Intermittent Internet Connection - DNS Netlogon refresh problem?

Darrel · Jun 15, 2004

I just reconfigured my DNS server (windows 2000 of course). It's an
all-in-one server with 2 network cards (thanks again Kevin). I seem to have
a problem with all my workstations. It seems that every hour they lose
internet connection for a few minutes. I'm not sure what's going on. I
have all client's DNS pointing to my internal DNS server only. It seems to
be that a refresh is happening - with DNS or Netlogon service and so I'm
losing internet connection while this happens. I'm not positive that this
is the problem - only a guess. Please help if you can????
thanks

Scott Harding - MS MVP · Jun 15, 2004

Why are there two network cards?

Darrel · Jun 16, 2004

one for public internet, one for local network

Scott Harding - MS MVP said:
Why are there two network cards?

Ace Fekay [MVP] · Jun 16, 2004

In

Darrel said:
one for public internet, one for local network

It's recommended NOT to multihome a DNS, DC, or Exchange server or mutliple
issues will occur, and I know, that was discussed in that other thread with
Kevin.

Any specific errors you're getting on a client or the server? If you *think*
it's based on Netlogon's default hourly registration period (in W2k only),
then an error will more than likely appear in the event viewer.

Have you tried changing the forwarder? Try 4.2.2.2.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Darrel · Jun 16, 2004

I understand that it's not recommended, but we're not going to buy another
server.
When this happens, the clients are just getting the "Page cannot be
displayed...Cannot find server or DNS Error" error in IE. There are no
errors in the event viewer. I'll try changing the forwarder and see what
happens.
thanks

"Ace Fekay [MVP]"

Scott Harding - MS MVP · Jun 16, 2004

You can try to adjust the binding order so that the external nic doesn't
register with DNS or WINS and this can help to get these registrations more
consistent for the clients. These are the types of problems you get when
running like this. This can work but it will take some tweaking. Is this
server doing NAT?

Darrel · Jun 16, 2004

I do have NAT running. As for the binding order, the internal NIC is on top
and the external NIC is underneath it. The external has nothing checked on
it. Thanks

Ace Fekay [MVP] · Jun 17, 2004

In

Darrel said:
I do have NAT running. As for the binding order, the internal NIC is
on top and the external NIC is underneath it. The external has
nothing checked on it. Thanks

On the external interface, have you disabled MS Client, F&P services and
Netbios?
In DNS server properties, interface tab, have DNS only listen on the
internal interface.

Did changing the forwarder work?

I've also seen this happen if the DNS server is directly connected to an
ADSL router using PPPoE and the router has a time out setting and will drop
the link due to inactivity. Once the connection is broken and the forwarder
is not available, DNS seems to fall asleep and when the connection comes
back up, DNS doesn't, so a restart of the DNS server service will kick it
back to life.

If you do have an ADSL connection directly connected using PPP, check this
out. This is an old article, but it applies to W2k as well:
175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP Link Goes Down
{applies to W2k too]:
http://support.microsoft.com/?id=175436

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Darrel · Jun 17, 2004

"Ace Fekay [MVP]"

In

On the external interface, have you disabled MS Client, F&P services and
Netbios?
In DNS server properties, interface tab, have DNS only listen on the
internal interface.

The only thing I have checked on the external NIC is TCP/IP. The DNS Server
is setup to only listen on the internal interface.

Did changing the forwarder work?

No, it still loses connection for a few minutes.

I've also seen this happen if the DNS server is directly connected to an
ADSL router using PPPoE and the router has a time out setting and will drop
the link due to inactivity. Once the connection is broken and the forwarder
is not available, DNS seems to fall asleep and when the connection comes
back up, DNS doesn't, so a restart of the DNS server service will kick it
back to life.

If you do have an ADSL connection directly connected using PPP, check this
out. This is an old article, but it applies to W2k as well:
175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP Link Goes Down
{applies to W2k too]:
http://support.microsoft.com/?id=175436

Don't think this applies to me. I don't have to restart the server to get
the connection back. It just starts working again within a few minutes.
Plus, this never happened until I reconfigured the DNS server last week -
had been working ok for over 2 years.
thanks though!

Ace Fekay [MVP] · Jun 17, 2004

In

Darrel said:
I've also seen this happen if the DNS server is directly connected
to an ADSL router using PPPoE and the router has a time out setting
and will drop the link due to inactivity. Once the connection is
broken and the forwarder is not available, DNS seems to fall asleep
and when the connection comes back up, DNS doesn't, so a restart of
the DNS server service will kick it back to life.

If you do have an ADSL connection directly connected using PPP,
check this out. This is an old article, but it applies to W2k as
well: 175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP
Link Goes Down {applies to W2k too]:
http://support.microsoft.com/?id=175436

Click to expand...

Don't think this applies to me. I don't have to restart the server
to get the connection back. It just starts working again within a
few minutes. Plus, this never happened until I reconfigured the DNS
server last week - had been working ok for over 2 years.
thanks though!

No prob, just trying to work thru possibilities. So you say you do have
ADSL?

If I may ask, and I know you and Kevin were working on this together, but
what exactly was reconfigured with DNS last week? Usually it's prudent to
look at what was recently changed in determining problem causes with regards
to any tech issues, especially if you believe the problem just started
happening and a change was recently made and especially if it was working
for the past 2 years and all of a suddent it's not working.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Darrel · Jun 17, 2004

Ace said:
No prob, just trying to work thru possibilities. So you say you do have
ADSL?

If I may ask, and I know you and Kevin were working on this together, but
what exactly was reconfigured with DNS last week? Usually it's prudent to
look at what was recently changed in determining problem causes with regards
to any tech issues, especially if you believe the problem just started
happening and a change was recently made and especially if it was working
for the past 2 years and all of a suddent it's not working.

I'll try to explain what he/we did. I had to demote my domain controller
and repromote it in order to rename it - I used lan.publicname.com. I then
resetup the DNS zones and added a delegation under publicname.com zone for
lan.publicname.com and used my internal address. I setup some other things
on DNS, but still had some things messed up so I let Kevin use Terminal
Services to come in and finish up. It was strange though, because something
he said to set at my internal IP kept changing back to my public IP once I
reloaded the zone or once the Zone refreshed. For example:

Under the zone lan.publicname.com (active directory integrated with secure
updates only), the name of the computer (server1) keeps changing its IP
address to the public IP as a nameserver and host. This last time that it
did it, I just left it at the external address to see if that makes a
difference. I haven't noticed it yet, but I haven't been on the internet
all that much since then, so I'm still checking that out.
I had one other question about the reverse zones. The reverse zone for
192.168.1.x is AD integrated with secure updates only. And the reverse zone
for my public IP is Primary with NO updates. I know that Kevin said for the
forward public zones to NOT allow updates, but he still had the reverse zone
set up to YES updates. I changed it to NO. Which is correct?
thanks again

Ace Fekay [MVP] · Jun 17, 2004

In news:eSGH%[email protected],

I'll try to explain what he/we did. I had to demote my domain
controller and repromote it in order to rename it - I used
lan.publicname.com. I then resetup the DNS zones and added a
delegation under publicname.com zone for lan.publicname.com and used
my internal address. I setup some other things on DNS, but still had
some things messed up so I let Kevin use Terminal Services to come in
and finish up. It was strange though, because something he said to
set at my internal IP kept changing back to my public IP once I
reloaded the zone or once the Zone refreshed. For example:

Under the zone lan.publicname.com (active directory integrated with
secure updates only), the name of the computer (server1) keeps
changing its IP address to the public IP as a nameserver and host.
This last time that it did it, I just left it at the external address
to see if that makes a difference. I haven't noticed it yet, but I
haven't been on the internet all that much since then, so I'm still
checking that out.

If you only have one DNS server, I don't understand why you even needed a
delegation. If your AD DNS domain name is:
lan.publicname.com
Then just create that zone in DNS and allow updates. Do you have a parent or
the root domain called publicname.com and do you have a child domain called
lan.publicname.com or is it just the one AD domain name, which is also the
root of your forest, called: lan.publicname.com ? If that's so, I don't see
why a delegation was necessary. It can also invite errors if there's not a
DNS server to "delegate" to. Know what I mean?

Could you elaborate on that for me?

I had one other question about the reverse zones. The reverse zone
for 192.168.1.x is AD integrated with secure updates only. And the
reverse zone for my public IP is Primary with NO updates. I know
that Kevin said for the forward public zones to NOT allow updates,
but he still had the reverse zone set up to YES updates. I changed
it to NO. Which is correct?
thanks again

Internally its ok to let it allow updates. Externally, there's no need for a
reverse zone, since the public IP is owned by your ISP.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Kevin D. Goodknecht [MVP] · Jun 18, 2004

In

Darrel said:
Under the zone lan.publicname.com (active directory integrated with
secure updates only), the name of the computer (server1) keeps
changing its IP address to the public IP as a nameserver and host.
This last time that it did it, I just left it at the external address
to see if that makes a difference. I haven't noticed it yet, but I
haven't been on the internet all that much since then, so I'm still
checking that out.

Is that still happening?
Is DNS still only listening on the internal IP on the interfaces tab?
DNS is supposed to use the IP on the listener tab for the IP of the Domain
Controller, that is what is supposed to happen anyway. If DNS is listening
on the internal IP and it is giving the DC host record the public IP
something is amiss, there is a KB article on this I'll have to look it up
and post it when I can find it.

I had one other question about the reverse zones. The reverse zone
for 192.168.1.x is AD integrated with secure updates only. And the
reverse zone for my public IP is Primary with NO updates. I know
that Kevin said for the forward public zones to NOT allow updates,
but he still had the reverse zone set up to YES updates. I changed
it to NO. Which is correct?
thanks again

Your delegate reverse public zone should be set to no, in fact all you
public zones should be no updates, the inernal private zones should be Only
secure updates, I apologize if I missed that.

Kevin D. Goodknecht [MVP] · Jun 18, 2004

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:

In news:eSGH%[email protected],

If you only have one DNS server, I don't understand why you even
needed a delegation. If your AD DNS domain name is:
lan.publicname.com
Then just create that zone in DNS and allow updates. Do you have a
parent or the root domain called publicname.com and do you have a
child domain called lan.publicname.com or is it just the one AD
domain name, which is also the root of your forest, called:
lan.publicname.com ? If that's so, I don't see why a delegation was
necessary. It can also invite errors if there's not a DNS server to
"delegate" to. Know what I mean?

Could you elaborate on that for me?

The delegation is to the internal name of the DC
"server1.lan.publicname.com" with its private IP.

Ace Fekay [MVP] · Jun 18, 2004

In

Kevin D. Goodknecht said:
The delegation is to the internal name of the DC
"server1.lan.publicname.com" with its private IP.

Kevin, I was wondering where you were with this... glad you jumped in.

How many DNS servers are there? I'm kind of confused on this. Are there two
DNS servers or is there just one? I thought there was just one server. I'm
not able to make that clear thru the replies. If there's two, and there's
only one internally, where's the other one?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Darrel · Jun 18, 2004

Kevin D. Goodknecht said:
In

Is that still happening?

YES - right now, the nameserver/host server1.lan.publicname.com under the
lan.publicname.com is my external IP.

Is DNS still only listening on the internal IP on the interfaces tab?

YES - listens only on internal

DNS is supposed to use the IP on the listener tab for the IP of the Domain
Controller, that is what is supposed to happen anyway. If DNS is listening
on the internal IP and it is giving the DC host record the public IP
something is amiss, there is a KB article on this I'll have to look it up
and post it when I can find it.

Your delegate reverse public zone should be set to no, in fact all you
public zones should be no updates, the inernal private zones should be Only
secure updates, I apologize if I missed that.

No sweat - that is how it is currently setup. If you need to get back in
with TS, I'll enable it again.

Darrel · Jun 18, 2004

Yes Ace - this is the only server - Mail, Web, FTP, and DNS - I have a
reverse zone because of the mail pointer. thanks

"Ace Fekay [MVP]"

Darrel · Jun 18, 2004

Sorry - one more thing - I got event ID 6702 error this morning. I tried
looking some stuff up on it, but really lost.

Ace Fekay [MVP] · Jun 19, 2004

In

Darrel said:
Sorry - one more thing - I got event ID 6702 error this morning. I
tried looking some stuff up on it, but really lost.

Pardon my ignorance, then why are we delegating? What is being delegated
from what DNS server to what other DNS server? IF there is only one DNS
server, then I'm not seeing the necessity...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Ace Fekay [MVP] · Jun 19, 2004

In

Darrel said:
Sorry - one more thing - I got event ID 6702 error this morning. I
tried looking some stuff up on it, but really lost.

Due to a misconfiguration.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

Intermittent Internet Connection - DNS Netlogon refresh problem?

Darrel

Scott Harding - MS MVP

Darrel

Ace Fekay [MVP]

Darrel

Scott Harding - MS MVP

Darrel

Ace Fekay [MVP]

Darrel

Ace Fekay [MVP]

Darrel

Ace Fekay [MVP]

Kevin D. Goodknecht [MVP]

Kevin D. Goodknecht [MVP]

Ace Fekay [MVP]

Darrel

Darrel

Darrel

Ace Fekay [MVP]

Ace Fekay [MVP]