DNS Issue?

  • Thread starter Thread starter Jeff D
  • Start date Start date
J

Jeff D

I have a small network setup in my home. I have a windows 2000 server
running DNS, IIS and Exchange 2000. I have a DSL modem, connected to a
Linksys Switch model EZXS55W, connected to 2 Linksys BEFSR41 routers. One
of the routers is for my external network and the other is for my internal
network, both have static IP addresses. The Win2K server has 2 network
cards, one connected to each router. The external router has all of the
required ports forwarded to the server to handle e-mail, web and dns. I
host a couple of domains on exchanges, typically through pop3. This system
has been running for a couple of years.

Here's my problem, it has been intermittent since I set this up. Everything
works fine for a while, every day or two, I can no longer resolve domain
names. When I ping mail.someone.com I get the error "ping could not find
the host mail.someone.com". If I ping the IP address of the router I get a
response back. When I go into Windows and turn on DNS logging I can see the
request coming in, getting resolved and sent back out. When I look at the
routers log I can see the request in the routers incoming log and nothing in
the routers outgoing log. When I try to access the internet from the server
it works fine. When I open my e-mail from an machine on the internal
network, configured for using Exchange Server, it works fine. The only
things that stop working seem to be anything that has to do a DNS lookup. A
few times when I would reset the modem it would start working again, but not
consistently. A few times when I reset the router it would start working
again, but not consistently. When I go into Windows and disable the
external network adapter and then re-enable it everything works, every time.
I swapped my routers thinking the one might have a problem, no difference.
I replaced my Linksys LNE100TX nic with an Intel Pro/100 S Server card, same
problem.

Any ideas?

Thanks in advance

Jeff D.
 
Jeff - there's a great newsgroup for wireless problems like yours:
alt.internet.wireless
Very helpful folks, much responsive traffic.
 
Possibly:

1. On the Server, go to My Network Places properties - Advanced/Advanced
Settings - make sure the internal router Local Area Connection is at the top
of the binding order. Do not set a default gateway on this connection. On
the Local Area Connection for the Server NIC connected to the external
router, set the external router's internal IP as your default gateway. Set
both Local Area Connections to use the Server's internal router NIC for
primary DNS.

2. In the DNS console on the Server, make sure DNS is listening only on the
internal NIC. Make sure Forwarders are properly configured to ISP's DNS
server. Make sure zones are authoritative for any domains which need to be
resolved internally and only internal IP addresses are listed.

3. On internal clients, make sure they point only to the Server's internal
NIC for DNS. Default gateway should be internal IP of internal router.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
In
Doug Sherman said:
Possibly:

1. On the Server, go to My Network Places properties -
Advanced/Advanced Settings - make sure the internal router Local Area
Connection is at the top of the binding order. Do not set a default
gateway on this connection. On the Local Area Connection for the
Server NIC connected to the external router, set the external
router's internal IP as your default gateway. Set both Local Area
Connections to use the Server's internal router NIC for primary DNS.

2. In the DNS console on the Server, make sure DNS is listening only
on the internal NIC. Make sure Forwarders are properly configured to
ISP's DNS server. Make sure zones are authoritative for any domains
which need to be resolved internally and only internal IP addresses
are listed.

3. On internal clients, make sure they point only to the Server's
internal NIC for DNS. Default gateway should be internal IP of
internal router.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
Click to expand...

Would just like to add in addition to your great pointers, may want to check
if the router has a time out for the connection. Increase it or eliminate it
so it's always connected.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I did #1, so far so good.
I don't understand why on #2 or #3. My internal network doesn't use DNS.
What exactly do you think is happening that would cause this problem. I am
trying to understand how it works so if I have problems in the future I can
troubleshoot a little better. Is there anything I can read about how that
prtion of windows works?

Thanks again for your help.
 
In
Jeff D said:
I did #1, so far so good.
I don't understand why on #2 or #3. My internal network doesn't use
DNS. What exactly do you think is happening that would cause this
problem. I am trying to understand how it works so if I have
problems in the future I can troubleshoot a little better. Is there
anything I can read about how that prtion of windows works?

Thanks again for your help.
Click to expand...

Hi Jeff,

I don't understand, you do not have DNS on your internal network? Then how
is your AD and Exchange running? AD requires DNS, it stores AD's resource
and service locations in DNS, and Exchange requires AD, therefore, Exchange
requires DNS, specifically your internal DNS only, since that;s the guy that
has all of AD's answers when a machine asks DNS for 'where is my domain?'.
If you use the ISP's DNS, it won't have that answer and AD won't properly
function.

As for the dual NIC issue, that's problematic on a DC/DNS server due to both
IPs registering in DNS. There are a couple registery settings we can modify
to stop the outer card from registering. But all in all, you need to point
both NICs only to the internal IP of this server for DNS (assuming that this
DC/DNS/Exchange server is the dual homed machine). This way you insure AD
functionality. For efficient outside resolution, configure a forwarder in
DNS to the ISP's DNS. If the forwarder option is grayed out, just delete
your Root zone (looks like a period). This way it will take care of DNS
resolution. This article show how to configure a forwarder and delete that
root zone if you have it:
http://support.microsoft.com/?id=300202

As for the interface to listen on, since this DNS is only for internal use,
you would configure DNS to only listen to requests from the internal NIC's
IP.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I guess I didn't explain the system correctly.
My internal network doesn't use a domain controller, each workstation
user logs on to the machine locally. Each user then uses Outlook in
Corporate/Workgroup mode and setups a an Exchange server service and
point to the DC\exchange server to retrieve their e-mail. That's why
I have 1 nic in the server hooked to the internal network.

The DNS part of the server is for external users. I host my own DNS
records for the domains I service so when access to the server through
the internet is need for Web pages or pop3 mail or OWA or what ever
the DNS server then resolves the name.
 
In
Jeff D said:
I guess I didn't explain the system correctly.
My internal network doesn't use a domain controller, each workstation
user logs on to the machine locally. Each user then uses Outlook in
Corporate/Workgroup mode and setups a an Exchange server service and
point to the DC\exchange server to retrieve their e-mail. That's why
I have 1 nic in the server hooked to the internal network.

The DNS part of the server is for external users. I host my own DNS
records for the domains I service so when access to the server through
the internet is need for Web pages or pop3 mail or OWA or what ever
the DNS server then resolves the name.
Click to expand...

Interesting. With all due respect, this is a different arrangement. I
actually played around with something like this experimenting on my own
system, and I was offering email services to clients from my own Exchange
system, which I had a T1 at home. I never joined my machine to the domain. I
used Outlook in corp mode as well accessing my mail, but did notice when I
would change my DNS addresses on my own workstation when I would perform
some tests for folks out here in the newsgroups with an outside DNS server,
and when I was done, I would sometimes forget to point my workstation back
to my own DC/DNS server that was hosting the zone for my domain (which of
course is what Exchange needs to access AD), I found I couldn't retrieve my
mail. I would say, stupid me!!! I forgot to put it back! For I know, that as
I previously explained in my previous post, to access Exchange, which means
your are REALLY accessing AD for authentication and DNS to 'find' Exchange,
you need only to use your internal DNS servers!! Of course I had a forwarder
configured for outside access to my 'external' DNS server.

I hope that makes sense. AD/Exchange is DNS based. No way around that Jeff.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top