asked on Domain communication
Hi,
I´ve recently installed a win server2003 with the DC role. The scenario i have is a server that is a DNS with AD connected with other pc that were recently added to the newly created local domain. the gateway is a router (also modem) that has a WAn setting to get the configuration using the ISP DHCP. internally it is the dhcp for the LAN. I´ve been experiencing a lot of problems trying to add the computer to the domain, i have to set the PCs NIC configurations to manual and remove the gateway and put the DC IP as primary DNS to be able to get access to the domain. After that i need internet and the PCs only get to the internet configuring the secondary DNS with the gateway IP and put the gateway IP back to the NIC settings. Once all that is done i have troubles communicating with the internal DNS, it takes a long time to open a network drive, users take long to be able to log in to their session. It seems like the gateway is sending the name resolutions to the external DNS and making the LAN very slow. It is the first time i have this issues, i´ve also configured forwarders on my DNS. Can someone help with thi issue?
I´ve recently installed a win server2003 with the DC role. The scenario i have is a server that is a DNS with AD connected with other pc that were recently added to the newly created local domain. the gateway is a router (also modem) that has a WAn setting to get the configuration using the ISP DHCP. internally it is the dhcp for the LAN. I´ve been experiencing a lot of problems trying to add the computer to the domain, i have to set the PCs NIC configurations to manual and remove the gateway and put the DC IP as primary DNS to be able to get access to the domain. After that i need internet and the PCs only get to the internet configuring the secondary DNS with the gateway IP and put the gateway IP back to the NIC settings. Once all that is done i have troubles communicating with the internal DNS, it takes a long time to open a network drive, users take long to be able to log in to their session. It seems like the gateway is sending the name resolutions to the external DNS and making the LAN very slow. It is the first time i have this issues, i´ve also configured forwarders on my DNS. Can someone help with thi issue?
Microsoft Legacy OSWindows NetworkingNetworking
Last Comment
Windindi
Configure DHCP on your Domain controller. Primary DNS is your DC and leave the secondary blank. Configure your DNS server on the DC to forward to the router. You can verify that DNS is working by logging on to your DNS server and browsing www.google.com. Once that's done, turn off the DHCP on your router. You'll need to either have all computers reboot or do an ipconfig /release ipconfig /renew from the command prompt for your client computers to find the new DHCP server.
Here's how name resolution works to a website/internal server. We'll use DC1.domain.local as the example:
1. Client computer checks lmhosts/hosts file for dc1.domain.local
2. Client computer checks cache for dc1.domain.local
3. Client computer checks the Primary DNS for dc1.domain.local
4. Client computer checks the Secondary DNS for dc1.domain.local
5. Client computer checks WINS for dc1.domain.local
6. Client computer does a broadcast for dc1.domain.local
Because it's so slow you're hitting the broadcast phase of name resolution. The client computer is just yelling out to the entire network "HEY! Does anyone know where dc1.domain.local is?!?" which is slow and might not get a response.
Here's how the DNS server works.
1. Request comes for dc1.domain.local. DNS Server checks to see if it owns the zone domain.local. If it does, it looks for DC1. If it finds it, send the reply back to the requester.
2. If it doesn't own domain.local it checks it's cache
3. If it's not in the cache it checks the forwarders (forwarders go thru steps 1 and 2)
4. If it's not in the forwarders it checks the root hints (ie, d.root-servers.net). Root hints go thru steps 1 and 2.
5. If it can't find it there it gives up and says "Sorry" to the requester. Requester continues to step 4.
Hope that helps explain it all and gives you some guidance on how to resolve this issue. :-)
Here's how name resolution works to a website/internal server. We'll use DC1.domain.local as the example:
1. Client computer checks lmhosts/hosts file for dc1.domain.local
2. Client computer checks cache for dc1.domain.local
3. Client computer checks the Primary DNS for dc1.domain.local
4. Client computer checks the Secondary DNS for dc1.domain.local
5. Client computer checks WINS for dc1.domain.local
6. Client computer does a broadcast for dc1.domain.local
Because it's so slow you're hitting the broadcast phase of name resolution. The client computer is just yelling out to the entire network "HEY! Does anyone know where dc1.domain.local is?!?" which is slow and might not get a response.
Here's how the DNS server works.
1. Request comes for dc1.domain.local. DNS Server checks to see if it owns the zone domain.local. If it does, it looks for DC1. If it finds it, send the reply back to the requester.
2. If it doesn't own domain.local it checks it's cache
3. If it's not in the cache it checks the forwarders (forwarders go thru steps 1 and 2)
4. If it's not in the forwarders it checks the root hints (ie, d.root-servers.net). Root hints go thru steps 1 and 2.
5. If it can't find it there it gives up and says "Sorry" to the requester. Requester continues to step 4.
Hope that helps explain it all and gives you some guidance on how to resolve this issue. :-)
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hello, on the DC / DNS server please configure the network interface as follows: First DNS should be the localhost ( 127.0.0.1 ) and second DNS should be the ip of your Router / Modem. Your Clients should only have the first dns configured with the ip of your DC / DNS server.
If you want your router to be your DHCP it should give the clients the DNS of the DC / DNS server. Otherwise you must use your DC / DNS server as DHCP. Or you can configure every client manually and give it the ip of your DC / DNS server as the first DNS IP. The second DNS should be left blank.
If you want your router to be your DHCP it should give the clients the DNS of the DC / DNS server. Otherwise you must use your DC / DNS server as DHCP. Or you can configure every client manually and give it the ip of your DC / DNS server as the first DNS IP. The second DNS should be left blank.
ASKER
I've tried to configure the pc with manual settings but still when i put the gateway it goes crazy takes a long time to get to the local dc. Settings i've put on the pc NIC:
IP- 192.168.1.5
SM- 255.255.255.0
Gateway- 192.168.1.1 (router in my lan)
1DNS- 192.168.1.2 (DC local)
2DNS- 192.168.1.1 (router in my LAN)
With this settings i cannot join the domain but can get to the internet, once i remove the 2dns and the gateway i restart the pc and can get to the DC and even map net drives, I' ve configured 192.168.1.1 as a forwarder on my local dns. I can't even configure the router ip on my dc gateway because all the network gets crazy
IP- 192.168.1.5
SM- 255.255.255.0
Gateway- 192.168.1.1 (router in my lan)
1DNS- 192.168.1.2 (DC local)
2DNS- 192.168.1.1 (router in my LAN)
With this settings i cannot join the domain but can get to the internet, once i remove the 2dns and the gateway i restart the pc and can get to the DC and even map net drives, I' ve configured 192.168.1.1 as a forwarder on my local dns. I can't even configure the router ip on my dc gateway because all the network gets crazy
(1) On the PC NIC, if you do an 'ipconfig' at the command prompt, what is the value in 'Connection-specific DNS Suffix'. (And if it isn't the full name of the domain, why isn't it?)
(2) Are there any errors in the (a) DNS Log and (b) System Log on the DC?
(3) "I can't even configure the router ip on my dc gateway because all the network gets crazy " -- I don't understand what you are saying you are attempting to do. Please restate?
(2) Are there any errors in the (a) DNS Log and (b) System Log on the DC?
(3) "I can't even configure the router ip on my dc gateway because all the network gets crazy " -- I don't understand what you are saying you are attempting to do. Please restate?
it sounds like your local dns is hosed. Is this the only machine exhibiting these problems or is it system-wide?
ASKER
The system is completely slow, sometimes is really quickly to print to the network printer that is set with a NIC with the IP 192.168.1.30, i can't even get access to the net drives mapped from the \\192.168.1.2, but then for no reason at all i can get access to the drives and can print, very weird
ASKER
Hi there,
sorry for the delay assigning the points, finally I could find that there was a firewall blocking the traffic between the pcs and the server. It was the antivirus firewall that was on and blocking the conection.
thank you,
Regards
sorry for the delay assigning the points, finally I could find that there was a firewall blocking the traffic between the pcs and the server. It was the antivirus firewall that was on and blocking the conection.
thank you,
Regards
Is the DNS Suffix set to match the domain?
Sounds like you already have the computers in the domain pointing at the DC for DNS resolution. That is how it should be.... and it's fine for your DNS server to point to the ISP for forwarding, as long as it's using it's own zone for domain information.