Help with DNS

Dear all,

I am a UK based user with a 1mb Braodband internet connection currently with BT.
I have setup a Win2K server at home to be used as a Domain Controller for a very small home network which has DNS, DHCP installed.
It is also my terminal for loggin in remotely via Terminal Services.
The Broadband internet connection comes into a Broadband Router (Netgear DM602) DHCP is turned off, there are a couple of ports open for FTP and TS access which point directly to the router.
All clients on my network are 'currently' setup to use the Win2K server as the DNS and the Router as the Gateway.
I get full internet access from all clients and the server, internal network connectivity is fine, all shares work without hitch and as fast as a small 100mb home network will work.

Internet access is fast and responsive.

When I check my event viewer under the system tab I am having a LOT of red event errors relating to DNS.

Above is a couple of examples screenies of the events (but there is about 20 or so more of these) some the same some different but all saying 'DNS opperation refused' at the end

Under my TCP/IP properties of my NIC (the Win2K server has a Static IP set that isn't included in the DHCP Scope) I have setup the DNS of the Router as primary DNS and the server itself as secondary (and swaped them about to see if that helps)

I'm sorry for the long winded post but I have tried to cover everything that might matter as obviously i'm not having a clue as to what might be up (not a DNS guru by any long stretch of imagination)

Many thanks for any help and advice.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Remove the second DNS entry from the server, leaving only itself as primary DNS.

That server should have outbound access on Port 53 so it can resolve external addresses for you.

This can be tested by using NSLookup (C:\> and > are just the prompts you'll get, don't type them):

C:\> nslookup
> server <your-server-IP>

And see if it comes back with a response.

Inside DNS Manager can you also check that a Forward Lookup zone for your domain exists, and, under it's properties is set to Allow Dynamic Updates and Secure Updates Only.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaleHarrisonAuthor Commented:
Thank you for the quick replies,

Just to clarify, you want me to remove the Routers IP address from my Win2K servers DNS settings and only have the Win2K servers IP as the DNS?

can you calrify what you mean by setting outbound access on port 53?  do you mean forward port 53 from the router to the Win2K server?

Broadband routers internal IP is
Win2K servers IP is

obviously the router is the device that connects to the ISP and gets the DNS from the ISP first...

Dam i struggle to understand this stuff :(

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Chris DentPowerShell DeveloperCommented:

Yep, you don't need the ISPs DNS in there. You can configure it as a Forwarder in the properties for your Server in DNS Manager, but that isn't essential.

With outbound it means from your server to the internet. If you don't block access to the internet then you don't need to change anything.

Certainly you don't want to forward requests from the router to your server - that's inbound traffic though :)

Anyway, if you look in DNS Manager for your Server and the properties you should see a tab called Root Hints. This has 13 addresses under it, each is a root server - and root servers know how to get to everything.

For a brief description of DNS. It works like this (without forwarders configured)...

1. Someone asks it a question like: what is the IP address for

2. DNS figures out it doesn't know the answer at the moment so starts looking for it.

3. It checks it's Root Hints section and asks one of the Root Servers, like

4. The root servers respond with "I don't know, but the server in charge of .com knows where to find it.".

5. Your DNS asks the server in charge of .com. That server replies with "I don't know about it, but this server knows all about it".

6. Finally your server finds the right server to ask and gets an answer to the question.

7. It returns the IP address of to the user who can how quite happily load the web page.

After it's found the address once it holds the answer in it's cache for a time, so if anyone asks again it can answer with that rather than having to ask everyone again.

For your Server itself, and the problem above, all it needs to do is add a few entries to it's own DNS. It won't have permission to do that on the Routers DNS so it has to use it's own.
DaleHarrisonAuthor Commented:
Under the braodband router properties there are 2 DNS options, get DNS from ISP automatically, or 'use specified DNS servers'

I checked out the Route Servers under DNS on the server - very insightful explanation from you - many thanks :)

There is no restriction on my server as to internet access etc so I would leave the outbound port part well alone then?

"Yep, you don't need the ISPs DNS in there. You can configure it as a Forwarder in the properties for your Server in DNS Manager, but that isn't essential."

sorry, I probably didin't explain too well... Under my Network Cards TCP/IP properties (DNS part) I had my servers IP address and the local IP address of the Broadband Router specified as the DNS addresses. I have now removed the Routers DNS address from here. The routers is configured to get a DNS address from my ISP (as it handles the Broadband dialing properties and estabilishes the actual broadband connection with BT) there isn't an option to turn this off, just either get the DNS address automatically or specify DNS addresses manually.

Confusion is slowly lifting, many thanks again

DaleHarrisonAuthor Commented:
ok, cleared the event log and re-booted the Server and most of the Red errors have left now but just get this error on now

Chris DentPowerShell DeveloperCommented:

You can leave DNS working on the Router, it's just you don't need it for your network - so you can just ignore it completely.

In your Servers IP Config you should just have it's own IP address as the Primary DNS (which it sounds like you have). It doesn't need anything else really.

Yep, leave outbound config since you're not blocking anything.

To check it all a little...

If you go to the command prompt can you type (ignoring the C:\> bit of course):

C:\> ipconfig /registerdns


C:\> nslookup
> <your-server-name>

And make sure you don't get any time-outs or errors.

Also check the Event Log for DNSAPI errors or anything in the DNS event log.

Is general internet access and such still working?
DaleHarrisonAuthor Commented:
thanks Chris, general internet is and always was working fine, it was quick and responsive too which to me suggests that there wasn't any issues with it resolving DNS names, I was just fed up with all the red even errors!

the above image is what NSlookup returned - which I think is ok, nothing in the DNS section of the event log, all fine. I guess now i've got rid of the red errors in the event log i'll just put up with the yellow warning error :)

Thanks so much for your help and understanding Chris
Chris DentPowerShell DeveloperCommented:

Almost there it seems.

Can you try:


And see if it can run it this time without the Can't find server name bits?

If that does work it looks like we just need to check a little information to the network TCP/IP config:

First, can you run:

ipconfig /all

And see if it has the Primary DNS suffix as

Then in Advanced TCP/IP Settings check that:

"Append primary and conncetion specific DNS suffixes" is selected with "Append parent suffixes of the primary DNS suffix" ticked. And "Register this connection's address" in DNS is ticked.
DaleHarrisonAuthor Commented:


unfortunatley as you can see the NSLookup was the same result as last time.

"Append parent suffixes of the primary DNS suffix"  that was the only bit that wasn't checked - the rest was all as you say it should be.

Thanks again
Chris DentPowerShell DeveloperCommented:

Inside DNS Manager on your server can you look in the Forward Lookup Zone and your Domain name for an Address Record for

And is this Windows 2000 Service Pack 4?
DaleHarrisonAuthor Commented:

screenie of DNS forward lookup zones - I think what you ask for is there alright!

and yes the server is SP4

Chris DentPowerShell DeveloperCommented:

Cool... can you also check you have a Reverse Lookup Zone listed? This one is based around your internal IP Range and should be something like 192.168.0.x.

If there isn't one, could you add an Active Directory Integrated zone there for your IP Range.

It just needs this to figure out the rest of the details for your server, once it's there run:

ipconfig /registerdns

again, which should make it add a PTR (Pointer) record which lists your Servers IP and Name. Check if that adds (give it 15 minutes or so).

If not, you can manually add a PTR record for your server.

Let me know if that doesn't make sense.
DaleHarrisonAuthor Commented:
thats fine, I did all that and it created the record no problem. Will run NSlookup again and post results (also will check the event viewer and let youknow)

Thanks again

DaleHarrisonAuthor Commented:
Hi Chris,

NSLookup didn't return any errors at all, although the yellow warning in the event view is still there.

I wouldn't worry about it too much as at least its not a red error anymore :)
Chris DentPowerShell DeveloperCommented:

That's always good news :)

Let me know if the yellow warning becomes unbearable.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.