DNS for internal 2012 Server Essentials subdomain

Hi guys, I have this annoying DNS issue with Server 2012 Essentials R2.  As you may know, with 2012 Server Essentials R2 the router that is hooked to the modem is automatically added as a forwarder, and the server is automatically added as the DNS server on the clients.  So, in theory the server should automatically get the DNS requests from all clients in the domain and forward them through the router.  The issue is that DNS queries are failing like 95% of the time with the same error (see below for the first packet from the wireshark capture on the 2012 server).  Here is a basic layout of the domain:


In-house location map: (router 1)76.x.x.x/192.168.1.1 <-----> (router 2) 192.168.1.101/192.168.2.1 <-----> (2012 server, aka internal.sealinesd.com) 192.168.2.211 <----> (client) 192.168.2.111

Hostgator: (DNS server, aka ns8383.hostgator.com) 108.167.180.201  
         (sealinesd.com) 108.167.180.219

2012 server forwarder: 192.168.1.1 (router hooked to modem)
2012 server IP: 192.168.2.211
 

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    192.168.1.1           192.168.2.211         DNS      179    Standard query response 0x3f30 No such name

Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
Ethernet II, Src: Cisco-Li_5a:10:01 (c8:b3:73:5a:10:01), Dst: RealtekS_24:00:cd (00:e0:4c:24:00:cd)
Internet Protocol Version 4, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.2.211 (192.168.2.211)
User Datagram Protocol, Src Port: 53 (53), Dst Port: 61446 (61446)
    Source Port: 53 (53)
    Destination Port: 61446 (61446)
    Length: 145
    Checksum: 0xdedd [validation disabled]
    [Stream index: 0]
Domain Name System (response)
    Transaction ID: 0x3f30
    Flags: 0x8183 Standard query response, No such name
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0011 = Reply code: No such name (3)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 1
    Additional RRs: 0
    Queries
        _kerberos._tcp.dc._msdcs.internal.sealinesd.com: type SOA, class IN
            Name: _kerberos._tcp.dc._msdcs.internal.sealinesd.com
            [Name Length: 47]
            [Label Count: 7]
            Type: SOA (Start Of a zone of Authority) (6)
            Class: IN (0x0001)
    Authoritative nameservers
        sealinesd.com: type SOA, class IN, mname ns8383.hostgator.com
            Name: sealinesd.com
            Type: SOA (Start Of a zone of Authority) (6)
            Class: IN (0x0001)
            Time to live: 85900
            Data length: 60
            Primary name server: ns8383.hostgator.com
            Responsible authority's mailbox: dnsadmin.gator4192.hostgator.com
            Serial Number: 2015082401
            Refresh Interval: 86400 (1 day)
            Retry Interval: 7200 (2 hours)
            Expire limit: 3600000 (41 days, 16 hours)
            Minimum TTL: 86400 (1 day)

No.     Time           Source                Destination           Protocol Length Info
      2 0.001481000    192.168.2.211         192.168.1.1           DNS      80     Standard query 0x800b  A ns8383.hostgator.com

Frame 2: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface 0
Ethernet II, Src: SunrichT_23:86:cc (00:0a:cd:23:86:cc), Dst: Cisco-Li_5a:10:01 (c8:b3:73:5a:10:01)
Internet Protocol Version 4, Src: 192.168.2.211 (192.168.2.211), Dst: 192.168.1.1 (192.168.1.1)
User Datagram Protocol, Src Port: 60726 (60726), Dst Port: 53 (53)
    Source Port: 60726 (60726)
    Destination Port: 53 (53)
    Length: 46
    Checksum: 0x31e3 [validation disabled]
    [Stream index: 1]
Domain Name System (query)
    [Response In: 3]
    Transaction ID: 0x800b
    Flags: 0x0100 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        ns8383.hostgator.com: type A, class IN
            Name: ns8383.hostgator.com
            [Name Length: 20]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)



After the above packet I keep getting this following crap over and over in response to DNS queries:


Internet Protocol Version 4, Src: 192.168.2.211 (192.168.2.211), Dst: 192.168.2.111 (192.168.2.111)
User Datagram Protocol, Src Port: 53 (53), Dst Port: 58325 (58325)
    Source Port: 53 (53)
    Destination Port: 58325 (58325)
    Length: 52
    Checksum: 0x5ca1 [validation disabled]
    [Stream index: 5]
Domain Name System (response)
    [Request In: 47]
    [Time: 3.267565000 seconds]
    Transaction ID: 0xa1f9
    Flags: 0x8182 Standard query response, Server failure
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0010 = Reply code: Server failure (2)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0


So, I have some IT experience and I also Googled these errors and it seems like I need to go to my Hostgator DNS server and/or to my local server and add NS records to delegate the internal.sealinesd.com domain to the 2012 server.  Can anybody tell me how to do this or point me in the right direction if I'm on the right track?  I will do whatever testing and posting you want me to.  Thanks a lot in advance.
LVL 1
Thomas StrussAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

upalakshithaCommented:
even if you add router IP address as a forwarder in server DNS,  router still forwards queries to ISP assigned IP to your connection. So you are not advised to put router IP as forwarder address

simple advise: do not use router IP address as a forwarder in the server. just use gogle public DNS 8.8.8.8, 8.8.4.4 or ISP static DNS as forwarder instead.

**************************************************

you can create subdomain in DNS console with required records.
Thomas StrussAuthor Commented:
Thanks for the response, shitha.  I did try that before and it helped a bit, but I still got the errors related to "not authorized for the domain".  Do I just need to make a subdomain in DNS on the hostgator server and then put the public IP?
upalakshithaCommented:
you have talking about subdomain in the question title only. no need wireshark capture for this. if you say exactly what u need, can give answer clearly.
thanks.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Thomas StrussAuthor Commented:
Ya, shitha, I need the domain controller of my company (internal.sealinesd.com) to be able to resolve internet DNS queries for internal clients.  I put in the wireshark captures to show the "server is not authoritative" errors that I'm getting.  I mean look at this bit from the capture:

Queries
        _kerberos._tcp.dc._msdcs.internal.sealinesd.com: type SOA, class IN
            Name: _kerberos._tcp.dc._msdcs.internal.sealinesd.com
            [Name Length: 47]
            [Label Count: 7]
            Type: SOA (Start Of a zone of Authority) (6)
            Class: IN (0x0001)
    Authoritative nameservers
        sealinesd.com: type SOA, class IN, mname ns8383.hostgator.com
            Name: sealinesd.com


It is going to my dns server at hostgator from my local network when all I want is for a client to resolve an internet name like Youtube!  What is that about?  That's my question.  How do I give the local server authority?
Thomas StrussAuthor Commented:
OK, this ended up being a multi-homing issue. I had another nic in there that got an IP and it muddied up the DNS. Removed that, cleared DNS cache, checked the DNS IP used under DNS properties/interfaces and restarted DNS and it worked. Oh, but I had to manually register the dns clients using ipconfig /registerdns for some reason

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas StrussAuthor Commented:
No other answer was close, which is fine.  I didn't put in enough information like all my Nics, etc.  I expect no points here.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.