DNS Questions

  • Thread starter Thread starter fd
  • Start date Start date
F

fd

Hi, I am having a problem trying to resolve a DNS configuration issue.
First, a little background may help. I recently inherited this network
setup; The network is running Windows 2000 Server sp4 with a WatchGuard
Firebox and an HP web server. The DC is running Windows 2000sp4 with Active
Directory. The DC, Firebox, HP webserver and all the workstations have
62.xxx static IP addresses . When I first started working on the problem, I
found that nobody could logon to the domain so when the network was setup,
it was setup as a workgroup. I found that the DNS server still had the root
dns zone entry. I followed the steps in KBA #260371. I also setup the DC as
a DNS server and now all workstations are configured to statically use the
DC dns IP. These changes enabled all workstations to join the domain. I
thought I had fixed the DNS problem but when I run nslookup, set the type=A,
type in the domain name "issa" I get the error "primary-server.issa can't
find ISSA: Non-existent domain. However, when I add a "dot" to the name
(ISSA.), it resolves correctly and says issa "A" records point to my ISP
DNS servers. Am I correct in understanding that when you run nslookup and
you have to add a "dot" to the domain name, this means that you do not have
a FQDN? The other problem that we have is that the domain has a single
label DNS name. I found KBA #300684 and hope it's recommendations fix the
"5781 netlogon error" but I am wondering if there is a fix for the FQDN
error or do I have to remove DNS from the server and start over? The next
step is setting up DHCP but I don't want to move in that direction until I'm
sure the DNS is working correctly. I hope I explained the problem clearly
enough and thanks in advance for your help.

FD
 
In
fd said:
Hi, I am having a problem trying to resolve a DNS configuration
issue. First, a little background may help. I recently inherited
this network setup; The network is running Windows 2000 Server sp4
with a WatchGuard Firebox and an HP web server. The DC is running
Windows 2000sp4 with Active Directory. The DC, Firebox, HP webserver
and all the workstations have
62.xxx static IP addresses . When I first started working on the
problem, I found that nobody could logon to the domain so when the
network was setup, it was setup as a workgroup. I found that the DNS
server still had the root dns zone entry. I followed the steps in KBA
#260371. I also setup the DC as a DNS server and now all workstations
are configured to statically use the DC dns IP. These changes
enabled all workstations to join the domain. I thought I had fixed
the DNS problem but when I run nslookup, set the type=A, type in the
domain name "issa" I get the error "primary-server.issa can't find
ISSA: Non-existent domain.
Click to expand...

Nslookup is an FQDN based query tool. IT has it's own internal mechanism,
not like ping, which uses the system's services to work. Nslookup queries
needs to be an FQDN to work. It doesn not work like ping, where you can give
it the single name and it will affix the suffix for the query.
However, when I add a "dot" to the name
(ISSA.), it resolves correctly and says issa "A" records point to
my ISP DNS servers.
Click to expand...

Sounds like you have your ISP's DNS server address in your IP properties. In
an AD structure, they need to be removed. It also sounds like your AD domain
name is the same as your external domain name (called a split-horizon
namespace).
Am I correct in understanding that when you run
nslookup and you have to add a "dot" to the domain name, this means
that you do not have a FQDN?
Click to expand...

Yes, due to DNS' hierarchal "tree' structure.

The other problem that we have is that
the domain has a single label DNS name.
Click to expand...

That is NOT GOOD.
I found KBA #300684 and hope
it's recommendations fix the "5781 netlogon error" but I am wondering
if there is a fix for the FQDN error or do I have to remove DNS from
the server and start over?
Click to expand...

There is no real fix. That article states a 'bandaid". There are many other
implications with single label domain names, such as the inablity for GPOs
to work correctly, DDNS registrations (with SP4), excessive bandwidth due to
DNS not knowing what to do with a single label name and therefore heavily
querying the Internet ISC Root DNS servers, etc. The AD domain name needs to
be renamed to the proper format.
The next step is setting up DHCP but I
don't want to move in that direction until I'm sure the DNS is
working correctly. I hope I explained the problem clearly enough and
thanks in advance for your help.

FD
Click to expand...

This has been discussed countless of times in the very recent past. You can
search on 'single label" to view the posts with your options and some
how-to's. Either way, it's really a matter of naming your AD domain name
properly. Just renaming it in DNS will not help AD since AD will need to
register into DNS, and AD uses the AD domain name, then looks at it's
PRimary DNS Suffix name, then looks for that name in DNS.

Sorry for the bad news.--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi Ace,
Thanks for taking the time to answer my question. I had a feeling we would
have to start from "scratch". We are going to create a new Active
Directory Domain on a new machine with DNS and then use the ADMT tool to
migrate all the users. This new AD will be called "name.local" (the
registered internet domain name is name.org). I think after that,
everything will work and it will prepare us in the future to install an
Exchange Server. Again, thanks for the excellent info.

FD
 
In
fd said:
Hi Ace,
Thanks for taking the time to answer my question. I had a feeling we
would have to start from "scratch". We are going to create a new
Active Directory Domain on a new machine with DNS and then use the
ADMT tool to migrate all the users. This new AD will be called
"name.local" (the registered internet domain name is name.org). I
think after that, everything will work and it will prepare us in the
future to install an Exchange Server. Again, thanks for the
excellent info.

FD
Click to expand...

Glad you understand the implications and what you need to do. Good luck in
your endeavors and if you need anymore info, please post back.

:-)



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top