 86

Accepted Solution

by:
oBdA earned 800 total points
ID: 10688920
Your clients and your DC need to point *only* to your internal DNS, under no circumstances to your ISP's DNS. Then remove the root zone (".") on your W2k DNS, and configure forwarders to point to your ISP's DNS. Check the FAQ for more information.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Windows 2000 DNS and Active Directory Information and Technical Resources
http://support.microsoft.com/?kbid=298448

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202
0
 
LVL 11

Expert Comment

by:chad
ID: 10690108
Just to add a comment here.  I see this alot and wanted to through this in.
This is a clip from the MS DNS whitepapers

"Servers are queried in the order they are given in the list, which is defined by the servers priorities. If one server in the list returns a positive or negative answer, then no other servers in that list are posed the same question"

basically saying that the purpose of a client setting of primary and secondary dns servers is for redundancy only.
Both primary and secondary servers are assumed to hold the exact same information.
If the primary gives ANY response at all... the client assumes the secondary will have the same response and not bother.
If the primary does not respond... no comms back... then the client will use the secondar.  Redundancy only.

oBda gave you what you need to set up your DNS server to allow recursive queries and set up forwarders
gl
CHAD
0
 
LVL 1

Author Comment

by:Povilas
ID: 10690250
How exactly should I configure forwarder and DNS IP on clients.

clients are from 192.168.1.4-192.168.1.254
2000 server is 192.168.1.2
ISP XP server is with two LAN cards IP: 192.168.1.1 and 100.200.111.233
0
 
LVL 11

Assisted Solution

by:chad
chad earned 200 total points
ID: 10690303
your clients dns settings should only list your local domain dns servers.
configure your dns servers to do recursive queries.
add forwarders to your dns zones... pointing to ISP dns servers


recursive queries:
client asks primary dns server for IP... dns server doesnt know... but looks at forwarder address and asks that server.
0
 
LVL 1

Author Comment

by:Povilas
ID: 10690466
the problem might be, when I'll try to seperate two LAN's.

XP server (will be Linux server for firewall and router function):
LANcard1: 192.168.1.1 (LAN switch 1)
LANcard2: 192.168.2.1 (LAN switch 2)
WANcard3: 100.200.100.200
WANcard4: 100.200.100.201

2000 server (with active directory for 192.168.1.* LAN domain users):
LANcard1: 192.168.1.2

Domain clients:
LANcard1: 192.168.1.3-192.168.1.254 (No need for DHCP)

NON domain clients:
LANcard1: 192.168.2.2-192.168.2.254 (very important to have totally automatic DNS and DHCP, and to have no access to Domain LAN)

How DMS and DHCP configuration must look like to work for Domain computers, and for non-domain user that will have no permisions to 192.168.1.* LAN. My win2000 srv will not be able to provide DNS queries for 192.168.2.* LAN !!! (packets will go from switch to ISP router).
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question