supercell29
asked on
Always need to refresh DNS on domain machines to get to intranet sites
Hello. I was curious as to why the company I work for, on a daily basis, must refresh their dns cache in order to see the intranet sites within the company.
Here is the setup:
Servers:
Internal dns server: Server 2003 (Active Directory) x.x.internal (FQDN). Forward all external requests to external dns.
External dns server: Server 2003 (Active Directory) x.x.com, x.x.net, x.x.org
Local machines OS: Windows XP Pro (All part of Active Driectory domain).
Problem: Users come in and call stating that they cannot get to the intranet (x.x.internal) domain. I tell them to refresh their dns cache and their good to go. How do I prevent this from occurring?
Any suggestions would be much appreciated!
Here is the setup:
Servers:
Internal dns server: Server 2003 (Active Directory) x.x.internal (FQDN). Forward all external requests to external dns.
External dns server: Server 2003 (Active Directory) x.x.com, x.x.net, x.x.org
Local machines OS: Windows XP Pro (All part of Active Driectory domain).
Problem: Users come in and call stating that they cannot get to the intranet (x.x.internal) domain. I tell them to refresh their dns cache and their good to go. How do I prevent this from occurring?
Any suggestions would be much appreciated!
ASKER
Yes, both are local. Yes, I can post IPCONFIG /ALL from servers:
INTERNAL DNS: X.X.internal
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.3.34
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.3.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 192.1.1.222 (INTERNAL IP)
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.25
172.16.1.20
172.16.2.11
EXTERNAL DNS (Separate server): X.X.com, x.x.net, x.x.org
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 216.x.x.x
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 216.x.x.x
172.16.3.34
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.3.6
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.3.1
DNS Servers . . . . . . . . . . . : 172.16.3.34
216.x.x.x
216.x.x.x
Primary WINS Server . . . . . . . : 192.1.1.222
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.25
172.16.1.20
Yes, I give DNS information via DHCP for your clients. Yes, I can post an IPCONFIG /all from a workstation:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : cwp.internal
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.7.53
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.7.1
DHCP Server . . . . . . . . . . . : 172.16.3.34
DNS Servers . . . . . . . . . . . : 172.16.3.34
216.x.x.x
216.x.x.x
172.16.14.9
Primary WINS Server . . . . . . . : 192.1.1.222
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.11
172.16.2.25
Yes, I have a host (A) record pointing to my intranet site on my INTERNAL dns server.
INTERNAL DNS: X.X.internal
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.3.34
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.3.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 192.1.1.222 (INTERNAL IP)
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.25
172.16.1.20
172.16.2.11
EXTERNAL DNS (Separate server): X.X.com, x.x.net, x.x.org
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 216.x.x.x
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 216.x.x.x
172.16.3.34
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.3.6
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.3.1
DNS Servers . . . . . . . . . . . : 172.16.3.34
216.x.x.x
216.x.x.x
Primary WINS Server . . . . . . . : 192.1.1.222
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.25
172.16.1.20
Yes, I give DNS information via DHCP for your clients. Yes, I can post an IPCONFIG /all from a workstation:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : cwp.internal
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.7.53
Subnet Mask . . . . . . . . . . . : 255.x.x.x
Default Gateway . . . . . . . . . : 172.16.7.1
DHCP Server . . . . . . . . . . . : 172.16.3.34
DNS Servers . . . . . . . . . . . : 172.16.3.34
216.x.x.x
216.x.x.x
172.16.14.9
Primary WINS Server . . . . . . . : 192.1.1.222
Secondary WINS Server . . . . . . : 192.1.1.223
172.16.2.11
172.16.2.25
Yes, I have a host (A) record pointing to my intranet site on my INTERNAL dns server.
By using *only* your internal DNS server for *all* domain members. Remove the 216. and 172. DNS servers from the clients (and any member servers).
10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
Hold on a bit; one more question, as I just noticed something that might be complicating things: what do you mean with "External dns server: Server 2003 (Active Directory)"? Is this an AD domain controller running DNS that's accessible from the outside?
If so, that's a rather bad idea. Your AD DNS should not be publicly accessible. Not to mention that it doesn't seem to live in a DMZ.
You can check the correct DNS configuration for an AD domain in the articles above, but if you have a setup like the one I'm asking about, you should fix that.
If so, that's a rather bad idea. Your AD DNS should not be publicly accessible. Not to mention that it doesn't seem to live in a DMZ.
You can check the correct DNS configuration for an AD domain in the articles above, but if you have a setup like the one I'm asking about, you should fix that.
ASKER
No. AD is not possible to set up using a primary DNS in a public situation.
Hm? That's not a public situation; this DNS server has an IP address in your own network, and stranger things have happened.
Anyway, if this isn't a DC, then you should be fine if you use 172.16.3.34 excusively as DNS server on your clients.
Anyway, if this isn't a DC, then you should be fine if you use 172.16.3.34 excusively as DNS server on your clients.
ASKER
This network is comprised of BOTH a public DNS as well as a private DNS. There are two DNS servers as shown in my aforementioned post. One has a public address 216.X.X.X (multihomed with a private), and one has the private 172.16.3.34 address. The 172.16.3.34 is a DC as well as a internal DNS, thus the x.internal domain, as well as the DHCP server which, as we all know, in combination with the internal DNS gives us active directory as well as an internal DDNS. The internal DNS is pointed to the external DNS to forward all unknown requests. My theory is that both DNS servers are set up just fine. It is the DNS cache on SOME (not all), of the individual PC's that are, for some odd reason, caching the wrong DNS information. As I mentioned earlier - when the DNS cache is cleared on the problematic PC's all is back to normal.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not sure why the DDNS would be issuing out the wrong DNS address via DHCP. All primary's are set to the 172.16.3.34 DDNS on all subnets. User intervention is not allowed. I will have to IPCONFIG /ALL when this issue pops up again.
Thank you.
Thank you.
Do you give DNS information via DHCP for your clients? Can you post an IPCONFIG /all from workstation
do you have a host (A) record pointing to your intranet site on your INTERNAL dns server?