?
Solved

Internet domains not resolving when using internal DNS servers

Posted on 2013-02-04
10
Medium Priority
?
882 Views
Last Modified: 2013-02-06
Hello. We have a Windows 2003 R2 domain. We have 2 servers for Active Directory. One server is a DHCP server, both are running Windows DNS services. The DHCP lease pool points to both servers for DNS resolution; 192.168.1.6 as preferred and 192.168.1.5 as alternate. Recently, some internet domains will not resolve. If I remember correctly, I read where you shouldn't use your ISP's domain servers with AD. I could be wrong. If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly. Can anyone tell me why they won't when using internal DNS servers? They've worked for years without issue. Nothing has changed on the servers.  I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically. I don't understand why typing in the DNS works.  We only have one provider, Cox. I appreciate your help.
0
Comment
Question by:CMWinters
10 Comments
 
LVL 4

Expert Comment

by:tycoot
ID: 38852999
I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically.

That is only true if you have a secondary DNS that is your ISPs
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38853004
You need to make sure you have a Router setting inside your DHCP server to point to your actual gateway.  Your gateway should be your physical router and your router should hold your ISPs DNS servers.  DHCP will then hand out the appropriate internal name servers and gateway addresses to clients in order to resolve host names.
0
 
LVL 6

Assisted Solution

by:mmahaek
mmahaek earned 668 total points
ID: 38853028
Setup your DHCP to hand out your internal DNS servers to your clients.  On each of your DNS servers, set forwarding settings to make sure root hints are used if no forwarders are available.  You can optionally add your ISP as a forwarder, which will have your DNS server go out to your ISP to pull public DNS queries on behalf of your clients.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 16

Accepted Solution

by:
Bruno PACI earned 1332 total points
ID: 38854624
Hi,

What mmahaek said is the solution. It must be done like mmahaek says.

What I read before mmaheak's post MUST NOT BE DONE !!!
When you are in a AD domain you MUST NEVER mix internal DNS servers and external DNS severs in your IP settings on any machine. Clients and serves MUST ONLY interrogate internal DNS servers, and internal DNS servers must be configured with DNS forwarders to be able to resolve external names.

Also, don't confuse IP routing and DNS resolution... Of course IP routing must work, but your router is not and must not became your DNS server.

Mmahaek should have the points, but if you want an explanation of why you must never mix internal and external DNS servers you may read my article I wrote about that : http://www.experts-exchange.com/Networking/Protocols/DNS/A_11136-Some-important-DNS-concepts-for-good-diagnosis-and-good-configuration.html


Have a good day.
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38854793
PaciB,

Your router facing the internet has to be your gateway, otherwise, how is your internal traffic going to be able to resolve external host names?  All you do is have your internal DNS servers point to themselves and hand out their address to internal clients via DHCP, with a router entry in the DHCP settings that points to the internal IP of the external gateway. That's all that I said and it is absolutely 100% correct.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38854894
tjc123,


What you say in your last post is correct and I agree 150% with that.

But in your previous post you said that:
and your router should hold your ISPs DNS servers

What a router has to do with DNS servers ???? Or May be I have not understood what this phrase means ?



By the way, the author said that:
If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly
For my understanding it means that routing is correct... DHCP settings about router is correct...

Only DNS is involved in this issue and that's why I warned about any confusion.


Have a good day.
0
 
LVL 5

Expert Comment

by:tjc123
ID: 38855013
The router I referenced is your internet facing router (gateway) responsible for resolving external host names allowing you access to the internet.  Sorry if that was confusing.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38855811
In other words, your machines should be using your DNS (internal) server.  This will speed internal traffic between machines, printers, etc.  Your Internet Gateway (router, modem, etc) where your ISP connection is plug should be using those provided by your ISP.
0
 
LVL 16

Assisted Solution

by:Bruno PACI
Bruno PACI earned 1332 total points
ID: 38856101
NOOOOO !
Why everybody want to mix routing equipment and DNS service !!???


The Internet Gateway is a router ! ONLY a router and must be considered like that. A router does not resolve DNS names !

Oh yes ! Your DSL router at home is also a DHCP server and a DNS server, but this is at home !!! NOT HERE !!!

So please, this box (whatever you call it, router, modem, or anything else) is a simple ROUTER. We don't care if it also is able to be DHCP or DNS server... We don't use these features here.
Here, the Domain controllers are the DNS servers, and are the DHCP server.

Here is what MUST BE DONE:

1) on the DNS console on the domain controllers, right-click on the server and choose "properties". There's a tab called "forwarders". Add a forwarder that point to IP address of each ISP DNS server. Doing like that, your DNS server is now able to forward request for external names to external DNS servers at the ISP network.

2) configure ALL machines (servers, DCs, workstation) to ONLY interrogate internal DNS servers


And again, NEVER use external DNS servers in IP settings on any machine that is member of a domain. If you want a precise explanation of this rule you should read my article : http://www.experts-exchange.com/Networking/Protocols/DNS/A_11136-Some-important-DNS-concepts-for-good-diagnosis-and-good-configuration.html
0
 

Author Closing Comment

by:CMWinters
ID: 38861843
Thanks to all of you for your time.
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question