Re: AD Replication: What Does "Fully Routed" Mean?

From: Douglas H. Quebbeman (dhquebbeman_at_theestopinalgroup.com)
Date: 01/19/05 

Date: Wed, 19 Jan 2005 13:50:01 -0500

In news:%23fSM6Ml$EHA.2196@TK2MSFTNGP14.phx.gbl,
Herb Martin <news@LearnQuick.com> screib:
>>> Fix this:
>>>
>>> All DNS clients pointed to strictly the internal DNS server
>>> set -- which must resolve ALL of your internal domains.
>>>
>>> Remember that DCs, even DNS servers themselves are ALSO
>>> DNS clients.
>>
>> None my servers point to this alternate, non-AD-integrated DNS server-
>> just a couple of my workstations....
>
> Neither should any of your clients.

This is a great learning experience. I'm trying to imagine how having my
workstation
pointing to two DNS servers could cause problems for Active Directory.

Or, does it only cause problems for the user (me) ? It sure solves them:
when I
have the server down for maintenance, as it stands now, I can't resolve
Internet
names without having the second DNS server in my NIC's config, UNLESS I
make the change back and forth every time I have to take the server down.

>>> And then you can use Forwarding to resolve Internet names.
>>
>> Yes, the AD-integrated DNS server at each site uses forwarding to resolve
>> Internet names...
>
> The point being not to mix internal and external DNS servers
> in such settings.

Internal and external? The only references that exist to any external DNS
servers
are in the forwarders fields in the Win2k & Win2k3 DNS Server config...

I probably said something to lead you to think I had my workstation's NIC
pointing
to one internal DNS server and one outside the office. No, I have a NAS
running
Windows Powered, the applicance version of Windows Server, and it's running
the
MS DNS Service, as a secondary, "caching-only" server...

> Internal only in the client settings, external only in the Forwarding
> settings (if you resolve the Internet and are not using the more
> flexible Win2003 conditional forwarding.)

To confirm, yes indeed, in each and every NIC configuration, I am pointing
ONLY to internal DNS servers. On a few workstations, such as mine, I'm
pointing to 2 internal servers, but most workstations point only to one.

>>> You cannot reliably use two distinct DNS server sets.
>>> Don't try. (It may work just enough to convince you otherwise
>>> since it will give intermittent results.)
>>
>> Since you used the term 'set' twice, and I don't recall encountering
>> the use of the term "DNS Server sets" in the resource kit books,
>> could you briefly explain?
>
> It's not commonly used because most of the books don't go
> into this level of practical advice or troubleshooting.
>
> It is not a technical term but purposely chosen to mean
> all those DNS servers that can fully resolve INTERNAL
> name (when we say "internal DNS server set") no matter
> which zones they hold, or even if they hold no zones.
>
> For many people this server set holds only the SINGLE
> internal domain/zone name but those people who have
> multiple zones will have different definitions of what is
> and is not in the "internal DNS server set."
>
> The point being, an internal client must use strictly (internal)
> DNS server(s) which can resolve ALL internal names.
>
> I refer to that set of servers as the internal "DNS server set".
>> And I'm still unclear as to what needs to be fixed...
>
> I don't see the DCDiag but you need to resolve all the WARN,
> ERROR, and FAIL messages.

I posted the output from four invocations of DCDiag in my web storage
area; each DCDIAG.TXT file was the result of running

    DCDIAG /E /C /FIX /V

on each of my 4 domain controllers, and the links the to four log files
can be found on this page:

http://members.iglou.com/dougq/MyActiveDirectoryProblems.html

I am posting these DCDiags precisely because I require assistance in
resolving the various warnings and errors... and I really appreciate all
the help I can get!

Regards,
-doug q

Relevant Pages

  • Re: Remote Workspace Connection Problem
    ... >>I don't think we are using ISA Server as the configuration runs through a ... >>connects via ADSL to the Internet through our ISP. ... >>The reason I think that ISA is not running is when I created the Internet ... >>I had to do this because her box wouldn't resolve Server01 to the VPN ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA doesnt display sent items
    ... Thanks Brandy have flushed the IIS server file store and that has resolved ... > resolve this issue, please uninstall OfficeScan and reinstall it with the ... Open Internet Information Service Manager. ... Right-click the Default Web Site, ...
    (microsoft.public.windows.server.sbs)
  • RE: http://companyweb /remote /backup /Monitoring HELP
    ... the solutions you provided did not resolve ... I reran the email and internet connection wizard. ... > server web publishing rules. ... On the "Web Server Certificate" page, choose to create a new Web server ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS and local web sites
    ... Have you installed the ISA 2004 SP2 on the server box? ... Update for HTTP issues in Internet Security and Acceleration Server 2004 ... Please open the ISA Server management console, ... To resolve this problem, enable the EnablePMTUDiscovery registry entry on ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS lookup delays
    ... anywhere on the Internet (i.e. it's instant for Mozilla and delayed ... > to resolve them locally (via the hosts file, or your own DNS server). ... or your ISP's mail server. ...
    (linux.redhat.install)