Re: DNS and active directory

Tech-Archive recommends: Fix windows errors by optimizing your registry

"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:e50GntuYGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
sortta just nodding to Herb

All members of an Active Directory (including the DC's themselves) should
look _only_ to AD Integrated DNS servers for name resolution. The AD


The above is a LITTLE too strong but the main idea is
correct.

Technically, DNS Clients can use ANY DNS server (set)
which can return EVERY address they will ever need.

For most people this comes out as stated above, i.e., the
internal DNS Clients must use the DNS servers which
hold the zone which supports the AD Domain (not that it
must be AD Integrated either).

This latter paragraph is commonly true, but it NOT the
REAL RULE.

integrated servers can then use either 'root hints' or 'forwarders' to
satisfy name resolution outside the AD.
Give us the output of 'ipconfig /all > c:\ipconfig.txt' from the DC's, DNS
servers and one effected workstation. If you feel you have to munge them,
do so in a consistent manner.

Please try to avoid retyping or editing them. If you really
feel you must not post them then send them to one or two of
us by email.

It's really hard to figure out what is wrong after most people
go in an pull out what THEY think is irrelevant. (Usually if
they know what was critical they would have fixed it already.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:%23e%237UztYGHA.2136@xxxxxxxxxxxxxxxxxxxxxxx
"Jamie" <Jamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D2318462-9449-438C-85FC-3FFAD94BC888@xxxxxxxxxxxxxxxx
Thanks Herb,

This was not the issue, I decided to start from scratch and delete the
dns
configuration on the server, I then created the forward zone again and
called
it the same name as the domain name,

What else WOULD you ever call it?

While you can have DNS zone with any name you
please, you MUST have a DYNAMIC DNS zone for
every Active Directory Domain.

If you don't have AD, you must have the DNS domain
name as a zone on your internal DNS servers that matches
the DNS domain name you machines use.

for some strange reason it started to
work immediately, this is the 4th time I had followed this process, I do
not
know why it should start working?

Likely this is happening through some accident, or
by chance. Stop flailing. (It's flailing to make changes
or do reinstalls, especially repetitively, without
understanding the problem.)

We WILL HELP you solve the real problem.

I still STRONGLY suspect that your problem is a MIXTURE
of internal AND EXTERNAL DNS on the client side.

This can result in intermittently correct and incorrect resolution.

Check the clients.

If you have AD, run DCDiag on every DC.

In any case, run NetDiag on each non-DC.

Send the output to text files (>name.txt) and search the file(s)
with a text editor to find FAIL, WARN, ERROR messages.

Fix, or post those output files.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

my concerns are it happening again, we shall see.

Thanks

Jamie
--
Jamie Campbell



"Herb Martin" wrote:

"Jamie" <Jamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5E6BBC4-305A-4D9D-B128-6A9DD1C5BAD7@xxxxxxxxxxxxxxxx
I have a server problem and I think it is DNS related.

I can resolve external addresses, but I cannot resolve any internal
computers on my network, I think this is a dns misconfiguration.

at one stage none of the network clients could see the DC as they
could
not
resolve its network address.

I am sure this is a simple fix, any ideas?

Yes, it is likely due to one of two VERY CLOSELY related
client DNS configuration problems.

On the CLIENT NIC->IP Properties you must use STRICTLY
the (internal) DNS Server (set) which can resolve ALL internal,
and external, names for the client.

You must NOT mix the "external" DNS into those settings.

DNS clients assumed that EVERY DNS server they use will
return ALL (and correct) names they query.

(Remember that DNS servers and DCs are also DNS clients
themselves.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
--
Jamie Campbell










.

Relevant Pages

  • Re: Client Machine cannot see Active Directory
    ... dns suffix, I replaced briess so that should be ok now. ... Also, all the clients are listed in the DNS zone internal.briess.com, some ...
    (microsoft.public.win2000.active_directory)
  • Re: DNS signature failed to verify error
    ... In our last we discussed the need for there to be a NS record for each DNS ... Under the zone domain.local there is a delegation _msdcs which only has one ... _msdcs.domain.local is configured the "Replicate to all DNS servers in the AD ... Thanks for the DCDiag syntax suggestion. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Cache Corrupt for individual zone
    ... for authoritative DNS of external hosts). ... We have a frustrating issue where the zone for one particular zone ... when the cache is in this state. ... DNS servers are only accessible in our internal DNS network. ...
    (microsoft.public.windows.server.dns)
  • Re: How to set up Clients with...
    ... The only place foreign DNS servers ... > the Clients need to have the SBS server as their primary DNS server.. ... >>> join any windows domain including an SBS domain. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2008 DNS Secondary 2003 primary DNS zone
    ... I have a primary DNS zone "mydomain.com" running on a 2003 DC, ... we register our domain names with) All the DNS servers are AD domain ... When you have an AD integrated zone, the DNS data is stored in the actual AD database and is replicated to all DCs and will be available to any DC that has DNS installed, depending on the zone replication scope setting. ...
    (microsoft.public.windows.server.dns)