DNS Problem?? Help!!

  • Thread starter Thread starter Ron Sparks
  • Start date Start date
R

Ron Sparks

Have a problem at a client site. Installed Windows 2003 Server, using
active directory. Internet access is through a DSL modem. They currently
are using a Linksys router connected to the hub. The ISP uses static IP
addresses in their modem.

Clients are pointing to the Windows 2003 Server IP address for DNS. On the
server I have the IP address of the server for DNS, as well as the DNS IP
addresses from the ISP.

Three workstations accessing a database on the network have slow access, and
application stops responding, but one of the workstations does not have a
problem.

It seems that the workstations began having the problem after I added the
ISP's addresses to DNS and rebooted the server, but why did it not effect
the 1 workstation.

I have been reading other posts about using forwarders, how is that done,
and is it necessary in this case?

I am very frustrated!

Thank you for your help in advance!

Candace Sparks
 
In
Ron Sparks said:
Have a problem at a client site. Installed Windows 2003 Server, using
active directory. Internet access is through a DSL modem. They
currently are using a Linksys router connected to the hub. The ISP
uses static IP addresses in their modem.

Clients are pointing to the Windows 2003 Server IP address for DNS.
On the server I have the IP address of the server for DNS, as well as
the DNS IP addresses from the ISP.
Click to expand...

Remove the ISP's DNS from all machines as per your other thread.
Three workstations accessing a database on the network have slow
access, and application stops responding, but one of the workstations
does not have a problem.

It seems that the workstations began having the problem after I added
the ISP's addresses to DNS and rebooted the server, but why did it
not effect the 1 workstation.

I have been reading other posts about using forwarders, how is that
done, and is it necessary in this case?
Click to expand...

Forwarders are recommended but not required. If you try to enable forwarders
but you can't because it is configured as a root server, remove the Root "."
forward lookup zone. Until this zone is remove DNS probably won't resolve
internet names, I say probably because if the root zone has not been
delegated it can't find the root DNS servers.
Simply, removing the Root zone will enable internet resolution because it
enables Root Hints.
 
where do you get your IP addresses? or you are using
static ones?

what is your Linksys router capable of? does it do NAT?
 
I checked all the workstations and they are set up correctly. I did remove
the IPS DNS addresses from the tcp/ip settings on the Server. The DSL
router is configured with static IP addresses per the ISP, that is the
method they use. The Server and two workstations are new with new
technology, two workstations are older technology. It seems that most of
the problem is on the new workstations. The clients do not have a switch on
the network, it is a hub. Sometimes the access seems to be fine, then just
when you think everything is fine, the not responding errors happen again,
the printer is not responding most if the tine for the new workstations.

I am very frustrated! Any ideas??

Thank you for your help in advance!!

Candace Sparks
 
Another issue. I had the Server setup for DHCP, and initially set up the
Server using both NICS. The client has only one connection at this time for
the Server, so I had to reconfigure things. I unistalled DHCP, and allowed
the router to do DHCP, then I disabled the NIC card I was not using. Could
this have caused the problems we are having?
 
Ip addresses for the Dns servers at the ISP are static addresses, they are
configured in the DSL modem. The router does do NAT, the ip addresses from
the router are 192.168.1...... The IP address for the server is static, and
I excluded it from DHCP in the router.
 
For your curent set up, I would use the dns server as the
primary dns for your clients, and remove the root zone as
kevin mentiioned, and then set up a forwarder (the
router, 192.168.0.1) and use the root hints (from MS
directly or from the dns directory).

Then local resolution will be done from the zones hosted
on the server, and nonlocal names will be resolved by the
ISP's dns through the router ...
 
In
the confused said:
For your curent set up, I would use the dns server as the
primary dns for your clients, and remove the root zone as
kevin mentiioned, and then set up a forwarder (the
router, 192.168.0.1) and use the root hints (from MS
directly or from the dns directory).

Then local resolution will be done from the zones hosted
on the server, and nonlocal names will be resolved by the
ISP's dns through the router ...
Click to expand...
TCP/IP does not work this way, if the preferred DNS server times out it will
switch to the alternate, if the alternate answers with a negative answer the
query fails and will leave the alternate DNS at the top of the resolvers
list.

In an Active Directory environment, you must use the local DNS that has the
AD domain zone ONLY. No ISP's DNS allowed in any position on any NIC of a
member of an AD domain.
 
In
Ron Sparks said:
I checked all the workstations and they are set up correctly. I did
remove the IPS DNS addresses from the tcp/ip settings on the Server.
The DSL router is configured with static IP addresses per the ISP,
that is the method they use. The Server and two workstations are new
with new technology, two workstations are older technology. It seems
that most of the problem is on the new workstations. The clients do
not have a switch on the network, it is a hub. Sometimes the access
seems to be fine, then just when you think everything is fine, the
not responding errors happen again, the printer is not responding
most if the tine for the new workstations.
Click to expand...

This is probably being caused by your ISP's DNS.
I am very frustrated! Any ideas??
Click to expand...
One thing to keep in mind, in an Active Directory environment, domain
members (Win2k WinXP and Win2k3) look to DNS to find network resources and
the domain controller. If you have your ISP's DNS in any position on any
member of an AD domain, you can expect errors and slow network access. This
is because these members are looking in DNS to find the domain controller,
if you have your ISP's DNS in any position they will be trying to find the
domain controllers records in your ISP's DNS, and it won't be there.

I would suggest that you re-enable DHCP on the Win2k3 and configure at least
these options:
003 Router (Use the routers address)
006 DNS (use the Win2k3 Address)
015 Domain name (use the DNS name of your AD domain)

Then click on the properties of the scope or server select the DNS tab and
configure DHCP to register your older clients in DNS. (Optional)
 
I don't see what I suggested has anything contradicting
to what kevin said.

I don't know how TCP/IP work, and I don't know anything
about AD...

But I happen to know that this solution has been working
for many small business..and thy too use TCP/IP, AD,
cable/DSL/Wireless...
 
In
the confused said:
I don't see what I suggested has anything contradicting
to what kevin said.

I don't know how TCP/IP work, and I don't know anything
about AD...

But I happen to know that this solution has been working
for many small business..and thy too use TCP/IP, AD,
cable/DSL/Wireless...
Click to expand...

So what is going to happen when a member asks the ISP's DNS for the SRV
records that are only in the local DNS?
If the ISP's DNS answers not found, it won't ask the internal DNS, the query
will just fail. Let the internal DNS handle all the DNS queries and forward
unknown domains to the ISP.
 
"Let the internal DNS handle all the DNS queries and
forward unknown domains to the ISP."

Isn't that the solution solved?
 
In
the confused said:
"Let the internal DNS handle all the DNS queries and
forward unknown domains to the ISP."

Isn't that the solution solved?
Click to expand...

Yes, but you inferred that you should use the Internal DNS as the preferred
and the ISP's DNS as Alternate, that doesn't work. If either answers not
found that is it, the query fails even if the other DNS might know the
answer.
DNS queries work like this.
The preferred DNS get the query first, it get one second to answer, then the
Alternate is queried. If the Alternate answers within I think two seconds it
gets moved to the Preferred position. Even if the answer is negative, it
still gets moved to the Preferred, It seems like there is a time limit after
SP3 (I think) but until then its the boss as long as it answers, even if the
answer is negative.
Seems like before SP3, you had to reboot or reset the NIC to switch them
back. But I could be wrong, that may still be true.
 
kevin, now I really don't think you read what I posted, ;-
) based on what ron said, I suggested he use his server
as the primary dns server for the clients, and also
configures the server as a forwarding server that uses
the router as a forwarder. ron did not give another
server to use as a secondary server for the clients, so
there is no alternative dns server for the clients to use.

as to how the windows resovers behave it seems irrelevant
here...
 
In
Kevin D. Goodknecht said:
In
TCP/IP does not work this way, if the preferred DNS server times out
it will switch to the alternate, if the alternate answers with a
negative answer the query fails and will leave the alternate DNS at
the top of the resolvers list.

In an Active Directory environment, you must use the local DNS that
has the AD domain zone ONLY. No ISP's DNS allowed in any position on
any NIC of a member of an AD domain.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...


Kevin, I believe, after re-reading the post a couple times, that "the
confused" did say (in his own terminology) to use the internal DNS server
only and to configure a forwarder or use the Roots.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
the confused said:
kevin, now I really don't think you read what I posted, ;-
) based on what ron said, I suggested he use his server
as the primary dns server for the clients, and also
configures the server as a forwarding server that uses
the router as a forwarder. ron did not give another
server to use as a secondary server for the clients, so
there is no alternative dns server for the clients to use.

as to how the windows resovers behave it seems irrelevant
here...
Click to expand...

Then you should make it clear when you say use the DNS server as the primary
then go on to say that the router resolves the non local.

Actually the local DNS resolves all names local and non local whether you
have a forwarder set or not is not relevant, because you don't know if it is
the forwarder or if DNS is using recursion. the local DNS resolves all
names.

I apologize if I misinterpreted your reply, but you leave yourself open for
misinterpretation when you say use the local DNS "as the primary DNS". Which
BTW is an incorrect term, it is not primary or secondary, those are zone
types; the correct terms are Preferred and Alternate.

You must remember that people are used to having two DNS servers in the
list, many think you MUST have two DNS servers listed. Which is not true,
but you have to clarify that to them. Having one local DNS, even if it is on
an old piece of "junk" puts you at an advantage over an ISP that has two DNS
servers being shared by ten thousand users.
 
come on Kevin..I thought all are veterans here. MS
started use the new terms since when, and they give those
terms to me as my own?

http://patriot.net/doc/win95/win9xdns.shtml

did ron identified all clients he has?

I tried to avoid confusing others, used "as the
primary dns for your clients", but still..sigh.

Now I'm not just confused, but also too old.

Have a nice weekend everyone, cheers!
 
Back
Top