Re: New to DNS
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 11/09/04
- Previous message: LostInSpace: "Re: Event 5782 from NETLOGON on server boot"
- In reply to: Cincy57: "New to DNS"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Nov 2004 21:47:21 -0500
In news:6EBE850C-51C2-40C2-96B5-CEF25AE92FFD@microsoft.com,
Cincy57 <Cincy57@discussions.microsoft.com> made a post then I commented
below
> Confused:
>
> I am running a windows 2003 environment with ad and integrated dns.
> When I run queries from the DNS console(monitoring tab) they fail. I
> have recently switched to two new external dns servers. I have made
> the necessary changes in the dns console and within dhcp. When I run
> ipconfig/all from the server and client(s)the correct entries appear.
> We are able to access dns names inside the corp. and outside websites
> with no problems.
>
> 1.)When I run nslookup on the internal ip address of my dns server it
> comes back with the ip address and dns name of the external
> server..is this correct?
>
> When I run nslookup on the ip address or on the dns server name I
> either get the external dns or Domain not found reply. I have added a
> reverse lookup zone pointing to my internal dns server, yet nslookup
> indicates that this is not happening.
>
> 2.) When I run the queries.. what exactly are they checking..The
> internal ip address of the internal dns server?
>
> Could really use some advice...
Actually, with an AD network, all domain members (DCs, clients and servers),
need only use your internal DNS server(s) only. Reason why, is AD stores
it's resources and service locations in DNS in the form of SRV records
(those folders with the underscore in them). They are used for a multitude
of things, such as finding the domain when a client logons, domain
replication from one DC to another, authentication, and more. To illustrate,
if a client queried the external DNS server with a query such as, "Where is
my domain", will that server have the answer? NO.
That's also the reason why it's resolving your external address.
Recommendation: Point all machines only to the internal servers, and
configure a forwarder to your ISP's DNS. This way all machines query your
DNS and if it doesn;'t have the answer, it asks outside. If the forwarding
option is grayed out, delete the root zone, (it looks like a period),
refresh the console, and try again. If not sure how to configure this, this
article will guide you thru it:
http://support.microsoft.com/?id=300202
-- Regards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, It Has Layers HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Previous message: LostInSpace: "Re: Event 5782 from NETLOGON on server boot"
- In reply to: Cincy57: "New to DNS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
