Internal Websites Periodically Can't Be Resolved

  • Thread starter Thread starter Mark Olbert
  • Start date Start date
In
You see what the problem is that you have defined your router for DNS
on your internal client. You should only point to the Win2k DC for
DNS and remove the router from the NIC on all domain members. The DNS
server on your Win2k should forward to the router.
The reason it starts working when you run ipconfig /registerdns is
that this command resets the DNS order and puts the internal server
back at the top. Your internal DNS has the records you need but the
Router does not.
Then to get the Win2k to resolve names in arcabama.com that only
exist in the External DNS server you must add the records to the
internal DNS server on the Win2k. It must be done this way to resolve
your issues.
If you have issues with using the setup I noted, please post back,
I'll be glad to help you resolve them. But you must use the Win2k DNS
for all internal clients and domain members.

You also have issues with your public DNS you are missing NS records
your master nameserver is not answering with authority (it's lame)
take a look at this
http://www.dnsreport.com/tools/dnsreport.ch?domain=arcabama.com



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...

A simple solution for a simple problem blown out of proportion. If one read
up on AD's DNS requirements during the design phase, this would not have
happened.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
SRV records are an industry standard that were NOT created by Microsoft, but
used by their services and applications. You will see them used more and
more in the future by other companies. Microsoft was pretty much one of the
first, if not the first to use them.

Apparently your internal websites not being to be resolved periodically is
due to your DNS config on your machines, based on your posted ipconfig /all.
The DNS resolver service works in such a manner that it will use the first
in the list, if it doesn't provide an answer, it will go to the second one,
but it will remove the first one from the eligible resolver list and won't
go back to it unless the system is restarted, or the DNS client service is
restarted on the client machine. Hence your whole issue.
Click to expand...

I don't follow your reasoning, if there is in fact any behind your statement. Why in the world would
the DNS server running on the PDC >>ever<< not be able to resolve a request? It's never crashed, and
the DNS has never died (well, except when I restarted it trying to solve the problem).
Cardinal rule: USE ONLY YOUR INTERNAL DNS SERVER THAT HOSTS YOUR AD ZONE.
Using any others, such as your ISP's or your firewall/router, *WILL* cause
undesirable and unpredicatable results and *MAY/WILL* cause AD to not
function properly.
Click to expand...

Gee, am I allowed to define fowarders in this so-called DNS server? Or must it interface directly to
the internet? I sure hope not; I have little enough time to babysit cranky Windows servers as it is
without dealing with all the security flaws and challenges of one connected directly to the outside
world.

Regarding your snide comments about my lack of research...fascinating that my online research, after
the fact as it may hav been, failed to turn up that information until now, nor was it included in
either of the two tech manuals on Win2K server administration I purchased and read.

Since you seem to like quoting rules, here's one you shoudl study, as you apparently don't
understand it, and would definitely benefit from pondering it:

Cardinal rule: MAKE PRODUCTS THAT ACTUALLY WORK WHEN PEOPLE TRY TO USE THEM.

If AD cannot function properly when it interacts with DNS systems that CAN BE CONFIGURED TO USE
MULTIPLE DNS SERVERS (or have you forgotten that that is the case, sir, under Windows?) THEN THE
FAULT IS IN THE DESIGN OF HOW AD WORKS WITH DNS. Any company that would design client software that
allows for, in fact encourages, multiple DNS servers to be specified for network connections, and
then also makes (according to your statements) server software that won't work when their very own
client software is configured that way is guilty of plain and simple lousy architecting, if not
gross stupidity.

Sheesh, it's absolutely STUNNING to me how MS has managed to convince so many people that poor
design decisions, sloppy architecture, and inadequate testing are somehow the fault of the customer!

- Mark
 
A simple solution for a simple problem blown out of proportion. If one read
up on AD's DNS requirements during the design phase, this would not have
happened.
Click to expand...

You, sir, are a stunningly useless tech support person.

I've previously pointed out the idiocy and blindness of your perspective in another post, so I shant
repeat it here.

All I can say is, I hope for the sake of other people on this newsgroup that your official or
quasi-official relationship with it is terminated as quickly as possible.

- Mark
 
In Mark Olbert <[email protected]> posted a question
Then Kevin replied below:
:: A simple solution for a simple problem blown out of proportion. If
:: one read up on AD's DNS requirements during the design phase, this
:: would not have happened.
:
: You, sir, are a stunningly useless tech support person.
:
: I've previously pointed out the idiocy and blindness of your
: perspective in another post, so I shant repeat it here.
:
: All I can say is, I hope for the sake of other people on this
: newsgroup that your official or quasi-official relationship with it
: is terminated as quickly as possible.
:
: - Mark

Excuse me? This is no way to speak to someone trying to help you.
You need to remove the router's address from the NIC on the ipconfig you
posted. It is going to cause errors.
It is not needed for internet resolution, you can use it as a forwarder.
Read this article starting at step 3: 300202 - HOW TO: Configure DNS for
Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1
 
In
Mark Olbert said:
I don't follow your reasoning, if there is in fact any behind your
statement. Why in the world would the DNS server running on the PDC
the DNS has never died (well, except when I restarted it trying to
solve the problem).


Gee, am I allowed to define fowarders in this so-called DNS server?
Or must it interface directly to the internet? I sure hope not; I
have little enough time to babysit cranky Windows servers as it is
without dealing with all the security flaws and challenges of one
connected directly to the outside world.

Regarding your snide comments about my lack of research...fascinating
that my online research, after the fact as it may hav been, failed to
turn up that information until now, nor was it included in either of
the two tech manuals on Win2K server administration I purchased and
read.

Since you seem to like quoting rules, here's one you shoudl study, as
you apparently don't understand it, and would definitely benefit from
pondering it:

Cardinal rule: MAKE PRODUCTS THAT ACTUALLY WORK WHEN PEOPLE TRY TO
USE THEM.

If AD cannot function properly when it interacts with DNS systems
that CAN BE CONFIGURED TO USE MULTIPLE DNS SERVERS (or have you
forgotten that that is the case, sir, under Windows?) THEN THE FAULT
IS IN THE DESIGN OF HOW AD WORKS WITH DNS. Any company that would
design client software that allows for, in fact encourages, multiple
DNS servers to be specified for network connections, and then also
makes (according to your statements) server software that won't work
when their very own client software is configured that way is guilty
of plain and simple lousy architecting, if not gross stupidity.

Sheesh, it's absolutely STUNNING to me how MS has managed to convince
so many people that poor design decisions, sloppy architecture, and
inadequate testing are somehow the fault of the customer!

- Mark
Click to expand...

I stated why in my previous post (3rd paragraph) why it's doing this - based
on the way the DNS Resolver service works. If it wasn't clear, I would
suggest to re-read it. Matter of fact, the resolver service on legacy
Windows and *nixes work this way too. The mutliple DNS addresses are meant
to be a FAULT TOLERANT mechanism and not to bounce back and forth between
them. So every DNS address needs to have a copy of the same zone data in any
internal DNS infrastructure. Your router DOES NOT HAVE THAT.

And I'm not even sure why I'm bothering to reply anymore to your posts. If
only you read up on how all this stuff works, you wouldn't be having a
problem, instead of trashing everyone and reading more into it then what's
really going on.

As I said, you need to read up on this stuff before jumping.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Mark Olbert said:
You, sir, are a stunningly useless tech support person.

I've previously pointed out the idiocy and blindness of your
perspective in another post, so I shant repeat it here.

All I can say is, I hope for the sake of other people on this
newsgroup that your official or quasi-official relationship with it
is terminated as quickly as possible.

- Mark
Click to expand...

Apparently you just don't do your homework before intiating a project. I've
tried to help and be couteous as best as I can in between your tirades, but
you just seem to keep dwelling on this.

I bet you still haven't even removed your router's addresss from your
machines due to your apparent stubborness or even read my previous post of
WHY THIS IS HAPPENING to you, you know, the one you trashed me in over there
too.

Kevin, I think we've covered why his problems are occuring and how to fix it
for this poster. Time to move on... agreed?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
:
: Apparently you just don't do your homework before intiating a
: project. I've tried to help and be couteous as best as I can in
: between your tirades, but you just seem to keep dwelling on this.
:
: I bet you still haven't even removed your router's addresss from your
: machines due to your apparent stubborness or even read my previous
: post of WHY THIS IS HAPPENING to you, you know, the one you trashed
: me in over there too.
:
: Kevin, I think we've covered why his problems are occuring and how to
: fix it for this poster. Time to move on... agreed?
:
I've tried to get him to remove the router, it's bad enough that he has so
many IP addresses on the DC in the first place. Then he admits that his
sites are internal only, and he expects a public DNS to resolve names that
by his own admission, they are not on the public DNS server. Then he wants
to trash Microsoft because the machine won't check both DNS servers before
giving the NXDOMAIN. I guess he does not understand that once a DNS server
answers NXDOMAIN the query fails and won't go to another DNS server.


Off Topic below this line.
****************************************************************************
****
Oh and Ace, BTW what do you think about Netdig?
William sure has a winner on this one, I'd like to see it rolled into
Windows, so it can be used without having to adjust the .NET Framework.
 
In
Kevin D. Goodknecht said:
In Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&[email protected]> posted a
question
Then Kevin replied below:
I've tried to get him to remove the router, it's bad enough that he
has so many IP addresses on the DC in the first place. Then he admits
that his sites are internal only, and he expects a public DNS to
resolve names that by his own admission, they are not on the public
DNS server. Then he wants to trash Microsoft because the machine
won't check both DNS servers before giving the NXDOMAIN. I guess he
does not understand that once a DNS server answers NXDOMAIN the query
fails and won't go to another DNS server.


Off Topic below this line.
****************************************************************************
****
Oh and Ace, BTW what do you think about Netdig?
William sure has a winner on this one, I'd like to see it rolled into
Windows, so it can be used without having to adjust the .NET
Framework.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...

I see what you mean. When I went to dnsstuff, it does show some
irregularities:
========================
209.233.238.103
Click to expand...
Server: rbru.br.rs.els-gms.att.net
Address: 199.191.128.103

Name: adsl-209-233-238-103.dsl.snfc21.pacbell.net
Address: 209.233.238.103
ns.bitmine.com
Click to expand...
Server: rbru.br.rs.els-gms.att.net
Address: 199.191.128.103

Non-authoritative answer:
Name: ns.bitmine.com
Address: 209.233.238.103
=========================
and also:

=========================
arcabama.com
Click to expand...

NetDig 1.6
opcode: QUERY, status: NOERROR, id: 23
flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

QUESTION SECTION:
arcabama.com. IN A

ANSWER SECTION:
arcabama.com. 198008 IN A 63.195.52.179

AUTHORITY SECTION:
arcabama.com. 569953 IN NS nameserver.arcabama.com.

ADDITIONAL SECTION:
nameserver.arcabama.com. 172699 IN A 63.195.52.179
=========================

Reverse zones not delegated, lame nameserver, etc, basically all
misconfigurations.

I don't want to say anything else regarding Mark Olbert's configuration and
his network. Apparently being a coder, he believes he has it correct, even
though his ipconfig and other indicators state totally otherwise.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Kevin D. Goodknecht [MVP] <[email protected]> posted their thoughts,
then I offered mine

Off Topic below this line.
****************************************************************************
****
Oh and Ace, BTW what do you think about Netdig?
William sure has a winner on this one, I'd like to see it rolled into
Windows, so it can be used without having to adjust the .NET
Framework.
Click to expand...

Got to hand it to William for all the work he put into this.
:-)

I haven't needed to adjust anything with .NET so far. What did you have to
change to make it work?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
: In : Kevin D. Goodknecht [MVP] <[email protected]> posted their
: thoughts, then I offered mine
:
: <snip>
:
:: Off Topic below this line.
::
:
****************************************************************************
:: ****
:: Oh and Ace, BTW what do you think about Netdig?
:: William sure has a winner on this one, I'd like to see it rolled into
:: Windows, so it can be used without having to adjust the .NET
:: Framework.
::
:
: Got to hand it to William for all the work he put into this.
: :-)
:
: I haven't needed to adjust anything with .NET so far. What did you
: have to change to make it work?
:

My working folder is on a network share so I had to adjust the trust on the
executable. I haven't tried it from another machine but I suppose I'll have
to adjust the trust on those machines the first time I try to use netdig
from them. William stated I would have to do that if it is on a network
share.
 
In
Kevin D. Goodknecht said:
In Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&[email protected]> posted a
question
Then Kevin replied below:
****************************************************************************

My working folder is on a network share so I had to adjust the trust
on the executable. I haven't tried it from another machine but I
suppose I'll have to adjust the trust on those machines the first
time I try to use netdig from them. William stated I would have to do
that if it is on a network share.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...

I see. Didn't know you were doing it that way. I just extracted it into a
folder and put it in the path on my workstation. Works fine. :-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Mark Olbert said:
You, sir, are a stunningly useless tech support person.

I've previously pointed out the idiocy and blindness of your
perspective in another post, so I shant repeat it here.

All I can say is, I hope for the sake of other people on this
newsgroup that your official or quasi-official relationship with it
is terminated as quickly as possible.

- Mark
Click to expand...

Maybe if you don;'t believe me Mark (why you need to remove that router
address), you can believe the documentation on all of this. All you had to
do is search for it and read up on it.

Querying DNS Servers - how the DNS resolver service works
http://www.microsoft.com/technet/tr...prodtechnol/winxppro/reskit/prjj_ipa_bsmz.asp

Windows 2000 DNS Client Side Resolver Service [includes eligible resolver IP
lists (which DNS is being considered in the list), subnet priortization,
round robin, cache etc]:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cncf/cncf_imp_miqe.asp






--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
:
: I see. Didn't know you were doing it that way. I just extracted it
: into a folder and put it in the path on my workstation. Works fine.
: :-)
:
: --
: Regards,
: Ace
:

I have one computer downstairs and four upstairs, I keep my stuff on a
network share set up as my working directory so no matter which computer I'm
at, I got my stuff.
 
In
Kevin D. Goodknecht said:
I have one computer downstairs and four upstairs, I keep my stuff on a
network share set up as my working directory so no matter which
computer I'm at, I got my stuff.
Click to expand...

I see. Good way to do it.

I now just have the one workstation. I moved my servers out of here when I
dumped the T1. I guess I would have still put a copy on each in
individually.
 
Back
Top