DNS on a local domain

[Robert Bartholomew Jr.]

I have a w2k advanced server with DNS, DHCP, and NAT setup.

To get the domain DNS working correctly with browsing and group policies I
had 2 zones. 1. being . 2. being 94rescue.local.
Howver I can not setup DNS Forwarders so my NAT will not send URL
information to the clients. But they can surf by IPs.

So to get this to work I had to remove zone 1 the . zone and then I can
setup Forwarders and the NAT shares the internet just fine. But them I
loose my domain browsing and my group policies stop working.

Can someone give me a hand?

 

[Ace Fekay [MVP]]

In

I have a w2k advanced server with DNS, DHCP, and NAT setup.

To get the domain DNS working correctly with browsing and group
policies I had 2 zones. 1. being . 2. being 94rescue.local.
Howver I can not setup DNS Forwarders so my NAT will not send URL
information to the clients. But they can surf by IPs.

So to get this to work I had to remove zone 1 the . zone and then I
can setup Forwarders and the NAT shares the internet just fine. But
them I loose my domain browsing and my group policies stop working.

Can someone give me a hand?

You'll have to remove the ISP's DNS from your machines IP properties, this
includes the DC and all your clients. Only use your internal server, that's
it. What you did is the proper recommendation. Just remove the ISP's and
everything will be fine. The reason is you're forwarding to it. If you use
it in IP properties, then AD will malfunction with numerous errors.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Robert Bartholomew Jr.]

Thats what I have. I have one NIC and its static internal IP with DNS
pointing to intself. All the clients are set with DHCP with internal IP,
gateway and DNS pointed to the internal server. But I am still having
problems.

 

[Ace Fekay [MVP]]

In

Thats what I have. I have one NIC and its static internal IP with DNS
pointing to intself. All the clients are set with DHCP with internal
IP, gateway and DNS pointed to the internal server. But I am still
having problems.

Re-reading your original post, for one, the root zone must be deleted, and
then you configure a forwarder.

Good top hear that you are only using your internal DNS.

But I'm way confused here about that one thing: you're saying you have one
NIC, but using NAT on the server? Please elaborate on that one.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Robert Bartholomew Jr.]

I have the one NIC connected to a switch to the rest of the network. The
server has DNS, DHCP and RRAS installed. The server connects to the
internet with an internal 56k modem. The RRAS makes the connection with NAT
demand dial.
All worked fine when I had the 2 dns zones but I caould not share the
internet properly since I could not setup dns forwarders. I had to remove
the root zone so that I could setup forwarders but now I am having network
problems.

 

[Ace Fekay [MVP]]

In

I have the one NIC connected to a switch to the rest of the network.
The server has DNS, DHCP and RRAS installed. The server connects to
the internet with an internal 56k modem. The RRAS makes the
connection with NAT demand dial.
All worked fine when I had the 2 dns zones but I caould not share the
internet properly since I could not setup dns forwarders. I had to
remove the root zone so that I could setup forwarders but now I am
having network problems.

Usually I see this with dual NIC machine is alo your DNS server, a domain
controller and performing NAT Note: I'm not talking about NOT ICS (Internet
Connection Sharing). If this is true NAT, then I would suggest to goto
Network and Connections, Advanced Menu Item. select the internal NIC and
make sure it is at the top of the list. That means it's at top of the
binding order. Now go into the outer card properties, DNS tab, deselect to
register this connection. Goto DNS properties, interface tab, and select to
only listen to the ineternal interface IP. Then in both NIC properties,
whether static or set to automatic, select the internal DNS IP manually.
Configure a forwarder. Make sure all machines use the internal IP only for
DNS. On the outer card, I would also disable NetBIOS and MS client services
and File and Print services.

Hope that helps


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:

In

Usually I see this with dual NIC machine is alo your DNS server, a
domain controller and performing NAT Note: I'm not talking about NOT
ICS (Internet Connection Sharing). If this is true NAT, then I would
suggest to goto Network and Connections, Advanced Menu Item. select
the internal NIC and make sure it is at the top of the list. That
means it's at top of the binding order. Now go into the outer card
properties, DNS tab, deselect to register this connection. Goto DNS
properties, interface tab, and select to only listen to the ineternal
interface IP. Then in both NIC properties, whether static or set to
automatic, select the internal DNS IP manually. Configure a
forwarder. Make sure all machines use the internal IP only for DNS.
On the outer card, I would also disable NetBIOS and MS client
services and File and Print services.

Ace, in addition, I think the problem with his group policies might be due
to the creation of a blank record for his dial up connection, and that file
sharing is correctly disabled on that IP address, he should disable the
blank record and manually create a blank record for his internal interface.
He should also set his dial up adapter to use the internal NIC IP for DNS.
Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

After he creates this registry entry he will need to manaully create the
blank record for his internal IP so that group policies can be properly
applied.

 

[Ace Fekay [MVP]]

Good points!

I hope it all helps him and is not too confusing.


Well, on a side note, Eagles playing Dallas next week. This ought to be a
heck of a game. The hype in Philly is huge right now. I'm going with the
Eagles by 7.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

In Ace Fekay [MVP]

 

[Robert Bartholomew Jr.]

Ok this did confuse me. If you could help a little more.

What I did do is change the settings on the dialup from optain DNS server to
a static pointing back to my servers DNS. NAT is still working for clients
so this is ok. But I still have the original problem.

 

[Robert Bartholomew Jr.]

Not sure what I did but now I am getting an event message.

Dynamic registration or deregistration of one or more DNS records failed
with the following error:
No DNS servers configured for local system

Damn this is driving me nuts

 

[Kevin D. Goodknecht [MVP]]

In

Not sure what I did but now I am getting an event message.

Dynamic registration or deregistration of one or more DNS records
failed with the following error:
No DNS servers configured for local system

If you only get this error once at start up you should just ignore this
event.

Damn this is driving me nuts

Can you post an ipconfig /all with the Dial up connected?

Also with the dial up connected right click on My Network Places, choose
properties, then in the Advanced menu, select Advanced settings, make sure
your internal interface is at the top of the order in the Connections pane,
in The Bindings pane File and Printer sharing and Client for MS Networks
should be bound to Internet Protocol only on the internal interface.

Also:
In the DNS server properties, on the interfaces tab set DNS to listen only
on these IP addresses, then put the IP of the internal interface in the
list.

 

[Robert Bartholomew Jr.]

No that is coming up regularly. I am still having trouble browsing the
network and group polices are not working correctly. This was all working
until I changed from a root server so that I could setup forswarders. I
wish there was another way or a way to fix this.

 

[Kevin D. Goodknecht [MVP]]

In

No that is coming up regularly. I am still having trouble browsing
the network and group polices are not working correctly. This was
all working until I changed from a root server so that I could setup
forswarders. I wish there was another way or a way to fix this.

Removing the root zone would not cause this, so you can get past that.
Did you do the things I advised in my previous post?
I would like for you to post the ipconfig /all for me.

 

[Robert Bartholomew Jr.]

After re reading this I wanted to make sure you know that I only have 1 NIC
in the server.

 

[Kevin D. Goodknecht [MVP]]

In

After re reading this I wanted to make sure you know that I only have
1 NIC in the server.

I know, but you have a dial up interface that will register its addresses in
DNS and create a blank record for its IP address whether you have it set to
register its addresses in DNS or not. The blank record is created for *ALL*
IP addresses on the DC even if it is a dial up and if you do not have it set
to register its addresses in DNS.

 

[Robert Bartholomew Jr.]

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : w2k-server
Primary DNS Suffix . . . . . . . : 94rescue.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : 94rescue.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NE2000 Compatible
Physical Address. . . . . . . . . : 00-40-05-3E-C8-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.100

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.110
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

PPP adapter {DF804717-87BF-4169-86F6-EE457ADAEFCF}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 209.92.100.76
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 206.245.170.75
DNS Servers . . . . . . . . . . . : 192.168.0.100

 

[Kevin D. Goodknecht [MVP]]

In

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : w2k-server
Primary DNS Suffix . . . . . . . : 94rescue.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : 94rescue.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NE2000 Compatible
Physical Address. . . . . . . . . : 00-40-05-3E-C8-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.100

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.110
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

PPP adapter {DF804717-87BF-4169-86F6-EE457ADAEFCF}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 209.92.100.76
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 206.245.170.75
DNS Servers . . . . . . . . . . . : 192.168.0.100

Your ipconfig looks pretty good, all interfaces I see are pointing to the
internal DNS server accept that I see your dial in interface is using the
same subnet range as the internal interface. You should give it a different
subnet in the order of 10.x.x.x. Then you can have DNS listen on that
address, along with 192.168.0.100.

Did you set the binding order as I stated? It is very important that your
internal interface be at the top of the binding order


If your group policies are not working then I suspect that your DNS is give
the IP address for your dial in interface, that is one reason you need to
move it to another IP address and make sure there is a Blank (same as parent
folder) record for 192.168.0.100 and that File Sharing is bound on that
interface.

If the dial in users are going to use group policies, you will need a blank
record for that interface and File Sharing is bound.

Under no circumstances I can think of do you need File sharing or a blank
record for the interface going to the ISP.

If this is also a global Catalog server you need to stop the registration of
the "gc._msdcs.94recue.local" Blank records and manually create the blank
records for the dial-in and internal IP addresses.
Here is the registry entry you need to make with regedt32 to stop the above
blank records, after you make the reg entry don't forget to create the
needed blank records.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

If this is not a global catalog you do not need the GcIpAddress, but if this
is the only DC it must be a Global Catalog

Once again, after you add this registry entry, restart Netlogon and manually
create the blank records for your internal IP address(s) for "94recue.local"
and "gc._msdcs.94recue.local"

 

[Robert Bartholomew Jr.]

Your ipconfig looks pretty good, all interfaces I see are pointing to the
internal DNS server accept that I see your dial in interface is using the
same subnet range as the internal interface. You should give it a different
subnet in the order of 10.x.x.x. Then you can have DNS listen on that
address, along with 192.168.0.100.

I too had seen that but I looked everywhere trying to find where to change
the settings for that interface. It is created automaticly when i
configured for NAT

Did you set the binding order as I stated? It is very important that your
internal interface be at the top of the binding order

Yes I did. There are only the NIC and the router.

If your group policies are not working then I suspect that your DNS is give
the IP address for your dial in interface, that is one reason you need to
move it to another IP address and make sure there is a Blank (same as parent
folder) record for 192.168.0.100 and that File Sharing is bound on that
interface.

Yes it does do that. If I ping the domain it resolved the internal interface
IP and pinged it. But as I said I could not find where to change it.

If the dial in users are going to use group policies, you will need a blank
record for that interface and File Sharing is bound.

Nope they dont need it. But there is a blank record automaticly created for
all interfaces.

Under no circumstances I can think of do you need File sharing or a blank
record for the interface going to the ISP.

Nor do I but the blank record is created for it automaticly.

If this is also a global Catalog server you need to stop the registration of
the "gc._msdcs.94recue.local" Blank records and manually create the blank
records for the dial-in and internal IP addresses.
Here is the registry entry you need to make with regedt32 to stop the above
blank records, after you make the reg entry don't forget to create the
needed blank records.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

If this is not a global catalog you do not need the GcIpAddress, but if this
is the only DC it must be a Global Catalog

Once again, after you add this registry entry, restart Netlogon and manually
create the blank records for your internal IP address(s) for "94recue.local"
and "gc._msdcs.94recue.local"

I am not sure about this. I would guess that it is. I will do these
changes.

Thanks,
Robert Bartholomew

 

[Robert Bartholomew Jr.]

Now I am getting this error. I did get it once before but when I did a
system restart I got a bunch of them.

The DNS server encountered a packet addressed to itself -- IP address
192.168.0.100.
The DNS server should never be sending a packet to itself. This situation
usually indicates a configuration error.

 

[Kevin D. Goodknecht [MVP]]

In

Now I am getting this error. I did get it once before but when I did
a system restart I got a bunch of them.

The DNS server encountered a packet addressed to itself -- IP address
192.168.0.100.
The DNS server should never be sending a packet to itself. This
situation usually indicates a configuration error.

There is only a few ways for the DNS server to be sending packets to itself.
Forwarding to itself, zone transfer to itself, notify itself of a zone
transfer, and a delegation to itself when it does not have the zone being
delegated.