very strange problem

[Ninoo Pauls]

Hi

I have win 2003 machine and the DNS server. there is a site called
xxx.in.xxxxxx.com . If I check in the nslookup , it returns the IP, but when
i ping or check in IE , the name is not resolving.

Can someone help me

Regards
Neo

 

[Kevin D. Goodknecht [MVP]]

In

Hi

I have win 2003 machine and the DNS server. there is a site called
xxx.in.xxxxxx.com . If I check in the nslookup , it returns the IP,
but when i ping or check in IE , the name is not resolving.

Can someone help me

Regards
Neo

Are you sure the name is not resolving?
What does ping return?
What exact error does IE give? You may need to uncheck "Show friendly HTTP
error messages" on the advanced tab of Internet Options.

 

[Michael Johnston [MSFT]]

In the IP settings of the machine you are attempting to connect from, do you have more than one DNS server specified? If so,
remove the second DNS server so that you are only pointing to the DNS server that NSLOOKUP is querying. Also, try running
"ipconfig /flushdns" from a command prompt and test again.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.

 

[Ninoo Pauls]

Hi
Thanks for the help(Michael and Kevin). I think I figured out the problem.
There are 2 DNS servers , one a local and another one a public. The local
one has entries of certain local sites. These are not transfered to the
Public DNS.

In my machine although the first prefered server is the local DNS, i think
my machine at times favours the Public DNS server ,and hence the confusion.

I suspect this to be a Bug because when my first prefered DNS Server is
online, how can windows decide to go to the second. Sadly this cannot be
simulated easily.

Regards
Ninoo Pauls



----- Original Message -----
From: "Michael Johnston [MSFT]" <[email protected]>
Newsgroups: microsoft.public.win2000.dns
Sent: Wednesday, November 05, 2003 7:50 PM
Subject: RE: very strange problem

In the IP settings of the machine you are attempting to connect from, do

you have more than one DNS server specified? If so,

remove the second DNS server so that you are only pointing to the DNS

server that NSLOOKUP is querying. Also, try running

"ipconfig /flushdns" from a command prompt and test again.

Thank you,
Mike Johnston
Microsoft Network Support

rights. Use of included script samples are subject to the

terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this

message are best directed to the newsgroup/thread from

 

[Kevin D. Goodknecht [MVP]]

In

Hi
Thanks for the help(Michael and Kevin). I think I figured out the
problem. There are 2 DNS servers , one a local and another one a
public. The local one has entries of certain local sites. These are
not transfered to the Public DNS.

In my machine although the first prefered server is the local DNS, i
think my machine at times favours the Public DNS server ,and hence
the confusion.

If you have two DNS servers, one for public records and one for private
records, the internal machines should not have the public DNS in their setup
at all. the same goes for the private DNS you would not want it publishing
to the public name space.

I suspect this to be a Bug because when my first prefered DNS Server
is online, how can windows decide to go to the second. Sadly this
cannot be simulated easily.

This is not a bug this is how DNS is supposed to behave, you should remove
the public DNS from your NIC setup.

 

[Ninoo Pauls]

Ok in that case, if I am an user who uses the Internet and also the local
sites, which DNS Server should my machine point to ?

Regards
-ninoo

 

[Ace Fekay [MVP]]

In

Ok in that case, if I am an user who uses the Internet and also the
local sites, which DNS Server should my machine point to ?

Regards
-ninoo

Point to yourself only for DNS. Don't use any external DNS (like the ISP's).
Then use a forwarder. If the Forwarding Option is grayed out, delete the
Root zone. How to? Easy, see this article, it will show you how to do both
steps. This insures AD works properly.
http://support.microsoft.com/?id=300202




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In

Ok in that case, if I am an user who uses the Internet and also the
local sites, which DNS Server should my machine point to ?

Internal machines must point to the DNS with the private records, it will
forward or use root hints, to resolve any name it does not know.

 

[Ninoo Pauls]

Hi
Thanks thanks and thanks but
Thats alright, My machine is pointed towards the local DNS only, but my
second DNS is the the Public DNS. Then I assume only if the local DNS fails
my machine should seek the public DNS, but at times what happens is when I
ping it seeks the 2nd DNS Server(public DNS) and while nslookup , it sticks
to the first DNS server(local DNS).But always both the DNS servers are
stable and healthy.

Regards
Ninoo Pauls

 

[Kevin D. Goodknecht [MVP]]

In

Hi
Thanks thanks and thanks but
Thats alright, My machine is pointed towards the local DNS only,
but my second DNS is the the Public DNS. Then I assume only if the
local DNS fails my machine should seek the public DNS, but at times
what happens is when I ping it seeks the 2nd DNS Server(public DNS)
and while nslookup , it sticks to the first DNS server(local DNS).But
always both the DNS servers are stable and healthy.

Is your "second" DNS server a member of your local domain? If it is is
should only point to the internal DNS server.
One point to remember is that the DNS server that sits on this machine is in
no way relying on the DNS listed in TCP/IP properties it will resolve names
based on the zones in its scope and by either using the forwarders on the
forwarders tab or using root hints, meaning it will resolve names by asking
the root servers.
The same goes for the internal DNS server, if it does not hold the zone, it
will ask the forwarder or the root server. But all machines that belong to
the local domain must refer only to this one, because it is the one that
knows the location of the DC.
The only machines that refer to the DNS server that holds the public zone
are ones that are outside your NAT device, because it holds the public view.

 

[Ace Fekay [MVP]]

In

Hi
Thanks thanks and thanks but
Thats alright, My machine is pointed towards the local DNS only,
but my second DNS is the the Public DNS. Then I assume only if the
local DNS fails my machine should seek the public DNS, but at times
what happens is when I ping it seeks the 2nd DNS Server(public DNS)
and while nslookup , it sticks to the first DNS server(local DNS).But
always both the DNS servers are stable and healthy.

Regards
Ninoo Pauls

Ninoo,

I think you missed the point here.

As Kevin and I are saying, you cannot use a DNS server for your Active
Directory DCs or clients that DOES NOT have a copy of the Active Directory
zone name. Does this "public" DNS server have a copy of the AD zone name?

Does that make sense?

If you do, all kinds of errors occur. Odd things occur too, like what you
are seeing.

If you don't believe us, please read this article and it will explain what
we are talking about.
http://support.microsoft.com/?id=291382




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Michael Snyder [MSFT]]

Failure isn't the only reason for using the 2nd DNS server, slow
performance, subnet calculations, and a few other things can also cause the
public DNS server to be selected over your local DNS server.

The correct thing to do is to point to your local DNS server only, and have
that server forward to the public DNS server or use root hints.

Listen to Ace and Kevin - they know what they are talking about.
--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi all

THanks , but thats not my answer

There are 2 DNS servers let "P" be the public DNS server and "I" be the internal DNS server.

I have "I" as my 1st DNS server and "P" as my 2nd DNS Server.

As you are saying all the records(for internal resolution) in "I" are not available in "P" that true.

But when "I" is healthy and running fine, how can my machine choose "P" for resolving.


I think this point(from micheal) puts a sheds a lot of light

"Failure isn't the only reason for using the 2nd DNS server, slow
performance, subnet calculations, and a few other things can also cause the
public DNS server to be selected over your local DNS server"

Is there a KB relating to this, on what basis it choosed the 2nd DNS server

Once again thanks for the repsonse, and bear with me for the slow response :-(

Regards
Ninoo Pauls

 

[Kevin D. Goodknecht [MVP]]

In

Hi all

THanks , but thats not my answer

There are 2 DNS servers let "P" be the public DNS server and "I" be
the internal DNS server.

I have "I" as my 1st DNS server and "P" as my 2nd DNS Server.

As you are saying all the records(for internal resolution) in "I" are
not available in "P" that true.

But when "I" is healthy and running fine, how can my machine choose
"P" for resolving.


I think this point(from micheal) puts a sheds a lot of light

"Failure isn't the only reason for using the 2nd DNS server, slow
performance, subnet calculations, and a few other things can also
cause the
public DNS server to be selected over your local DNS server"

Is there a KB relating to this, on what basis it choosed the 2nd DNS
server

Once again thanks for the repsonse, and bear with me for the slow
response :-(

Regards
Ninoo Pauls

I went back through the thread, to understand what is going on. To tell the
truth, this entire thread has gotten so confusing.
I need you to clarify for me what the problem is.
For what I understand now, and correct me if I'm wrong. You have two DNS
servers, one internal, one external and you have a record on the external
the internal is not resolving, correct?
The answer is not to use the external DNS on internal machines at all. The
way to fix this is to put that record on the internal DNS by either using a
host record or a delegation.
You can't use both DNS servers in your internal machines because the two DNS
servers cannot resolve all records to the same IP. They have differnet views
of your nework, that is the part to remember.