Two 2k servers and DNS issues

  • Thread starter Thread starter jake
  • Start date Start date
J

jake

In my computer class we have 2 Windows 2000 Advanced
Servers, and we set one up to do DHCP and NAT (connects
the rest of the school to us for internet), the other is
setup to be the dns server and what not (its the primary
domain controller). Our problem is that they cannot
share DNS information or perfom replication. The DHCP
server cannot talk to the other server to get updates or
anything. We Tried reinstalling both servers and so know
we are wondering what is the best order to setup
everything up? I talked about getting both on the domain
(which will setup DNS too) then do DHCP then NAT. Any
opinions or ideas would be great.

Thanks,
Jake
 
Are you saying you have primary ad zones on both and they are not
replicating?
If so, check for connectivity both ways. Check both zones are dynamic
update enabled. Check both servers are using the same Primary DNS suffix
(see ipconfig /all). If the zones are std primary and std secondary, check
the Zone Transfer tab and make sure the primary allows the secondary to xfr.
 
In addition to William's suggestions, and asuming you want to use your
internal DNS server for resolution and AD, I would look at the server you're
using for NAT.

There are two NICs in it. The NIC for the internal network must be at the
top of the Binding order. This way it always listens to the internal NIC
first. Important with AD and DNS on this box. To configure that, look in
Network & Dialup Connections, Adv menu, Adv settings. Make sure it shows up
in the top.

As for the outside NIC, uncheck File & Print Services, uncheck MS Client
Service, uncheck "Register This Connection" in IP Properties, Adv, DNS tab.

In IP properties, only use the internal DNS server's IP address for DNS on
BOTH NICs. Make sure that only the outside NIC is the only one with the
gateway from your organization.

Back to your internal DNS server, configure a forwarder to your ISP. If the
option is grayed out, delete the Root zone (looks like a period) and close
the DNS console and re-open it and try again. More info on how to do both
here if not sure of:
http://support.microsoft.com/?id=300202

Under the interface tab, tell it to only listen to the internal IP address.

What's probably going on, is that in DNS, the NAT AD server's resolution
maybe returning as the outside NIC. You want the inside NIC to register only
it's IP. In DNS, delete any reference to the outside NIC. You may also have
to put in a reg entry to stop the LdapIpAddress from registering and also a
reg entry to stop it from registering the outside NIC only (not the inside
one). This is a tricky issue since AD and DNS together is not recommended on
a NAT server because of this behavior. I do it all the time on my instructor
machine in class to offer the students Internet access. My instructor
machine is a domain controller, DNS and NAT. I set this up all the time and
it works like a charm. Follow the rest of this and we may get away without
the reg entries, as I've been doing it for years. If there are any problems,
we may have to do the reg entries to insure this.]



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
1.The DHCP server cannot talk to the other server to get updates or
anything.Can you ping each server by IP or name?
2.Our problem is that they cannot share DNS information or perfom
replication? Are the servers pointing to the DNS Server?
3. Is the Domain control hosting a Primary Zone or a secondary zone?
4.How many DNS server do you have?
5. Do you have the support tools installed? If so, can you run netdiag /v/l
and then post the netdiaglog.txt so we can see the configuration.
6. Can you run ipconfig /all > servername.txt and post it here.
 
In
jake said:
In my computer class we have 2 Windows 2000 Advanced
Servers, and we set one up to do DHCP and NAT (connects
the rest of the school to us for internet), the other is
setup to be the dns server and what not (its the primary
domain controller). Our problem is that they cannot
share DNS information or perfom replication. The DHCP
server cannot talk to the other server to get updates or
anything. We Tried reinstalling both servers and so know
we are wondering what is the best order to setup
everything up? I talked about getting both on the domain
(which will setup DNS too) then do DHCP then NAT. Any
opinions or ideas would be great.

Thanks,
Jake
Click to expand...

Is DHCP properly setup?
Do these things:
1 In ADUC select the properties of the server that has DHCP running, then
select the Member of Tab, if DnsUpdateProxy is not listed click Add and
select DnsUpdateProxy group.
2 In your DHCP server make sure you have at least these options:
003 Router (use the address that the DHCP clients will use for internet
access)
006 DNS server (use the address(es) of your AD Domain DNS server(s)
015 DNS Domain Name (use the actual DNS Domain name for your AD Domain)
081 (to set this option in the DHCP snapin right click on your DHCP server's
name select properties then select the DNS tab)

Using these settings allows DHCP to do secure updates of your AD Domain's
Forward Lookup Zone.

NEVER use your ISP's DNS in any NIC's TCP/IP properties, always use ONLY
your AD DNS server then configure DNS as per Step 3 of this KB article:
300202 - HOW TO Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&FR=1
 
We ended up making the gateway a non dc and just a member
of the domian and no replications are going on, things
are working great. Thanks for the tips, we did use a few
of them which helped make things go better. FYI this was
for a computer school in las vegas called atech
(http://www.atech.org) so if you have any interest in
more support its the STS area we are doing this in.

thanks,
jake
 
Back
Top