Weird DNS issue; any help?

Posted on 2006-05-08
Last Modified: 2010-04-18

I have a Windows 2000 domain with a couple 2003 Member Servers including an Exchange Server.  The domain controller is 2000.  There is another domain that we use for testing which is running via Virtual Server.  In the drop down list for domains on a client machine, it shows.  (I thought that might be important.)

Many of our client pc's can not connect to the 2003 Servers via netbios name or dns name.  There are times if I ping the entire name including suffix, it will work.  This is a sporadic issue too, which makes it tougher to chase down.  The DNS server is obviously the domain controller and it has the correct records for these two servers.

Why could this be happening?  I'm having to go around and add hosts file entries which I don't like doing!  :)
Question by:wylde342
    LVL 51

    Expert Comment

    This could be due to the client and/or servers in your LAN that have the ISP DNS address on their NICs rather than your own DNS.

    Just to confirm:

    1)  No ISP DNS address anywhere - on any NIC - inside your LAN.
    2)  All zones in DNS to accept Dyamic Updates (Secure if only used for your domain-joined PCs).
    3)  All zones are AD Integrated.
    4)  On the Forwarder tab - this is the only place to enter the ISP DNS addresses.
    5)  DHCP should be checked to ensure the subnet mask, gateway and DNS entries are correct.  Options 003, 005 and 006 should be set.

    Let us know.


    Author Comment

    I believe you might have it Net.  Just to make sure, the Forwarder tab is in the properties of the DNS server correct?
    LVL 51

    Accepted Solution

    Yes, you are correct.

    Author Comment


    That was the fix.  Points!  If you wouldn't mind, why would that cause the issue?  There is no internet address for these unreachable servers?

    LVL 51

    Expert Comment

    What specifically out of the list did you change?

    I'll take a guess that you had ISP addressing internally.

    You have to understand AD a bit to understand why the ISP DNS server should not be used internally.  Starting in Windows 2000 with the introduction of AD, domains became DNS-based.  What this means in general terms is that your clients will now ALWAYS look to the DNS server when they are trying to find a service for domain-based transactions.  These services are Kerberos, LDAP, KPassword, and even DNS itself - to name only a few.  Anything that is a service creates a service (SRV) record in DNS to help client computers find resources in the domain.

    If you introduce the ISP DNS into the network then the client will attempt to do a domain-based lookup to find a service from the ISP's server.  Since the ISP's server has absolutely no idea what is internal to your network then all internal lookups fail.  Since AD depends on DNS, then your clients cannot function within the domain since they cannot find the services they require.

    You always use your internal DNS for everything inside your network.  The Forwarder simply tells your DNS server to send anything it cannot resolve and that it is NOT authoritative for (think your AD namespace) to an upstream server (your ISP).  This "Forwarding" is how your internal network is able to resolve Internet namespaces since they do not exist on your server.

    Hope this helps a bit.


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This video discusses moving either the default database or any database to a new volume.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now