Active Directory and DNS

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have two active directory dns server. I ran a test and realize that when I
shut the primary active directory server and left the secondary active
directory dns server up no one was able to surf the internet but they are
able to logon to the Active Directory. I even test the a linux workstation
that do not point their DNS to the AD domain, they are able to browse the net
when the primary AD server is up but when the primary AD server is down. The
linux workstation is not able to surf the net even when it is not pointing to
the AD DNS server. The primary AD server has all the roles. We plan to move
the roles after upgrading to Widnows 2003, but the situation puzzled us
because how one AD server stop internet access even for non windows machine
who are not on AD domain.

Thank you in advance.
 
in message
:I have two active directory dns server. I ran a test and realize that when
I
: shut the primary active directory server and left the secondary active
: directory dns server up no one was able to surf the internet but they are
: able to logon to the Active Directory. I even test the a linux
workstation
: that do not point their DNS to the AD domain, they are able to browse the
net
: when the primary AD server is up but when the primary AD server is down.
The
: linux workstation is not able to surf the net even when it is not pointing
to
: the AD DNS server. The primary AD server has all the roles. We plan to
move
: the roles after upgrading to Widnows 2003, but the situation puzzled us
: because how one AD server stop internet access even for non windows
machine
: who are not on AD domain.

In an AD domain, all systems should point their DNS to the local DNS. The
router should point it's DNS to the ISP. The Linux box, if not pointing its
DNS to the local DNS, where is it pointing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 
John Wong said:
I have two active directory dns server. I ran a test and realize that when
I
shut the primary active directory server and left the secondary active
directory dns server up no one was able to surf the internet but they are
able to logon to the Active Directory.
Click to expand...

This implies strongly that the 1st server is (properly) configured
to either Forward to an Internet capable DNS server or was doing
explicit recursion itself, but that the second is unable to do either
of these.

Are you Forwarding (usually better choice) or explicitly
recursing (using root hints)?

What was the difference for forwarding/recursing between
these two DNS servers? (You're answer is likely there.)
I even test the a linux workstation
that do not point their DNS to the AD domain, they are able to browse the
net
when the primary AD server is up but when the primary AD server is down.
The
linux workstation is not able to surf the net even when it is not pointing
to
the AD DNS server. The primary AD server has all the roles. We plan to
move
the roles after upgrading to Widnows 2003, but the situation puzzled us
because how one AD server stop internet access even for non windows
machine
who are not on AD domain.
Click to expand...

Likely your second server is not forwarding or was
(incorrectly) forwarding to the 1st server.

Forward both internal DNS servers to your firewall
or the ISP DNS server (i.e., one which can resolve
Internet addresses).

Set all internal clients (including the DNS, DCs, and
other servers) STRICTLY to the INTERNAL DNS
servers which can resolve all internal AND external
names.
 
We have 4 dns server, two active directory intergrated dns for workstation in
the domain. The other two dns are linux dns. The two linux dns existed
before the active directory dns so it resolved all internal website and
external. The two active directory dns are forwarded to the linux dns for
corporate website and external website. The two active directory dns does
not forward each other but they forward to both linux dns.

The linux workstation point to the linux dns since they do not have need for
the active directory.

It was stranged that if the second dns is not configured correctly, how does
it affect the linux machine when it does not communicate to Active directory
and it simply do es not resolved name thru the linux dns. Only when we turn
back the primary active directory dns that the linux workstation resolved
website.
 
John Wong said:
We have 4 dns server, two active directory intergrated dns for workstation
in
the domain. The other two dns are linux dns. The two linux dns existed
before the active directory dns so it resolved all internal website and
external. The two active directory dns are forwarded to the linux dns for
corporate website and external website. The two active directory dns does
not forward each other but they forward to both linux dns.
Click to expand...

Then test each of them FROM their RESPECTIVE command lines
to make sure that each of them (presumably #1 works fine) can
specify the Forwarder in an explicit NSLookup request.

If this works AND the DNS console is using STRICTLY the
Forwarders that test to be working it pretty much HAS TO work.
The linux workstation point to the linux dns since they do not have need
for
the active directory.
Click to expand...

One might guess you have multiple problems or else that
Linux is not set as you think it is set.
It was stranged that if the second dns is not configured correctly, how
does
it affect the linux machine when it does not communicate to Active
directory
Click to expand...

It might still be using the #1 DNS even if it has no need of AD.
and it simply do es not resolved name thru the linux dns.
Click to expand...

From what you have said, I would require proof of this or
suspect you have multiple (unrelated) problems.
Only when we turn
back the primary active directory dns that the linux workstation resolved
website.
Click to expand...

Then almost certainly your report is incorrect and the Linux
box is actually using the #1 DNS server.

"Roland Hall" wrote:
Click to expand...
 
Back
Top