recursive query

[Guest]

Dns server installed in windows 2003 small business serveur premium, with
isa un-installed, nslookup report an error (on the server) when i try
www.microsoft.com. When i test with a recursive query inside mmc, a have an
error too. The redirectors are well setted, internet connection work fine,
on the server and on the network. Nslookup doesn't work on pc on the
network. The name resolution in Exchange 2003 with pop3 connection doesn't
work too. Any idea

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Dns server installed in windows 2003 small business
serveur premium, with isa un-installed, nslookup report
an error (on the server) when i try www.microsoft.com.

What kind of error does nslookup give you?

When i test with a recursive query inside mmc, a have an
error too.

Have you tried giving the DNS server a forwarder?

The redirectors are well setted, internet

connection work fine, on the server and on the network.
redirectors?

Nslookup doesn't work on pc on the network. The name
resolution in Exchange 2003 with pop3 connection doesn't
work too. Any idea

In an Active Directory environment the DC must point to its own address for
DNS, only. (if the DC has the DNS for the AD domain)
The same is said for a Active Directory clients, use the DC for DNS, only.

Another problem is caused from using the same domain name for the AD domain
as the public domain name on the internet. The internal DNS server will not
be able to resolve names from the public domain, unless you add the names to
it. Names for instance like www, mail, etc. will have to be added to the
internal DNS server by the use of host "A" records, or delegations.
An example of what you need to add and how to add it is, for www.domain.com,
open the forward lookup zone for domain.com, right click and select new host
from the list, name the host www, give it the IP address of the web server.
You will probably need to run ipconfig /flushdns from a command line before
it will work, to flush the cache of a negative answer.

 

[Guy RULKIN]

In

What kind of error does nslookup give you?

a timeout error

Have you tried giving the DNS server a forwarder?

yes : fowarder = redirector (french version)

The redirectors are well setted, internet

redirectors?

sorry, it's a french version and i translate fowarder by redirector. I have
2 forwarders from my isp

In an Active Directory environment the DC must point to its own address for
DNS, only. (if the DC has the DNS for the AD domain)
The same is said for a Active Directory clients, use the DC for DNS, only.

Win 2003 sbs has its own address for dns, the external address only
(192.168.1.200), not the 127.... 2 Nics are setup in the server but one is
disabled. Someone disabled the second nic and setted-up ISA on a second
server with two nics. I think he had problems with isa on the first server
The first server is connected to internet throught the default gateway (the
isa server) with its own adresse as dns server
There is only 2 servers on the lan. One Win 2000 with isa server alone and
the main serveur with exchange 2003, sql 2000, dns, ...
The serveur doesn't need to be joined from outside the lan.
The servers wasn't setup by me. If i un-install the dns and i re-setup it,
do you think it works better?

Another problem is caused from using the same domain name for the AD domain
as the public domain name on the internet. The internal DNS server will not
be able to resolve names from the public domain, unless you add the names to
it. Names for instance like www, mail, etc. will have to be added to the
internal DNS server by the use of host "A" records, or delegations.
An example of what you need to add and how to add it is, for www.domain.com,
open the forward lookup zone for domain.com, right click and select new host
from the list, name the host www, give it the IP address of the web server.
You will probably need to run ipconfig /flushdns from a command line before
it will work, to flush the cache of a negative answer.

the domaine is named "domaine.local". The name resolution for the domain
work fine

 

[Kevin D. Goodknecht Sr. [MVP]]

In

"Kevin D. Goodknecht Sr. [MVP]" <[email protected]> a
écrit dans le message de


a timeout error

yes : fowarder = redirector (french version)


sorry, it's a french version and i translate fowarder by
redirector. I have 2 forwarders from my isp

OK That sounds better. Sorry for the poor translation. In English a redirect
would mean I don't have it, I'm going to send you over there to get it. That
is NOT how a forwarder works, if the DNS server doesn't have the answer, it
says to the client I'll go get the answer for you wait here.
The DNS server itself has the ability to ask a DNS server "do you have the
answer, if you don't, where can I get the answer? But that isn't a recursive
lookup, it is an iterative lookup. A Forwarder is not asked for these types
of lookups. The whole process is called recursion

Your DNS server will ask its forwarder for recursion, "Do you have the
answer, and if you don't can YOU go get the answer and return it to me?" A
forwarder MUST support recursion.

If ISA is in the mixed make sure the ISA has rules to support the type of
lookup the DNS server is using.
In other words, if ISA is not configured to allow your DNS server to do
iterative lookups you are going to have problems, unless you check the box
on the forwarders tab "Do not use recursion" then make sure the DNS server
has a recursive DNS server as its forwarder. If ISA is in proxy mode, you
will probably want to use ISA as its forwarder. If ISA is in firewall mode
make sure the rules allow your DNS server to connect to external DNS
servers. For the type of lookup it uses. If you don't have a forwarder
enabled, the DNS server has no choice but to use iterative lookups, which
requires it to be able to connect to any DNS server on the internet.
If it has a Forwarder enabled, the forwarder must be able to return the
final answer and not a referral.

the domaine is named "domaine.local". The name
resolution for the domain work fine

This tells me that DNS is working.