We are running a Windows 2000 Server domain...still. I know it's wrong, but in a manufacturing/small business environment, if it runs, it stays. It's not my name on the building.
Since inception, we have had 64k ISDN, 128k ISDN, 1.5G T-1, and 3.0G T-1 for our internet service from various providers. In the past, it has always worked out well and without issue to put the default gateway (firewall to the outside IP address), in as the only DNS server, and then assign the DNS servers as provided by the ISP in the firewall. No problems for years.
We upgraded the firewall to new hardware, same brand, just the newest model. No DNS changes needed. Then we upgraded to broadband 20G service from the local cable company. BIG changes!
Having the IP address of the firewall no longer allowed connectivity. To gain back connectivity, we had to but the PDC in as the primary DNS server both in the Windows Server and the as a DNS provider in the firewall options. That regained the connectivity. It should be noted that we have the one PDC, and no backup controller. It should also be noted that the PDC has NO outside connectivity via firewall policy. Never has, never will.
Since that time, there are spotty and inconvenient INTERNAL DNS problems. All clients get their leases from a reservation in DHCP Management, hence IPs are fixed and never change. What happens is the clients lose the "trust" relationship with PDC and can no longer access network drives shared from the PDC. running IPCONFIG/ALL shows that they are getting the proper IP, subnet. and default gateway. Still, network drives are not available. The fix is to log off and log back in such that the batch file to mount drives runs again and establishes trust once more.
At first, it felt like a server licensing issue, but only 34 of 50 CALs are in use. Beyond that, I can think of nothing else that would cause this behavior, and all things being equal, this wasn't an issue until we connected to the broadband service. They provider offers no answers as they are nothing more than the "the plug" we get service from. The must being doing something differently with DNS and how they manage it such that it has impact or tries to over ride the PDC settings. I don't really know now unless it is an IPv6/IPv4 thing? Still using IPv4 internally, obviously.
I welcome any ideas on this one. In theory, we just changed from the water tower to the well, just as we had in the past with no internal changes needed other than DNS at the firewall level. Now this. Thanks.