DNS Problem since 2000 server installed

[EMTTech]

Hello all,

I seem to be getting a problem with our internet connection dropping out(loosing connection). I recently upgraded our NT4 server to Windows2000 Server, the desktops run win2000 + 2 run Win98 as they did before I upgraded the server. All of our Internet traffic runs through a Watchguard Firebox.

I think the internet loss may be a DNS issue because if i type and ip address into a browser it works fine also programs such as ICQ will stay connected and all local LAN traffic works fine.

Please note that the internet connection DROPS OUT, sometimes it works, sometimes it doesn't.

All was working fine with the NT4 server.

Any help would be appriciated.

Thank you!!!

Dale

[NooNoo]

What type of internet connection are we talking about? Dialup, ADSL that uses a dialler, cable?

[EMTTech]

Sorry forgot that bit,

The connection is a 128k Leased Line, like i say all the traffic runs through the firebox, i have not changed any settings on the firebox.

Dale.

[NooNoo]

I think this maybe about MTU settings, have a read here

I just found this too

It explains something I didn't know about - unsuccessful dns lookups are cached - so instead of actually trying again, 2k doesn't by default it just says dns error again because it caches the unsucessful look up....

[EMTTech]

Thanks for your information so far, but i'm not sure (yet) whether this is the problem, at the moment my internet access is working but colleages computer isnt. I went to one of those web pages and read the info and ran the following command

ipconfig /flushdns

I then tried the web access again and still got 'This page cannot be displayed'

I forgot to mention that we cannot receive email when this problem occurs either. but we do use POP3 email which i persume still requires DNS to lookup the address of the pop3 server.

Any further ideas?

Cheers Dale.

[NooNoo]

OK so this drop out is happening on all machines?

How is your 2k server configured for dns?

[EMTTech]

This is where my problem may be, the server has our isp's dns details and so do all the desktops.

now when i first setup the 2k server i had a problem logging on basically it took forever or would not log on at all. so i thought there was a dns issue straight away.

As this was my first time setting up a win2k server i was not entirly sure of all the settings etc.

To resolve my logon problem i entered the ip address of the server into the dns listings in my desktop, this solved the logon problem straight away.

I know that this is probebly the wrong way to do it but it worked for the time being so i left it.

Is it possible that our internet browsers are trying to query our win2k server to resolve internet ip's.

The problem is i don't have a big manual for win2kserver so i'm not sure how to sort out the dns problem.


Can you help?

[Matridom]

Ok, there are a few things your going to need to sort out.

First. With you win2k server, have you turned on Active directories? if you have, your probably running a DHCP server AND a DNS server on your box. It woulod also account for your slow startup times.

One thing i would try it to turn off the server box and see if the other system can then connect properly. IF that fixes things, then you know you have a server service running that's screwing things up.

Ok, so assuming you've turned off DNS, DHCP and active Directories, i would then make sure that the firewall box is running properly and the IP leases it's handing out are proper. I usualy cheat and put the DNS server IP's from the ISP in the lease, that way there is no need to run a DNS server.

Now as for the upgrade from nt to 2k, did you do an upgrade install or did you do a clean install... if you did an upgrade install, i'd recommend restarting and doing a clean install.. "When you upgrade your OS, you upgrade your problems"

[EMTTech]

The server is a brand new one, new hardware and a fresh copy of 2000 server.

Active directories ARE setup, i think i disabled DHCP because the firebox acts as the DHCP server, as for DNS my ISP's details are entered in the firewall. DNS IS PROBABLY running on the server but i'm not sure whether it setup correctly.

If I disable DNS on the server how will my desktops logon, will i not get theese long logon times back?

Thanks for you time in this matter by the way!!

Dale.

[silencio]

1) you NEED DNS on your 2000 server or you'll have more problems than internet access.

Look at your DNS settings on the 2000 machine. Is there a dot under "Forward Lookup Zones"? Are there servers listed under "root hints"? Is the "Forwarders" button greyed out?

If it's not authoratative (and you answered no to the first question and yes to the last two) then your in good shape. You can use your windows 2000 DNS to resolve all DNS and your problems will be soon fixed. Skip to section 2.

If you answer yes to the first question you should answer no to the last two. Microsoft DNS seems to want to make itself authoratative by default. If it's authoritative it won't resolve anything outside of its own zones. It won' perform recursive queries. Here's how to fix that.

Delete the "." zone in "Forward Lookup Zones". Make sure the Windows 2000 Server machine is configured to use itself as the primary DNS server (under tcp/ip) properties. Reboot. Windows will automatically make itself a normal DNS server and populate the DNS root hints. If you don't want to wait (it doesn't take that long), you can download cache.dns from ftp://rs.internic.net/domain/named.root

2. Once your DNS server is NOT authoratative it should perform recursive queries (it should resolve anything). You an test recursive and simple queries on the "monitoring" tab. If recursive tests fail make sure you have the correct gateway on the server and make sure your firewall doens't block DNS traffic(unless it was in the DMZ I can't see any reason that this would be the case.)

Now that your 2000 Server is capable of resolving all DNS, change the primary DNS server in your DHCP server settings to the IP of the 2000 box. You want 2000 as your primary DNS server in your DHCP leases. After that's done, have everyone renew their leases and test for errors.

I'm sure I missed something here, try this and post any questions, I'll be poking my head in every couple hours.

Good Luck!

[EMTTech]

RIGHT, i think you may have hit the nail on the head,

In the DNS tree i seem to have two servers, the one says rckserver(the name of my server) and the other says(SERVER) i don't know where that came from

nothing else branches off the'SERVER' tree. BUT

under the 'RCKSERVER' which is my 2k box i have forward and reverse lookup zones.

I DID have a . (dot) folder which i deleted like you said, ive entered the ip address of the server under primary dns of the tcp/ip setting, i've entered my win2k box ip into my firewall as the primary dns.

When i highlight the 'RCKSERVER' and monitor it it PASSES!!!

I've also removed the ip address of the server from my desktops DNS settings and my logon times are fine, nice and fast which seems my problem may be solved at last.

As there are no settings under the 'SERVER' part of the tree can i persume this bit can be deleted? because it FAILS when you try to monitor this part. but it looks like it doesnt need to be there.

Thanks for your help on this.

[silencio]

Cool! Glad it works. I'd delete the other server from DNS if you don't have a DNS server named "server" which, it sounds like you don't.

I don't know why microsoft likes to make things hard by default.. job security?

Have a good one!

[Chris_MacMahon]

if he's active directory he's got dns...no if's and's or buts..


who are the client machines resolving to for dns?

did you unplug the server and try....that's what i would do first..


are you 100 % sure that you are AD??

right click on my computer goto network name can you chage it? if you can then your are'nt AD....

is DNS installed?
if there is nothing on this server...re-install the old os...get a play machine to get it to work...there is crap loads of options to mess up with on win2k

[EMTTech]

I think it's done,

Chris it is definately AD, i can't change the network name etc.

Silencio, i removed the server named 'SERVER' as i don't have one named that, like you say i think it's just microsoft trying to make things awkward.

Now all of the changes have been made i think the problem has been sorted.

Thanks alot for all your help guys i hope your information will help some other users of Win200 Server.

Cheers

Dale!!!!

[UsePost2000]

well, i guess i was a little late but if you have problems, give me a holler...