Internet domains not resolving when using internal DNS servers

Posted on 2013-02-04
Last Modified: 2013-02-06
Hello. We have a Windows 2003 R2 domain. We have 2 servers for Active Directory. One server is a DHCP server, both are running Windows DNS services. The DHCP lease pool points to both servers for DNS resolution; as preferred and as alternate. Recently, some internet domains will not resolve. If I remember correctly, I read where you shouldn't use your ISP's domain servers with AD. I could be wrong. If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly. Can anyone tell me why they won't when using internal DNS servers? They've worked for years without issue. Nothing has changed on the servers.  I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically. I don't understand why typing in the DNS works.  We only have one provider, Cox. I appreciate your help.
Question by:CMWinters

Expert Comment

ID: 38852999
I thought once a dns query was made to the internal DNS, if it couldn't find a host, it referred to the ISP's domain automatically.

That is only true if you have a secondary DNS that is your ISPs

Expert Comment

ID: 38853004
You need to make sure you have a Router setting inside your DHCP server to point to your actual gateway.  Your gateway should be your physical router and your router should hold your ISPs DNS servers.  DHCP will then hand out the appropriate internal name servers and gateway addresses to clients in order to resolve host names.

Assisted Solution

mmahaek earned 167 total points
ID: 38853028
Setup your DHCP to hand out your internal DNS servers to your clients.  On each of your DNS servers, set forwarding settings to make sure root hints are used if no forwarders are available.  You can optionally add your ISP as a forwarder, which will have your DNS server go out to your ISP to pull public DNS queries on behalf of your clients.
LVL 16

Accepted Solution

PaciB earned 333 total points
ID: 38854624

What mmahaek said is the solution. It must be done like mmahaek says.

What I read before mmaheak's post MUST NOT BE DONE !!!
When you are in a AD domain you MUST NEVER mix internal DNS servers and external DNS severs in your IP settings on any machine. Clients and serves MUST ONLY interrogate internal DNS servers, and internal DNS servers must be configured with DNS forwarders to be able to resolve external names.

Also, don't confuse IP routing and DNS resolution... Of course IP routing must work, but your router is not and must not became your DNS server.

Mmahaek should have the points, but if you want an explanation of why you must never mix internal and external DNS servers you may read my article I wrote about that :

Have a good day.

Expert Comment

ID: 38854793

Your router facing the internet has to be your gateway, otherwise, how is your internal traffic going to be able to resolve external host names?  All you do is have your internal DNS servers point to themselves and hand out their address to internal clients via DHCP, with a router entry in the DHCP settings that points to the internal IP of the external gateway. That's all that I said and it is absolutely 100% correct.
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 16

Expert Comment

ID: 38854894

What you say in your last post is correct and I agree 150% with that.

But in your previous post you said that:
and your router should hold your ISPs DNS servers

What a router has to do with DNS servers ???? Or May be I have not understood what this phrase means ?

By the way, the author said that:
If I change the DHCP lease pool option to point to Cox's domain servers, internet domains resolve properly
For my understanding it means that routing is correct... DHCP settings about router is correct...

Only DNS is involved in this issue and that's why I warned about any confusion.

Have a good day.

Expert Comment

ID: 38855013
The router I referenced is your internet facing router (gateway) responsible for resolving external host names allowing you access to the internet.  Sorry if that was confusing.
LVL 11

Expert Comment

ID: 38855811
In other words, your machines should be using your DNS (internal) server.  This will speed internal traffic between machines, printers, etc.  Your Internet Gateway (router, modem, etc) where your ISP connection is plug should be using those provided by your ISP.
LVL 16

Assisted Solution

PaciB earned 333 total points
ID: 38856101
Why everybody want to mix routing equipment and DNS service !!???

The Internet Gateway is a router ! ONLY a router and must be considered like that. A router does not resolve DNS names !

Oh yes ! Your DSL router at home is also a DHCP server and a DNS server, but this is at home !!! NOT HERE !!!

So please, this box (whatever you call it, router, modem, or anything else) is a simple ROUTER. We don't care if it also is able to be DHCP or DNS server... We don't use these features here.
Here, the Domain controllers are the DNS servers, and are the DHCP server.

Here is what MUST BE DONE:

1) on the DNS console on the domain controllers, right-click on the server and choose "properties". There's a tab called "forwarders". Add a forwarder that point to IP address of each ISP DNS server. Doing like that, your DNS server is now able to forward request for external names to external DNS servers at the ISP network.

2) configure ALL machines (servers, DCs, workstation) to ONLY interrogate internal DNS servers

And again, NEVER use external DNS servers in IP settings on any machine that is member of a domain. If you want a precise explanation of this rule you should read my article :

Author Closing Comment

ID: 38861843
Thanks to all of you for your time.

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now