Re: DHCP assinged DNS servers don't work

Olaf,
Thanks again for responding. I know this particular problem is going to be
resolved in the details, so here are the answers to your questions.

How is your DNS server configured?
I have 2 AD-integrated DNS servers. They point to themselves and each other
via IP address. Replication between the two DNS servers works with no errors.

Does reverse lookup working properly?
Yes. I have rDNS zones created and they work.

These certain internal hosts - what are they?
The one host that is related to this problem is a web filter appliance.
Linux-based, it is not AD integrated. I have manually added the required A
Record in the DNS servers.

Use nslookup connect parameter to select the other DNS servers
Done. Nslookup works fine with either internal DNS server and correctly
resolves the host name in question.

With multiple DNS servers you don't have influence
The A Record exists on both internal DNS servers. Ping resolves the name
correctly (on certain machines) only if the DNS servers are specified
manually.

Check also that there are no manual additions of extensions to other/old/non
existent domains somewhere in the TCP/IP properties.
None. This domain has existed for years with no changes in domain name or
subnet. It has been upgraded from NT4.0 to W2K and now W2K3. We have been
at the current level for 3 years with no significant changes to structure or
schema.

Your thoughts are appreciated.
Thanks,
Joe


"Olaf Engelke [MVP Windows Server]" wrote:

Hello Joe,
"Joe" <Joe@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:4C20F207-EAA9-4108-9169-6E97A4A8DE94@xxxxxxxxxxxxxxxx
Olaf,
An ipconfig /all printout is below. This is definately not a firewall
issue. Although the WinXP firewall is enabled and configured via Group
Policy, the problem only affects certain machines. (It does seem to
affect
laptops more than desktops. Not sure why.) None of the clients are
multi-homed. The first two DNS servers are AD controllers running ONLY
core
services (AD, DNS, DHCP, IAS, WINS.)

C:\>ipconfig /all

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : internal.com
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-07-E9-D6-5A-D1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.153
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.75
DHCP Server . . . . . . . . . . . : 192.168.1.38
DNS Servers . . . . . . . . . . . : 192.168.1.38
192.168.1.39
192.168.1.14
Primary WINS Server . . . . . . . : 192.168.1.38
Secondary WINS Server . . . . . . : 192.168.1.39
looks all good in my eyes.

In more detail, if I use DHCP to assign the name servers, the ping
command
will fail on certain internal hosts. However, nslookup works every
time.
If I manually assign the name servers (using the same addresses
provided by
DHCP) ping works and so does nslookup.

Well, some more questions (all shots into the blue):
How is your DNS server configured? In it's TCP/IP properties it should not
point to localhost ip address, but either to the real IP address or to the
second DNS server in AD as primary DNS server address. (I have seen issues
with name resolution before being caused by such configuration on server
side).
Does reverse lookup working properly (given you have created a reverse
lookup zone)? Can nslookup resolve the IP address back to the name?
These certain internal hosts - what are they? Could it be that you dont have
an AD integrated DNS and on of the DNS servers is unable to resolve the
questionable host names?
Use nslookup connect parameter to select the other DNS servers, if they work
as well.
With multiple DNS servers you don't have influence, which one the client
selects for name resolution finally. So may be it works, if you enter only
one DNS server, which knows these hosts, while with DHCP another DNS server
is queried which is unable to resolve the questionable names.
Check also that there are no manual additions of extensions to other/old/non
existent domains somewhere in the TCP/IP properties.
Best greetings from Germany
Olaf

.

Relevant Pages

  • Re: DNS Forwarders - weird question
    ... > their DNS servers and all is well. ... Their hosts resolve off their DNS ... > requests to bigcompany's internal DNS servers, ...
    (microsoft.public.windows.server.dns)
  • Re: Browsing Web Pages
    ... If you can resolve from outside network, but you can't from internal, you should check your internal configurations and Dns servers, run nslookup from internal network and check if the server is reolving it correctly or if you have any fw that might be bloking the request. ...
    (microsoft.public.windows.server.dns)
  • Re: Missing A records in cache
    ... On occasion my DNS servers will lose the ability to ... Clearing the cache re-enables the ... servers ability to resolve the t-systems.at domain. ...
    (microsoft.public.windows.server.dns)
  • RE: [opensuse] Have a separate resolv.conf per interface
    ... I'm at a client and need to be on their network to access their ... I cannot get out to the Internet on their network. ... resolv.conf is set to use DNS servers provided by Sprint to resolve ... but I want to be able to resolve machine names on their ...
    (SuSE)
  • Re: WINDOWS RAPLICATION ISSUE
    ... forwarding from the DNS servers of each domain to the DNS ... servers holding the zones for each of the "other" zones. ... resolve each other -- this is you need the Conditional Forwarding ... The attempt to establish a replication link for the following writable ...
    (microsoft.public.windows.server.active_directory)