[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

DNS issue Windows Server 2008

We have a simple configuration.
Server 2008 R2, File Server, Domain Controller, DHCP Server.
Terminal Server (Citrix), Server 2008 R2.
Exchange Server 2007.
Print Server.
We changed ISP recently, and now internet connection on the File Server is extremely slow, but ok after connecting.
The workstations on the LAN appeared to lose internet connection unless I changed their DNS Primary & Secondary to the DNS server of the new ISP provider, then all is well. Before IP & DNS were obtained automatically.
The primary DNS on the Files Server is, Secondary is the IP of the new ISP DNS server.
The DNS cache on the file server has been cleared.
Any ideas as to how to resolve this
1 Solution
Natty GregIn Theory (IT)Commented:
File server needs static ip address, and its preferable not to use the loop back address, which is built in into every computer.
josephwalshAuthor Commented:
The File server has a static IP address.
Should I use the DNS server IPs of the new ISP for both Primary & Secondary DNSs ?
Natty GregIn Theory (IT)Commented:
The primary dns should be your local dns, and the secondary should be that of the isp, reason you want local look ups to your local dns and if the lockup requires external help it will go through the isp dns
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

It depends on how many the domain controllers that you have ,your primary and secondary static IP's should be those of your internal DNS servers. Then your DNS servers should have as their forwarding IP's the address of the ISP DNS servers
Adam RayCommented:
Since your file server is the same machine as your DC... (and I assume you only have one DC.)

The primary DNS server setting of the LAN adapter should be the private IP of the file server/DC (they are the same machine.) Using usually works, but it's private IP (e.g. is better practice.

The secondary DNS server setting of the LAN adapter should be blank. (And of course no additional DNS servers in the advanced settings of the LAN adapter.)

On the "DNS server" settings on your DC (DNS management console), make sure you update the forwarding IPs to the new ISP DNS servers. (Some people say to use root hints rather than forwarders in a setup like your's, but I prefer using forwarders.)

On the "DHCP server" setting on your DC, check the options of your DHCP scope. The first listed DNS server should be the private IP of your DC/file server. Optionally you can add the new ISP's DNS servers as second and/or third in the list--or use your ISP's as the second entry and as your third entry.**

**Optionally adding these "public" DNS servers to the options of your DHCP scope means that workstations (not the DC/file server) will have them available as secondary/3rd DNS servers so they can continue to access the internet if your DC isn't responding for some reason. (But that also means they may occasionally not have access to internal resources if the DNS on your DC is running slow for some reason.--Somewhat rare, I usually add the 2nd and/or 3rd "public" DNS servers to DHCP options, but it's something that's good to be aware of.)

**Likewise, on other (non-domain controller) devices on your network that use static IPs: The primary DNS server of the LAN adapter settings should be the private IP of the DC. With the same option of adding secondary and/or tertiary "public" DNS servers.
josephwalshAuthor Commented:
Excellent clear answer.
Remove ISP DNS server IP from lan card properties on DC, since it is the culprit
Point DC server to its own IP in DNS (not and restart netlogon service and dns service
Put public dns server IP as forwarder
On domain controllers, to get internet name resolution you must use either forwarders OR root hints

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now