Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 845
  • Last Modified:

DNS problem on LAN's client PC when win2000 srv is not main server

I have the LAN settings:

1 LAN IP's - 192.168.1.1-192.168.1.254
2 LAN IP's - 192.168.2.1-192.168.2.254

windows 2000 srv active directory is set at 192.168.1.2 (not connected to the internet)
temporary winXP (connected to internet and shared to the LAN) is set at 192.168.1.1, ISP IP=100.200.100.200

if I set primary DNS on client PC's 192.168.1.2 and secondary 100.200.100.200 client cannot resolve internet addresses,
if I set primary DNS on client PC's 100.200.100.200 and secondary 192.168.1.2 client cannot resolve active directory names.

How can I solve this problem to get full DNS support for ISP and Active directory?

0
Povilas
Asked:
Povilas
  • 2
  • 2
2 Solutions
 
oBdACommented:
Your clients and your DC need to point *only* to your internal DNS, under no circumstances to your ISP's DNS. Then remove the root zone (".") on your W2k DNS, and configure forwarders to point to your ISP's DNS. Check the FAQ for more information.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Windows 2000 DNS and Active Directory Information and Technical Resources
http://support.microsoft.com/?kbid=298448

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202
0
 
chadCommented:
Just to add a comment here.  I see this alot and wanted to through this in.
This is a clip from the MS DNS whitepapers

"Servers are queried in the order they are given in the list, which is defined by the servers priorities. If one server in the list returns a positive or negative answer, then no other servers in that list are posed the same question"

basically saying that the purpose of a client setting of primary and secondary dns servers is for redundancy only.
Both primary and secondary servers are assumed to hold the exact same information.
If the primary gives ANY response at all... the client assumes the secondary will have the same response and not bother.
If the primary does not respond... no comms back... then the client will use the secondar.  Redundancy only.

oBda gave you what you need to set up your DNS server to allow recursive queries and set up forwarders
gl
CHAD
0
 
PovilasAuthor Commented:
How exactly should I configure forwarder and DNS IP on clients.

clients are from 192.168.1.4-192.168.1.254
2000 server is 192.168.1.2
ISP XP server is with two LAN cards IP: 192.168.1.1 and 100.200.111.233
0
 
chadCommented:
your clients dns settings should only list your local domain dns servers.
configure your dns servers to do recursive queries.
add forwarders to your dns zones... pointing to ISP dns servers


recursive queries:
client asks primary dns server for IP... dns server doesnt know... but looks at forwarder address and asks that server.
0
 
PovilasAuthor Commented:
the problem might be, when I'll try to seperate two LAN's.

XP server (will be Linux server for firewall and router function):
LANcard1: 192.168.1.1 (LAN switch 1)
LANcard2: 192.168.2.1 (LAN switch 2)
WANcard3: 100.200.100.200
WANcard4: 100.200.100.201

2000 server (with active directory for 192.168.1.* LAN domain users):
LANcard1: 192.168.1.2

Domain clients:
LANcard1: 192.168.1.3-192.168.1.254 (No need for DHCP)

NON domain clients:
LANcard1: 192.168.2.2-192.168.2.254 (very important to have totally automatic DNS and DHCP, and to have no access to Domain LAN)

How DMS and DHCP configuration must look like to work for Domain computers, and for non-domain user that will have no permisions to 192.168.1.* LAN. My win2000 srv will not be able to provide DNS queries for 192.168.2.* LAN !!! (packets will go from switch to ISP router).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now