drewberrylicious
asked on
Modifying DNS Zones - Impact on Active Directory
I set up a Windows 2003 Server Domain with Active Directory and DNS. Our DNS name (per the Active Directory configuration wizard is hq.company.com.au)
DNS is running on the Domain Controller DC01 and the IP address is 192.168.1.101
I also have a router (IP 192.168.1.254) which acts as the DHCP server which assigns clients the Primary DNS address of 192.168.1.101 and the secondary as 192.168.1.254 (the router itself)
This generally works okay, but local computers cannot resolve our website address www.company.com.au unless I set the primary DNS address to the router/default gateway.
I can do this, but it means that the client logon process takes anywhere for 30 seconds - 2 minutes.
So I'm trying to figure out a way to keep the primary DNS server address as the AD/Windows based DNS server and still be able to resolve our website from all local clients.
Is there a simple change I can make to our DNS configuration to support this? I just figure that the computers on our network should belong to the hq.company.com.au forward lookup zone, but I really don't know.
I've also attached an IPCONFIG from a windows xp client and the domain controller/dns server. The only thing that looks perhaps a little strange to me (again, I'm guessing) is the DNS suffixes....I note that on the client the connection specific suffix is home.gateway (assigned by the router) or the DNS suffix search list.
Would appreciate some step by step instructions to resolve this.
hq.company.com.au-zone.jpg
company.com.au-zone.jpg
client-ipconfig.jpg
dc-ipconfig.jpg
DNS is running on the Domain Controller DC01 and the IP address is 192.168.1.101
I also have a router (IP 192.168.1.254) which acts as the DHCP server which assigns clients the Primary DNS address of 192.168.1.101 and the secondary as 192.168.1.254 (the router itself)
This generally works okay, but local computers cannot resolve our website address www.company.com.au unless I set the primary DNS address to the router/default gateway.
I can do this, but it means that the client logon process takes anywhere for 30 seconds - 2 minutes.
So I'm trying to figure out a way to keep the primary DNS server address as the AD/Windows based DNS server and still be able to resolve our website from all local clients.
Is there a simple change I can make to our DNS configuration to support this? I just figure that the computers on our network should belong to the hq.company.com.au forward lookup zone, but I really don't know.
I've also attached an IPCONFIG from a windows xp client and the domain controller/dns server. The only thing that looks perhaps a little strange to me (again, I'm guessing) is the DNS suffixes....I note that on the client the connection specific suffix is home.gateway (assigned by the router) or the DNS suffix search list.
Would appreciate some step by step instructions to resolve this.
hq.company.com.au-zone.jpg
company.com.au-zone.jpg
client-ipconfig.jpg
dc-ipconfig.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> Any suggestions on how to prevent the router assigning DNS suffixes?
Depends on the router ...; you might consider moving DHCP to your server.
> Also, can you tell me the best way to set up forwarders outside of the wizard process?
Start the DNS MMC, open the properties of the server, go to the Forwarders tab.
> Also, when I ping hq.company.com.au I get a host not found error. What's the deal with that?
Start by making sure that your machine are only using your DC's IP address (do that on the DC as well, instead of 127.0.0.1) and the forwarders are configured, then run "ipconfig /flushdns" on the DNS clients.
You can use dcdiag.exe and netdiag.exe (both support a "/fix" argument to fix small errors on the fly for further troubleshooting.
Windows Server 2003 Service Pack 2 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-939B-9A772EA2DF90&displaylang=en
> what's the difference between the hq.company.com.au and just company.com.au in the forward lookup zones
hq.company.com.au is your AD domain, from what you've said (this zone *has* to exist), the other was probably added manually.
Depends on the router ...; you might consider moving DHCP to your server.
> Also, can you tell me the best way to set up forwarders outside of the wizard process?
Start the DNS MMC, open the properties of the server, go to the Forwarders tab.
> Also, when I ping hq.company.com.au I get a host not found error. What's the deal with that?
Start by making sure that your machine are only using your DC's IP address (do that on the DC as well, instead of 127.0.0.1) and the forwarders are configured, then run "ipconfig /flushdns" on the DNS clients.
You can use dcdiag.exe and netdiag.exe (both support a "/fix" argument to fix small errors on the fly for further troubleshooting.
Windows Server 2003 Service Pack 2 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-939B-9A772EA2DF90&displaylang=en
> what's the difference between the hq.company.com.au and just company.com.au in the forward lookup zones
hq.company.com.au is your AD domain, from what you've said (this zone *has* to exist), the other was probably added manually.
ASKER
I think that adding the A entry to www might help.
Any suggestions on how to prevent the router assigning DNS suffixes?
Also, can you tell me the best way to set up forwarders outside of the wizard process?
Also, when I ping hq.company.com.au I get a host not found error. What's the deal with that?
And finally (sorry to bombard you with more questions), what's the difference between the hq.company.com.au and just company.com.au in the forward lookup zones?
I will definitely read the information on the other links tomrorow, but it's 11pm here now and I need to get some sleep.
Many thanks!