In
Oktay Gür said:
Yes It was (212.212.212.212)my secondary dns but not anymore because i
deleted after you tell me.And I created PTR records for my A records
and start to waiting up.?.!!!!!!!Why i cant use to secondary dns for
my external DNS server...!!?
Why??? Here's a copy of most of the information on AD & DNS. I hope it helps
you with other AD and DNS issues. If you have any questions, please post
back.
__________________________
__________________________
AD & DNS:
Just an FYI about AD, DNS, authentication, finding the domain, GPOs, RPC
issues, etc:
I usually see these sort of errors (GPOs not working, can't find the domain,
RPC issues, etc), when the ISP's DNS servers are listed on a client, DCs
and/or member servers. If you have your ISP's DNS addresses in your IP
configuration (all DCs, member servers and clients), they need to be REMOVED
and ONLY use the internal DNS server(s). This is what is causing the whole
problem.Just a little background: AD uses DNS. DNS stores AD's resource and
service locations in the form of SRV records, hence how everything that is
part of the domain will find resources in the domain. If the ISP's DNS is
configured in the any of the internal AD member machines' IP properties,
(including all client machines and DCs), the machines will be asking the
ISP's DNS 'where is the domain controller for my domain?", whenever it needs
to perform a function, (such as a logon request, replication request,
querying and applying GPOs, etc). Unfortunately, the ISP's DNS does not have
that info and they reply with an "I dunno know", and things just fail.
Unfortunately, the ISP's DNS doesn't have information or records about your
internal private AD domain, and they shouldn't have that sort of
information.
Also, don't use use the router as a DNS or DHCP server either. If you are
using your NT4 as a DNS server in your AD domain, change it over to Win2003
DNS. Same with DHCP. NT4 DNS cannot support AD's SRV requirements and
dynamic updates.
If there are multiple DNS entries in the IP properties of a machine (whether
a DC, member server or client), it will ask the first DNS entry in the list
first. If it doesn't have the answer, it will go to the second entry, but it
REMOVES the first entry from the "eligible resolvers" list, and won't go
back to it. This can cause issues within AD when accessing a resource such
as a printer, folder, getting GPOs to function, etc. Another good reason to
ONLY use the internal DNS server(s).
For Internet resolution, the Root Hints will be used by default, unless a
root zone exists (looks like a period or dot "." zone). Therefore, the
recommended "best practice" to insure full AD and client functionality is to
point all machines ONLY to the internal server(s), and configure a forwarder
to your ISP's DNS. This way all machines query your DNS and if it doesn't
have the answer, it asks outside. If the forwarding option is grayed out,
delete the Root zone (that dot zone). If not sure how to perform these two
tasks, please follow one of the two articles listed below, depending on your
operating system. They show a step by step on how to perform these tasks.
291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/?id=291382
323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
(forwarding) :
http://support.microsoft.com/?id=323380
300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000
(forwarding) :
http://support.microsoft.com/?id=300202
825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036
Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain (whether it was upgraded or not, this is full of useful information
relating to AD and DNS, among other info):
http://support.microsoft.com/?id=555040
Domain Controller's Domain Name System Suffix Does Not Match Domain Name:
http://support.microsoft.com/?id=257623
Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?id=826743
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/?id=300684
828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/?id=828263
Posted 5/22/07
Do not configure the DNS client settings on the domain controllers to point
to your Internet Service Provider's (ISP's) DNS servers:
http://smtp25.blogspot.com/2007/05/do-not-configure-dns-client-settings-on_818.html
__________________________
__________________________
Ace
