Re: need help,not your average dns problem
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Wed, 18 Jul 2007 23:24:57 -0400
In news:0B5B8EDA-4096-4ACF-B0FD-1003359DD906@xxxxxxxxxxxxx,
Tm MS <TmMS@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Problem: I am currently trying to get 2 windows 2003 SP2 DC to
resolve names via root servers. Currently, I have several primary
AD zones on these Servers and all dns requests they cannot resolve
are forwarded to our FreeBSD nameserver and are handled by the root
servers.
Background: FreeBSD nameserver has always been primary nameserver at
company.com. When moved to Windows Active Directory 7 years ago,
they setup SOA for a subdomain of sub1.comany.com on FreeBSD NS since
Windows would only resolve names for active directory related records
(domain controllers only). Recently, we decided to drop FreeBSD
nameserver, so I created a new primary zone with Windows DNS for
company.com and added everything manually the freebsd nameserver had.
I opened firewall for DNS for the 2 windows ip addresses. Testing
phase, when I remove the forward for the freebsd ns, I cannot
resolve any names on the Internet? I checked everything, all root
hints valid and up to date, no disabled recursion anywhere. What am
I doing wrong. I also followed
http://support.microsoft.com/default.aspx?scid=kb;en-us;294906 but
that did not work either. When I setup a standalone windows 2003
Server SP2 open firewall, it resovles Internet names fine so I am
assuming there is something wrong with the AD Servers. Please help
and no I am not using NAT and each server has a single IP address if
this helps.
Do you have a root zone under your Forward Lookup Zones created on your
Windows DNS servers? It will look like a period (".").
Is recursion disabled under the Forwarders tab or Advanced tab? Possibly
incorrect forwarders and recursion disabled?
Does your firewall support EDNS0? Windows DNS 2003 supports EDNS0, which
allows DNS UDP packets to 1280 bytes. Non-EDNS0 is 512 bytes. Upgrade your
firewall if you haven't already to support this.
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
"Quitting smoking is easy. I've done it a thousand times." - Mark Twain
.
- Follow-Ups:
- Re: need help,not your average dns problem
- From: Tm MS
- Re: need help,not your average dns problem
- Prev by Date: Re: DNS AD records periodically disappear after upgrade from 2000 to 2003
- Next by Date: Re: Made a domain name boo boo
- Previous by thread: DNS AD records periodically disappear after upgrade from 2000 to 2003
- Next by thread: Re: need help,not your average dns problem
- Index(es):
Relevant Pages
|
