Some https sites not resolved

[suegun]

Recently users have been unable to connect to some https sites from m
W2k AD network. I have a Windows 2000 DNS server and am using a no
authentic domain name internally. All machines have static private ip'
and my DNS server as the preferred DNS server, and our ISP's DNS a
secondary. I can access the sites using the sites ip addres
-https://206.204.191.104/dcx/login.jsp will connect, bu
https://chf.ilumin.com/dcx does not.

If I move the ISP's dns up to preferred dns, I can access the sites


-
suegu

 

[Glenn L]

When you send a query to DNS for an external domain name, the DNS server
needs to either resolve it via root hints, or forward it via configuring
forwarder to your ISP.
If the server attempts the root hints route and timesout itself, then it
will send a negative query result back to the client. (I think this is how
it works)
The client trusts the DNS servers response and does not try its secondary
DNS server. The secondary is only used if the first query times out.

I suggest you configure a forwarder on your DNS server to point to your ISP.

 

[Jonathan de Boyne Pollard]

All machines have [...] my DNS server as the preferred DNS server, and our ISP's DNS as secondary. Don't do that.

 

[suegun]

Thanks for the suggestion, I added my ISP's DNS as a forwarder on my DN
server, but still experience the same problem. Also, since I've adde
the forwarder, I can no longer connect to those sites by moving m
ISP's DNS into the primay slot on the workstation settings. Any mor
thoughts


-
suegu

 

[suegun]

Ignore that last statement. I can still connect by moving my ISP to th
preferred slot


-
suegu

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Recently users have been unable to connect to some https
sites from my W2k AD network. I have a Windows 2000 DNS
server and am using a non authentic domain name
internally. All machines have static private ip's and my
DNS server as the preferred DNS server, and our ISP's DNS
as secondary. I can access the sites using the sites ip
address -https://206.204.191.104/dcx/login.jsp will
connect, but https://chf.ilumin.com/dcx does not.

If I move the ISP's dns up to preferred dns, I can
access the sites.

First thing, if you have an Active Directory domain, do not use your ISP's
DNS in any position. Second, use the DNS managment console to expand Forward
Lookup Zones, if there is a "." zone, delete it, that will enable root
hints, then allow you to set a forwarder on the forwarders tab to your ISP's
DNS (optional)

 

[Ace Fekay [MVP]]

In

Ignore that last statement. I can still connect by moving my ISP to
the preferred slot.

As everyone is saying, don't use your ISP DNS on any machines. It will cause
numerous issues. Please configure a forwarder.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.