Improve company productivity with a Business Account.Sign Up

x
?
Solved

XP Clients Not Resolving DNS through DHCP assigned values

Posted on 2007-11-26
2
Medium Priority
?
1,773 Views
Last Modified: 2008-05-30
This is probably one of the more weird problems I've seen.  We have XP clients in our district offices who are configured through the local router via DHCP.  That DHCP server is assigning them our main DNS server 192.168.1.221 and then a local ISP DNS server.  Randomly our clients DNS will stop working on their machines.  When doing an IPCONFIG /ALL, all the settings are correct.  If we statically assign the DNS servers in the Network Configuration options in the client control panel DNS works fine.  Then if I switch it back to DHCP, it works for a random period of time and goes back to this same problem.

While the machines are experiencing this problem, I can run an nslookup to the DNS server by name and it resolves correctly.  However, if I try to ping the same DNS name I just ran NSLOOKUP on, it says "Ping request could not find host <computername>.  Please check the name and try again."  We are not getting any errors in the DNS event viewer since 11/12 and the last error is:

The DNS server has encountered a critical error from the Active Directory.  Check that the Active Directory is functioning properly.  The extended error debug information (which may be empty) is "".  The event data contains the error.

This is very frustrating as I'm not 100% sure that it's really a DNS issue or network configuration problem.  Any help would be very helpful.
0
Comment
Question by:Phreak3eb
  • 2
2 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20350099
Clients should not have the IP of your ISP for DNS - They should ONLY have the IP of your own internal DNS server - that server should then use forwarders to resolve external names.

If you use the ISP DNS even as al alternate DNS then it will cause issues such as those you are describing.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 20350609
A bit more in the way of explanation.

A client will always use the preferred DNS server to resolve names. If the preferred DNS responds - even if it is to say that the name cannot be found then the alternate DNS is never used. Your DNS server should be set to forward external DNS queries in such cases - see
http://www.petri.co.il/configure_dns_forwarding.htm

The alternate DNS is only ever used if the preferred DNS server does not respond in a timely manner - once this happens then it continues to use the alternate DNS server in preference.
No if your DNS server is slow to respond (busy) and the alternate is tried as a result your clients then try to use this for all name resolution - includind internal resolution - and it fails.
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question