DNS I think?

[Jeff]

I have a problem with DNS I think? I am a student and at
home I have 1 server with w2k server and XP pro,, now i
had made the w2k box a domain controller and when I went
to the xp box i tried to join the domain and it told me
that it couldnt find it and maybe it might be the SRV
records. I had checked all of them and they were fine,
went to the xp box used help and had to turn on netbios
help threw services to join, now if i want to use remote
desktop or terminal services it tells me that it is busy
or unavailable to do so...............Please advise i am
lost and dont have any teacher to turn to for answers
..

 

[David Adner]

Your XP workstation needs to point to the W2K DNS server in order for it
to properly participate with AD. Your DC/DNS server should point to
itself or nothing for DNS. In the DNS service's properties itself,
configure the server to Forward to your ISP's DNS.

As for your remote desktop issues, you'll have to provide more details.
From where to where, exact error messages, etc.

 

[Herb Martin]

Your XP workstation needs to point to the W2K DNS server in order for it
to properly participate with AD. Your DC/DNS server should point to
itself or nothing for DNS. In the DNS service's properties itself,
configure the server to Forward to your ISP's DNS.

David's right -- but I would say, "DNS needs to point to itself."
(There are some exceptions where the DNS server doesn't need
to resolve names but pointing to itself is practically ALWAYS ok.)

 

[Lanwench [MVP - Exchange]]

Hi, Jeff -

I replied in another group - if you need to post to multiple groups, it's
best to do so all at once in a single message (separate the NG names with
commas) so that everyone can follow the thread. A lot of people subscribe to
multiple groups, and this way you won't be asking anyone to reproduce
someone else's work, and everyone can benefit.

Crossposting = posting once to several newsgroups within a single message.
This is not a Bad Thing (presuming the list of groups posted to is small,
and all the groups are truly relevant to your question)

Multiposting = posting separate, identical posts to several newsgroups. This
is a Bad Thing.

See http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Ace Fekay [MVP]]

In

Your XP workstation needs to point to the W2K DNS server in order for
it to properly participate with AD. Your DC/DNS server should point
to itself or nothing for DNS. In the DNS service's properties itself,
configure the server to Forward to your ISP's DNS.

As for your remote desktop issues, you'll have to provide more
details. From where to where, exact error messages, etc.

For the remote desktop issue, maybe he's trying to get to it by FQDN and
since he's not properly using his own DNS and using his ISP's DNS, (assuming
so), then it can't resolve it. If NetBIOS is turned off or the NetBIOS
helper service, and trying to get to it by name, then that's another issue.
Same with the DHCP Client service is turned off (whether set to DHCP or
not).

One more thing about the can't find domain issue, in addtion to what you
posted, if Jeff's domain is a single label name (with SP4 installed) or
dynamic reg is note enabled on the zone, then that can cause the lack of the
SRVs.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In Lanwench [MVP - Exchange]

Hi, Jeff -

I replied in another group - if you need to post to multiple groups,
it's best to do so all at once in a single message (separate the NG
names with commas) so that everyone can follow the thread. A lot of
people subscribe to multiple groups, and this way you won't be asking
anyone to reproduce someone else's work, and everyone can benefit.

Crossposting = posting once to several newsgroups within a single
message. This is not a Bad Thing (presuming the list of groups posted
to is small, and all the groups are truly relevant to your question)

Multiposting = posting separate, identical posts to several
newsgroups. This is a Bad Thing.

See http://www.blakjak.demon.co.uk/mul_crss.htm

Hmm... now I'm curious what else was posted to help Jeff.... we could have
eliminated identical responses or commented on other responses to better
help him out. Cross posting would have sure helped him and us.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Lanwench [MVP - Exchange]]

Yes indeed. I don't remember which group I replied to or I would've
mentioned it - I sub to too many and don't feel like searching thru my
entire sent items folder. I think I replied with my standard "are all
computers pointing to the AD DNS server IP *only*" question....

In Lanwench [MVP - Exchange]

Hi, Jeff -

I replied in another group - if you need to post to multiple groups,
it's best to do so all at once in a single message (separate the NG
names with commas) so that everyone can follow the thread. A lot of
people subscribe to multiple groups, and this way you won't be asking
anyone to reproduce someone else's work, and everyone can benefit.

Crossposting = posting once to several newsgroups within a single
message. This is not a Bad Thing (presuming the list of groups posted
to is small, and all the groups are truly relevant to your question)

Multiposting = posting separate, identical posts to several
newsgroups. This is a Bad Thing.

See http://www.blakjak.demon.co.uk/mul_crss.htm

Hmm... now I'm curious what else was posted to help Jeff.... we could
have eliminated identical responses or commented on other responses
to better help him out. Cross posting would have sure helped him and
us.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

I can understand about searching all the subs! Well, hopefully between all
of us we were able to help out!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

"Lanwench [MVP - Exchange]"

Yes indeed. I don't remember which group I replied to or I would've
mentioned it - I sub to too many and don't feel like searching thru my
entire sent items folder. I think I replied with my standard "are all
computers pointing to the AD DNS server IP *only*" question....

In Lanwench [MVP - Exchange]

Hi, Jeff -

I replied in another group - if you need to post to multiple groups,
it's best to do so all at once in a single message (separate the NG
names with commas) so that everyone can follow the thread. A lot of
people subscribe to multiple groups, and this way you won't be asking
anyone to reproduce someone else's work, and everyone can benefit.

Crossposting = posting once to several newsgroups within a single
message. This is not a Bad Thing (presuming the list of groups posted
to is small, and all the groups are truly relevant to your question)

Multiposting = posting separate, identical posts to several
newsgroups. This is a Bad Thing.

See http://www.blakjak.demon.co.uk/mul_crss.htm

Hmm... now I'm curious what else was posted to help Jeff.... we could
have eliminated identical responses or commented on other responses
to better help him out. Cross posting would have sure helped him and
us.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Animesh]

Your XP workstation needs to point to the W2K DNS server in order for it
to properly participate with AD. Your DC/DNS server should point to
itself or nothing for DNS. In the DNS service's properties itself,
configure the server to Forward to your ISP's DNS.

As for your remote desktop issues, you'll have to provide more details.
From where to where, exact error messages, etc.

I think that in this case, the DNS server is not properly setup. For
active directory to work properly it needs to have a DNS with Dynamic
update feature which Win2K DNS or Bind 8.2.2 or above certainly have.
Now there has gotta be all the records for a DC to work properly.
Sometimes configuring the Reverse Lookup Zone Also helps a lot.
But in this case, since you are a student, try installing the DC again
with proper settings.
I can only suggest that as i dont have such huge practical exposure
like Ace has got here.

Animesh
MCSA (Windows 2000)

 

[Deji Akomolafe]

Herb, I just want to point out that if a Windows DNS server points to
NOTHING, it is the same as pointing to itself. Leaving the DNS server entry
blank is a good way to ensure that it is REALLY pointing to itself, and that
you've not made a typo. But, of course if you have multiple DNS servers,
then it may be prudent to manually stagger whom they point to (as long as
it's something INTERNAL) so as to avoid the old "island" issue.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Herb Martin]

Herb, I just want to point out that if a Windows DNS server points to
NOTHING, it is the same as pointing to itself. Leaving the DNS server entry
blank is a good way to ensure that it is REALLY pointing to itself, and that
you've not made a typo. But, of course if you have multiple DNS servers,
then it may be prudent to manually stagger whom they point to (as long as
it's something INTERNAL) so as to avoid the old "island" issue.

That's a good point -- I am not sure that I knew that.
(I was certainly not certain about it. <grin>)

Is that a dependable feature? e.g., Workstations without the DNS service
don't point to themselves for DNS server do they? (The request doesn't
actually happen does it?)

 

[Deji Akomolafe]

Workstations without the DNS service don't point to themselves for DNS
server do they? (The request doesn't actually happen does it?)
No.... they don't. No it doesn't That was why I said:By that I meant a computer that is actually running the DNS service.
It's actually a good one. Windows sets the blank to loopback address and
it's thence a local resolution, and all is fine. This is what you'd want to
do to avoid confusion in a multi-home DNS Server config. Instead of trying
to figure out (or, in our case, explain) which NIC should point to which
DNS, simply saying leave them blank helps a lot. And it helps Windows, too.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Ace Fekay [MVP]]

Workstations without the DNS service don't point to themselves for

server do they? (The request doesn't actually happen does it?)
No.... they don't. No it doesn't That was why I said:
By that I meant a computer that is actually running the DNS service.

It's actually a good one. Windows sets the blank to loopback address
and it's thence a local resolution, and all is fine. This is what
you'd want to do to avoid confusion in a multi-home DNS Server
config. Instead of trying to figure out (or, in our case, explain)
which NIC should point to which DNS, simply saying leave them blank
helps a lot. And it helps Windows, too.


Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com

Deji, just to touch base on the loopback, it's actually advised not to use
it. Matter of fact, realizing that leaving it blank puts it in, but did you
ever try to type it in? It won't take it. Also it will cause other issues,
one such minor one is when nslookup gets invoked, you'll get that familiar
"can't find..." msg.

Q172060 - NSLOOKUP Can't Find Server Name for Address 127.0.0.1 -
(another good reason not to use the loopback):
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q172060&

Q254715 - RAS Clients Receive 127.0.0.1 for DNS Server Address:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q254715&

And here's a post from Thomas Lee from awhile back about it:
============================
----- Original Message -----
From: "Thomas Lee [MVP]" <[email protected]>
Newsgroups: microsoft.public.win2000.dns
Sent: Saturday, October 12, 2002 11:13 AM
Subject: Re: DNS configeration

Ipconfig /displaydns should show you that a reverse lookup for 127.0.0.1
is already in place. Set your reverse lookup to the actual IP address of
your server.

127.0.0.0 is not a valid IP address for a host. This range is always a
local loopback address.

Thomas

Thomas Lee
===========================

Cheers!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Deji Akomolafe]

We have to talk to the Q author. Seriously speaking, this is incorrect. Yes,
you can't type in the loopback address. That's by design. But leaving the
entry blank has NEVER caused this issue for me in all the time I've been
doing it. I actually picked up on this about 3-4 years ago in a heated
discussion with one of the Softies i highly respect, and have been doing it
since. Yet to see a problem. Saves a lot of explanation, too.

I hope we are talking about the SAME thing here. What I'm saying is this:
IF (and ONLY IF) this server is a DNS Server Then
In TCP/IP config, where it says "Preferred DNS server"
do NOT put anything in there. Leave it blank

The quote from Lee that you referenced seems to indicate that someone
assigned 127.0.0.1 to a computer's IP address and that got registered in the
Reverse DNS zone. Same goes for Q254715. This is not the same as what I'm
saying. Leaving the "Preferred DNS server" blank and causing it to default
to 127.0.0.1 will NOT cause 127.0.0.1 to be registered anywhere (reverse or
forward).

I hope this clears up the loop a bit

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

We have to talk to the Q author. Seriously speaking, this is

incorrect. Yes, you can't type in the loopback address. That's by
design. But leaving the entry blank has NEVER caused this issue for
me in all the time I've been doing it. I actually picked up on this
about 3-4 years ago in a heated discussion with one of the Softies i
highly respect, and have been doing it since. Yet to see a problem.
Saves a lot of explanation, too.

I hope we are talking about the SAME thing here. What I'm saying is
this: IF (and ONLY IF) this server is a DNS Server Then
In TCP/IP config, where it says "Preferred DNS server"
do NOT put anything in there. Leave it blank

The quote from Lee that you referenced seems to indicate that someone
assigned 127.0.0.1 to a computer's IP address and that got registered
in the Reverse DNS zone. Same goes for Q254715. This is not the same
as what I'm saying. Leaving the "Preferred DNS server" blank and
causing it to default to 127.0.0.1 will NOT cause 127.0.0.1 to be
registered anywhere (reverse or forward).

I hope this clears up the loop a bit


Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hi Dèjì,

We're talking about the same thing. Yes, leaving it blank will force the
machine to put the loopback in.

This was discussed awhile back in the groups. General consensus, even among
a couple of the Microsoft folks even agreed (like I said, general consensus)
to not use it. But it is easier to explain to someone to do it this way.

I just wanted to bring that to the table...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Deji Akomolafe]

This was discussed awhile back in the groups. General consensus, even
among
It is quite possible that I have been wrong all along. So, for the past 2
hours I've gone back through my Virtual Lab Single-DC Domain and started
messing with my TCP/IP config on my DC and ran some tests from 5 clients -
including a VPN client. Unfortunately, I haven't yet seen any indication
that there is anything close to what the Q articles described happening.
Reading Lee's referenced material again, I get the impression that he was
not talking about the same thing we are talking about here.

I am not an authority on these matters, though. So, again I COULD BE WRONG.
Learning is an evolution, no?

Thanks much

NB:
One thing I can not fathom, though, is HOW would setting the "Preferred DNS"
value to blank cause a PTR of 127.0.0.1 to be registered for the machine?
Setting it to a random (unknown) address broke AD as expected, but it did
NOT put anything in DNS.

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Ace Fekay [MVP]]

This was discussed awhile back in the groups. General consensus,

It is quite possible that I have been wrong all along. So, for the
past 2 hours I've gone back through my Virtual Lab Single-DC Domain
and started messing with my TCP/IP config on my DC and ran some tests
from 5 clients - including a VPN client. Unfortunately, I haven't yet
seen any indication that there is anything close to what the Q
articles described happening. Reading Lee's referenced material
again, I get the impression that he was not talking about the same
thing we are talking about here.

I am not an authority on these matters, though. So, again I COULD BE
WRONG. Learning is an evolution, no?

Thanks much

NB:
One thing I can not fathom, though, is HOW would setting the
"Preferred DNS" value to blank cause a PTR of 127.0.0.1 to be
registered for the machine? Setting it to a random (unknown) address
broke AD as expected, but it did NOT put anything in DNS.

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hmm, you know, I haven't ever tested it, so I was going by what you were
saying! Oh well... the learning process!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jim Carlock]

All I know is there's a Hosts file that says:

127.0.0.1 localhost

or maybe it's the otherway around. And that hosts file IS used
by DNS to map names to IPs or IPs to names, that I'm not
quite sure on. I originally thought it was a Wins thing, but it
is that Hosts files that gets edited when you want all x-rated
websites to loop back to the a localized NOT ACCESSIBLE
page which runs on one of your IIS servers. No?

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Ace Fekay [MVP]"

It is quite possible that I have been wrong all along. So, for the
past 2 hours I've gone back through my Virtual Lab Single-DC Domain
and started messing with my TCP/IP config on my DC and ran some tests
from 5 clients - including a VPN client. Unfortunately, I haven't yet
seen any indication that there is anything close to what the Q
articles described happening. Reading Lee's referenced material
again, I get the impression that he was not talking about the same
thing we are talking about here.

I am not an authority on these matters, though. So, again I COULD BE
WRONG. Learning is an evolution, no?

Thanks much

NB:
One thing I can not fathom, though, is HOW would setting the
"Preferred DNS" value to blank cause a PTR of 127.0.0.1 to be
registered for the machine? Setting it to a random (unknown) address
broke AD as expected, but it did NOT put anything in DNS.

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hmm, you know, I haven't ever tested it, so I was going by what you were
saying! Oh well... the learning process!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

All I know is there's a Hosts file that says:

127.0.0.1 localhost
or maybe it's the otherway around.

That's correct -- IP first because technically, items with multiple names
are allowed, e.g.,

192.168.10.1 router mymachine othername

Putting the IP first, made it easier for the early IP programmers to parse
the file.

And that hosts file IS used
by DNS to map names to IPs or IPs to names,
that I'm not quite sure on.

Actually it's not (used by the DNS client or DNS server).
It's used by IP name resolution which includes:

1) checking the local host name
2) checking the hosts file
3) checking through DNS
4) (optionally, but the default, using NetBIOS methods.)

Many people incorrect believe that DNS servers resolve (for clients)
through the hosts file -- they do not. They only use the hosts file for
their own "CLIENT" IP name resolution purposes.

I originally thought it was a Wins thing, but it
is that Hosts files that gets edited when you want all x-rated
websites to loop back to the a localized NOT ACCESSIBLE
page which runs on one of your IIS servers. No?

One method. But technically it's no "loopback" unless you use the
local machine 127.0.0.1. You can send it to a real IIS server or
loop it back.

You can also do this with DNS (BIND helps here), Privoxy, Surf Control
(I am told) and things like Microsoft ISA (Proxy Server.)