[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Internet domains not resolving when using internal DNS servers

Posted on 2013-02-04
10
Medium Priority
?
804 Views
Last Modified: 2013-02-06
Hello. We have a Windows 2003 R2 domain. We have 2 servers for Active Directory. One server is a DHCP server, both are running Windows DNS services. The DHCP lease pool points to both servers for DNS resolution; 192.168.1.6 as preferred and 192.168.1.5 as alternate. Recently, some internet domains will not resolve. If I remember correctly, I read where you shouldn't use your ISP's domain servers with AD. I could be wrong. If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly. Can anyone tell me why they won't when using internal DNS servers? They've worked for years without issue. Nothing has changed on the servers.  I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically. I don't understand why typing in the DNS works.  We only have one provider, Cox. I appreciate your help.
0
Comment
Question by:CMWinters
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 4

Expert Comment

by:tycoot
ID: 38852999
I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically.

That is only true if you have a secondary DNS that is your ISPs
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38853004
You need to make sure you have a Router setting inside your DHCP server to point to your actual gateway.  Your gateway should be your physical router and your router should hold your ISPs DNS servers.  DHCP will then hand out the appropriate internal name servers and gateway addresses to clients in order to resolve host names.
0
 
LVL 6

Assisted Solution

by:mmahaek
mmahaek earned 668 total points
ID: 38853028
Setup your DHCP to hand out your internal DNS servers to your clients.  On each of your DNS servers, set forwarding settings to make sure root hints are used if no forwarders are available.  You can optionally add your ISP as a forwarder, which will have your DNS server go out to your ISP to pull public DNS queries on behalf of your clients.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 16

Accepted Solution

by:
Bruno PACI earned 1332 total points
ID: 38854624
Hi,

What mmahaek said is the solution. It must be done like mmahaek says.

What I read before mmaheak's post MUST NOT BE DONE !!!
When you are in a AD domain you MUST NEVER mix internal DNS servers and external DNS severs in your IP settings on any machine. Clients and serves MUST ONLY interrogate internal DNS servers, and internal DNS servers must be configured with DNS forwarders to be able to resolve external names.

Also, don't confuse IP routing and DNS resolution... Of course IP routing must work, but your router is not and must not became your DNS server.

Mmahaek should have the points, but if you want an explanation of why you must never mix internal and external DNS servers you may read my article I wrote about that : http://www.experts-exchange.com/Networking/Protocols/DNS/A_11136-Some-important-DNS-concepts-for-good-diagnosis-and-good-configuration.html


Have a good day.
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38854793
PaciB,

Your router facing the internet has to be your gateway, otherwise, how is your internal traffic going to be able to resolve external host names?  All you do is have your internal DNS servers point to themselves and hand out their address to internal clients via DHCP, with a router entry in the DHCP settings that points to the internal IP of the external gateway. That's all that I said and it is absolutely 100% correct.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38854894
tjc123,


What you say in your last post is correct and I agree 150% with that.

But in your previous post you said that:
and your router should hold your ISPs DNS servers

What a router has to do with DNS servers ???? Or May be I have not understood what this phrase means ?



By the way, the author said that:
If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly
For my understanding it means that routing is correct... DHCP settings about router is correct...

Only DNS is involved in this issue and that's why I warned about any confusion.


Have a good day.
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38855013
The router I referenced is your internet facing router (gateway) responsible for resolving external host names allowing you access to the internet.  Sorry if that was confusing.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38855811
In other words, your machines should be using your DNS (internal) server.  This will speed internal traffic between machines, printers, etc.  Your Internet Gateway (router, modem, etc) where your ISP connection is plug should be using those provided by your ISP.
0
 
LVL 16

Assisted Solution

by:Bruno PACI
Bruno PACI earned 1332 total points
ID: 38856101
NOOOOO !
Why everybody want to mix routing equipment and DNS service !!???


The Internet Gateway is a router ! ONLY a router and must be considered like that. A router does not resolve DNS names !

Oh yes ! Your DSL router at home is also a DHCP server and a DNS server, but this is at home !!! NOT HERE !!!

So please, this box (whatever you call it, router, modem, or anything else) is a simple ROUTER. We don't care if it also is able to be DHCP or DNS server... We don't use these features here.
Here, the Domain controllers are the DNS servers, and are the DHCP server.

Here is what MUST BE DONE:

1) on the DNS console on the domain controllers, right-click on the server and choose "properties". There's a tab called "forwarders". Add a forwarder that point to IP address of each ISP DNS server. Doing like that, your DNS server is now able to forward request for external names to external DNS servers at the ISP network.

2) configure ALL machines (servers, DCs, workstation) to ONLY interrogate internal DNS servers


And again, NEVER use external DNS servers in IP settings on any machine that is member of a domain. If you want a precise explanation of this rule you should read my article : http://www.experts-exchange.com/Networking/Protocols/DNS/A_11136-Some-important-DNS-concepts-for-good-diagnosis-and-good-configuration.html
0
 

Author Closing Comment

by:CMWinters
ID: 38861843
Thanks to all of you for your time.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question