Avatar of supercell29
supercell29
 asked on

Always need to refresh DNS on domain machines to get to intranet sites

Hello. I was curious as to why the company I work for, on a daily basis, must refresh their dns cache in order to see the intranet sites within the company.

Here is the setup:

Servers:

Internal dns server: Server 2003 (Active Directory) x.x.internal (FQDN). Forward all external requests to external dns.
External dns server: Server 2003 (Active Directory) x.x.com, x.x.net, x.x.org

Local machines OS: Windows XP Pro (All part of Active Driectory domain).

Problem: Users come in and call stating that they cannot get to the intranet (x.x.internal) domain. I tell them to refresh their dns cache and their good to go. How do I prevent this from occurring?

Any suggestions would be much appreciated!
Windows Server 2003

Avatar of undefined
Last Comment
supercell29

8/22/2022 - Mon
Mazaraat

Are both servers "local" meaing they are not offiste...? can you post IPCONFIG /ALL from servers

Do you give DNS information via DHCP for your clients?  Can you post an IPCONFIG /all from workstation

do you have a host (A) record pointing to your intranet site on your INTERNAL dns server?
supercell29

ASKER
Yes, both are local. Yes, I can post IPCONFIG /ALL from servers:

INTERNAL DNS: X.X.internal

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.3.34
   Subnet Mask . . . . . . . . . . . : 255.x.x.x
   Default Gateway . . . . . . . . . : 172.16.3.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   Primary WINS Server . . . . . . . : 192.1.1.222 (INTERNAL IP)
   Secondary WINS Server . . . . . . : 192.1.1.223
                                       172.16.2.25
                                       172.16.1.20
                                       172.16.2.11
                                     
EXTERNAL DNS (Separate server): X.X.com, x.x.net, x.x.org

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 216.x.x.x
   Subnet Mask . . . . . . . . . . . : 255.x.x.x
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 216.x.x.x
                                       172.16.3.34

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.3.6
   Subnet Mask . . . . . . . . . . . : 255.x.x.x
   Default Gateway . . . . . . . . . : 172.16.3.1
   DNS Servers . . . . . . . . . . . : 172.16.3.34
                                       216.x.x.x
                                       216.x.x.x
   Primary WINS Server . . . . . . . : 192.1.1.222
   Secondary WINS Server . . . . . . : 192.1.1.223
                                       172.16.2.25
                                       172.16.1.20



Yes, I give DNS information via DHCP for your clients. Yes, I can post an IPCONFIG /all from a workstation:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : cwp.internal
        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
        Physical Address. . . . . . . . . :
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 172.16.7.53
        Subnet Mask . . . . . . . . . . . : 255.x.x.x
        Default Gateway . . . . . . . . . : 172.16.7.1
        DHCP Server . . . . . . . . . . . : 172.16.3.34
        DNS Servers . . . . . . . . . . . : 172.16.3.34
                                            216.x.x.x
                                            216.x.x.x
                                            172.16.14.9
        Primary WINS Server . . . . . . . : 192.1.1.222
        Secondary WINS Server . . . . . . : 192.1.1.223
                                           
                                            172.16.2.11
                                            172.16.2.25

Yes, I have a host (A) record pointing to my intranet site on my INTERNAL dns server.
oBdA

By using *only* your internal DNS server for *all* domain members. Remove the 216. and 172. DNS servers from the clients (and any member servers).

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
Your help has saved me hundreds of hours of internet surfing.
fblack61
oBdA

Hold on a bit; one more question, as I just noticed something that might be complicating things: what do you mean with "External dns server: Server 2003 (Active Directory)"? Is this an AD domain controller running DNS that's accessible from the outside?
If so, that's a rather bad idea. Your AD DNS should not be publicly accessible. Not to mention that it doesn't seem to live in a DMZ.
You can check the correct DNS configuration for an AD domain in the articles above, but if you have a setup like the one I'm asking about, you should fix that.
supercell29

ASKER
No. AD is not possible to set up using a primary DNS in a public situation.
oBdA

Hm? That's not a public situation; this DNS server has an IP address in your own network, and stranger things have happened.
Anyway, if this isn't a DC, then you should be fine if you use 172.16.3.34 excusively as DNS server on your clients.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
supercell29

ASKER
This network is comprised of BOTH a public DNS as well as a private DNS. There are two DNS servers as shown in my aforementioned post. One has a public address 216.X.X.X (multihomed with a private), and one has the private 172.16.3.34 address. The 172.16.3.34 is a DC as well as a internal DNS, thus the x.internal domain, as well as the DHCP server which, as we all know, in combination with the internal DNS gives us active directory as well as an internal DDNS. The internal DNS is pointed to the external DNS to forward all unknown requests. My theory is that both DNS servers are set up just fine. It is the DNS cache on SOME (not all), of the individual PC's that are, for some odd reason, caching the wrong DNS information. As I mentioned earlier - when the DNS cache is cleared on the problematic PC's all is back to normal.

ASKER CERTIFIED SOLUTION
oBdA

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
supercell29

ASKER
Not sure why the DDNS would be issuing out the wrong DNS address via DHCP. All primary's are set to the 172.16.3.34 DDNS on all subnets. User intervention is not allowed. I will have to IPCONFIG /ALL when this issue pops up again.

Thank you.