DNS is DOA

  • Thread starter Thread starter DanaK
  • Start date Start date
D

DanaK

I've had to uninstall the DNS service on a new
installation of of W2K server as, somehow, when I
preformed the DCPOMO the first time I created a caching-
only DNS server. Don't ask me how, it just happened.

Anyway, after the demoting and re-promoting I've re-
created the domain and the DNS LOOKS as if it should run
just fine. However, the multi-homed ISA server has never
been able to find it. It's always gone through the 15
minute DNS search and time-out routine in trying to log on
UNLESS I disable the external NIC, then it logs on almost
instantaneously (gigabit connection, Xeon processors).
Also, while I can't ping the DC's NIC while the external
NIC is enabled I get a positive ping when the external NIC
is DIS-abled. To make matters even more confusing the DC
can access the Internet through the ISA server just fine
so I know the NICs are working.

I took the ISA server out of the domain and tried to
rejoin but now the ISA can't find the domain. I'll
disable the external NIC to see if it can do this that way
when I send this.

I've been going through the troubleshooting proceedures
found on the "Troubleshooting Active Directory DNS Errors
in Windows 2000 - Domain Join Troubleshooting" and the
only thing that I find MIGHT be wrong on the DC is that in
the Name Server entry in the Foreward Lookup zone the FQDN
of the server has the period after the name and I can't
seem to correct this. Is this the same thing as finding
the "." domain in the DNS when DCPROMO is allowed to set
up the DNS?

Also, in my troubleshooting I seem to have done something
that created a "Cached Lookups" folder that has
"." - "net" - "root servers" under it. Is this
detremental to the operation of DNS on my network?

Thanks.
 
In
DanaK said:
I've had to uninstall the DNS service on a new
installation of of W2K server as, somehow, when I
preformed the DCPOMO the first time I created a caching-
only DNS server. Don't ask me how, it just happened.

Anyway, after the demoting and re-promoting I've re-
created the domain and the DNS LOOKS as if it should run
just fine. However, the multi-homed ISA server has never
been able to find it. It's always gone through the 15
minute DNS search and time-out routine in trying to log on
UNLESS I disable the external NIC, then it logs on almost
instantaneously (gigabit connection, Xeon processors).
Also, while I can't ping the DC's NIC while the external
NIC is enabled I get a positive ping when the external NIC
is DIS-abled. To make matters even more confusing the DC
can access the Internet through the ISA server just fine
so I know the NICs are working.

I took the ISA server out of the domain and tried to
rejoin but now the ISA can't find the domain. I'll
disable the external NIC to see if it can do this that way
when I send this.

I've been going through the troubleshooting proceedures
found on the "Troubleshooting Active Directory DNS Errors
in Windows 2000 - Domain Join Troubleshooting" and the
only thing that I find MIGHT be wrong on the DC is that in
the Name Server entry in the Foreward Lookup zone the FQDN
of the server has the period after the name and I can't
seem to correct this. Is this the same thing as finding
the "." domain in the DNS when DCPROMO is allowed to set
up the DNS?

Also, in my troubleshooting I seem to have done something
that created a "Cached Lookups" folder that has
"." - "net" - "root servers" under it. Is this
detremental to the operation of DNS on my network?

Thanks.
Click to expand...

Recommendation is on an ISA (or any other mutli homed machine) is to point
both NICs to itself for DNS. Then in your DNS configure a forwarder to the
ISP's for efficient Internet resolution. This way all intial queries go to
your own DNS server, so you can login and AD functions. This is also true
for ALL internal machines. This way AD will function properly or numerous
other errors can occur.

I would also suggest to move the external NIC to the bottom of the binding
order (in Network & Dialup Settings, Adv menu, Adv Settings). Also suggested
to disable MS Client and F & P Services and NetBIOS on the extenral NIC.
Also tell DNS to only listen on the internal interface (DNS properties,
Interface tab).

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thanks, I'll try this out at the other location. I've had
this same configuration running at my office since January
and have been trying to copy it with the results I
outlined before. My external NIC at the office is on top
in the Adapters and Bindings tab with nothing checked
while the internal NIC has everything checked. Also, the
external NIC's DNS servers are our ISP's while the
internal NIC's is ours.

I've never had the time out problems on our ISA server at
the office and have gone through all the setting
adjustments I could think of until now. I had to disable
the external NIC to rejoin the domain and everything seems
to be working now but since we're still in the set-up
stage I'll give your settings a try as I don't want the
server shutting down in a power outage and try to come
back with the external NIC enabled.
 
In
DanaK said:
Thanks, I'll try this out at the other location. I've had
this same configuration running at my office since January
and have been trying to copy it with the results I
outlined before. My external NIC at the office is on top
in the Adapters and Bindings tab with nothing checked
while the internal NIC has everything checked. Also, the
external NIC's DNS servers are our ISP's while the
internal NIC's is ours.

I've never had the time out problems on our ISA server at
the office and have gone through all the setting
adjustments I could think of until now. I had to disable
the external NIC to rejoin the domain and everything seems
to be working now but since we're still in the set-up
stage I'll give your settings a try as I don't want the
server shutting down in a power outage and try to come
back with the external NIC enabled.
Click to expand...

I see. The reason you had to disable the external NIC to rejoin is because
the external NIC is at the top of the binding order. It will ask that guy
first "where's my domain" but since it has your ISP's as DNS, it's asking
the wrong DNS, hence the problem.

Just move it to the bottom, and willing to bet my paycheck that will take
care of the issue. There's no harm doing it and it will alleviate your
concerns.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top