DNS Woes
Results 1 to 15 of 15

Thread: DNS Woes

  1. #1
    Registered User gazzak's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    3,595

    DNS Woes

    Hi All,

    I have a problem at home and I know I'm doing something silly, but can't quite put my finger on the exact problem, so time for a post!

    Scenario...
    1 W2K Server running AD and DNS, running a domain, IP 10.1.1.1
    1 ADSL router connecting to the internet, IP 10.1.1.2
    1 W2K Professional PC, IP 10.1.1.3, default gateway set to 10.1.1.2

    All static addresses. The problem is with the W2K PC.

    When I set the Preferred DNS server to 10.1.1.1 and alternate DNS server to 10.1.1.2, I can log into the domain but can't connect to the internet.
    When I set the Preferred DNS server to 10.1.1.2 and alternate DNS server to 10.1.1.1, I can't log into the domain but can connect to the internet! (logging in locally)

    Have played for many hours with DNS settings, tried many things, but still cannot get it to work as I want. Can somebody please tell me what idiotic thing I am doing that is wrong, or what you would suggest to fix it.

    and yes, I can be stupid at times!!

  2. #2
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    I think i see your problem.

    To logon to the domain, you require the DNS server in the 2ks box. Active directories requires the DDNS to register the computers into.

    What your going to want to do is set your DNS server to forward to the DNS server of the ISP provider. That should solve the issue... Now i'm not exactly sure where that settings is, but give me a bit and i should be able to find it.

    I would also recommend that you use the 2k DHCP server and not the DHCP server built into the router.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  3. #3
    Registered User silencio's Avatar
    Join Date
    Sep 2000
    Location
    Savannah
    Posts
    3,960
    Ditto to the above. But, you may have an authoratative DNS server running. This means it won't forward and and it won't look to your root hint DNS servers to resolve anything outside it's own domains. To fix this, delete the zone "." Yes, that's a dot, a period. When you remove this zone your server will allow you to forward and it will use root hints. Also, make sure your 2K AD/DNS box is using itself as it's primary DNS server. You may need to reboot and give it some time to populate the root hints. If it doesn't do this fast enough for you, you can add them manually.
    Deliver me from Swedish furniture!

  4. #4
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Originally posted by silencio
    Ditto to the above. But, you may have an authoratative DNS server running. This means it won't forward and and it won't look to your root hint DNS servers to resolve anything outside it's own domains. To fix this, delete the zone "." Yes, that's a dot, a period. When you remove this zone your server will allow you to forward and it will use root hints. Also, make sure your 2K AD/DNS box is using itself as it's primary DNS server. You may need to reboot and give it some time to populate the root hints. If it doesn't do this fast enough for you, you can add them manually.
    I think the root cause of this issue is that the DNS server is trying to register to the server above it... in this case the router, now the router has a static DNS enteries and cannot be added to. so to properly register your DNS server, you have to register in the ISP's DNS server, and that should sort it all out.

    I'm not sure about deleting the "." reference(deleting reference to top level domains?), i'll look into it though.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  5. #5
    Registered User silencio's Avatar
    Join Date
    Sep 2000
    Location
    Savannah
    Posts
    3,960
    Originally posted by Matridom
    I think the root cause of this issue is that the DNS server is trying to register to the server above it... in this case the router, now the router has a static DNS enteries and cannot be added to. so to properly register your DNS server, you have to register in the ISP's DNS server, and that should sort it all out.

    I'm not sure about deleting the "." reference(deleting reference to top level domains?), i'll look into it though.
    It's just the default behaviour of W2K DNS servers. Authoratative means it is the top level... which you can run theoretically but if you ever want to resolve anything outside your own server you're going to have to convince the rest of the world to report to you.
    Deliver me from Swedish furniture!

  6. #6
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    did a little looking..

    Why nost simply turn on "Forwarders" (server properties) and input the IP of the router or ISP DNS server, this would cause the DNS server to forward any unresolveable names to the "forwarded" server, solving the issue and allowing gazzack to use his 2kserver has his primary DNS. Since the DNS server will also cach the resovled names, it would speed up his internet connection after a little while (onces a cach has been built up)
    Last edited by Matridom; February 13th, 2003 at 01:18 PM.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  7. #7
    Registered User silencio's Avatar
    Join Date
    Sep 2000
    Location
    Savannah
    Posts
    3,960
    Originally posted by Matridom
    did a little looking..

    Why nost simply turn on "Forwarders" (server properties) and input the IP of the router or ISP DNS server, this would cause the DNS server to forward any unresolveable names to the "forwarded" server, solving the issue and allowing gazzack to use his 2kserver has his primary DNS. Since the DNS server will also cach the resovled names, it would speed up his internet connection after a little while (onces a cach has been built up)
    An authoratative server does not allow forwarding. The box is greyed out. I've installed quite a few of these. Deleting the dot is the solution.
    Deliver me from Swedish furniture!

  8. #8
    Registered User gazzak's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    3,595
    Thank you both for your replies so far, very much appreciated. I now have some ideas to try when I get a moment.

    The discussion between the both of you has been very constructive for me and this problem, keep it up ! My first thought when this occured was to use forwarders as Matridom pointed out, but alas, the little tick box is indeed greyed out as mentioned by Silencio. At least I know why now. I will try removing the "." zone later today and let you know what occurs.

    Thanks again, any more suggestions still welcome...

  9. #9
    Registered User gazzak's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    3,595
    Hi again,

    Removed the "." zone and now forwarders are enabled!! Set this up, rebooted W2K Server, logged on to domain from W2K pro PC, set up Pri and Sec DNS, logged off and on, (to be sure), and guess what? Can access the internet whilst logged on to domain. Fantastic.

    Thank you both for your invaluable help

  10. #10
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Thanx silencio.. I guess my server did not install authoritive the first time.. I'll remember the "." removal trick..
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  11. #11
    Registered User silencio's Avatar
    Join Date
    Sep 2000
    Location
    Savannah
    Posts
    3,960
    Originally posted by Matridom
    Thanx silencio.. I guess my server did not install authoritive the first time.. I'll remember the "." removal trick..
    NP. If you install DNS before AD you don't get the dot.

    Gazzak - Glad it worked out for ya
    Deliver me from Swedish furniture!

  12. #12
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Originally posted by silencio
    NP. If you install DNS before AD you don't get the dot.

    Gazzak - Glad it worked out for ya
    That would be it. I'm just picking up DNS server now, and i've played a bit with it, I'll know who to ring up if i need help.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  13. #13
    Registered User
    Join Date
    Nov 2000
    Location
    Pittsburgh, PA, USA
    Posts
    239

    DNS Forwarders

    You DO NOT have to delete the dot. Instead, open ur DNS MMC and right click on ur server name icon at the top of the pannel, scroll down to properties click on it. Then click on the Forwarders tab then click on use forwarders, then type in the 4 octet addy and click apply.








    NOTE: when first resolving any DNS hostname the server might cause the client to get a 'no such domain' error. If this happens click on refresh and the page should then be displayed.


    System Specs

    486DX2
    16MB RAM
    16 MB RAM
    1MB vid RAM
    Windows 3.1

  14. #14
    Registered User silencio's Avatar
    Join Date
    Sep 2000
    Location
    Savannah
    Posts
    3,960

    Re: DNS Forwarders

    Originally posted by bbtech6650
    You DO NOT have to delete the dot...
    Yes, you do.

    Once again. A root server, one with a dot, cannot forward queries and will not use root hints to resolve internet addresses.

    A Domain Name System (DNS) server is a hierarchical namespace structure designed to provide host to IP address name resolution and registration. There are 2 types of DNS servers that are installed for domain controllers in the Active Directory.
    Root Server - A root server is installed to be the source for resolving names for an hierarchical namespace. The root is the top of the hierarchy containing all organizational domain zone names. Names that cannot be resolved in the domain zone names are passed to the root DNS server if specified.
    DNS Forwarder - The DNS forwarder is a DNS server that contains one or more domain zones in an enterprise. The DNS server can be configured to forward names it cannot resolve to the root server for the domain.

    DNS Server's Root Hints and Forwarder Pages Are Unavailable
    The information in this article applies to:
    Microsoft Windows 2000 Server
    Microsoft Windows 2000 Advanced Server

    This article was previously published under Q229840
    SYMPTOMS
    Clients that use a Domain Name System (DNS) server may not be able to gain access to hosts on the Internet. When you try to configure root hints or forwarders on the DNS server, the options for these items may be unavailable.
    CAUSE
    A DNS server behaves as a root server if there is a zone named "." on the server. The "." zone indicates that the server is a top-level root server. Because a root server is at the top of the DNS hierarchy, it cannot be configured to forward and does not require root hints.

    When you run the Active Directory Installation Wizard (Dcpromo.exe), you can configure a DNS server on the local computer and configure the forward lookup zones. The wizard examines the TCP/IP configuration on the computer and determines whether the computer is configured to use any DNS servers. If so, the Active Directory Installation Wizard queries for the root servers. If the computer is not configured to use any DNS servers, the wizard queries the root servers listed in the Cache.dns file (the Internet root servers). If the wizard cannot contact any root servers, it configures the local computer as a root server and creates the "." zone.
    RESOLUTION
    To resolve this issue, delete the "." zone by using DNS Manager, or type the following command at a command prompt:
    dnscmd /ZoneDelete . /DsDel

    NOTE: The /DsDel switch is required only if the zone is integrated with Active Directory.

    NOTE: After you delete the "." zone and the root hints are still not available, go to the main interface for the DNS manager and press F5 to refresh the screen, and then check again for the root hints.
    Last Reviewed: 10/9/2002
    Keywords: kbenv kbprb KB229840
    Deliver me from Swedish furniture!

  15. #15
    Registered User
    Join Date
    May 2005
    Posts
    2
    I'm experiencing the exact problem described, except that I don't have the "." zone described. How can I get this working?

    PS I totally don't understand what is meant by:

    What your going to want to do is set your DNS server to forward to the DNS server of the ISP provider. That should solve the issue... Now i'm not exactly sure where that settings is, but give me a bit and i should be able to find it.
    Any help you guys could give would be muchly appreciated.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •