[WARNING] Cannot find a primary authoritative DNS server --- DNS W/O AD, NOT DC, Stand Alone server

  • Thread starter Thread starter Joe
  • Start date Start date
J

Joe

I have setup Pri & Sec DNS server in W2K server SP4.
The Pri DNS server will be together with VPN server and have 2 NIC ( 2
internal IPs - 1 mapping to public IP in firewall [network A] & the
other connect to different network [network B] with internal IP behind
diff firewall).

Originally just VPN server installed to enable us to connect to office
network from home but also to connect to "client hosting in us"
network (that's why sec NIC installed), because no other server
available to dedicate for pri & sec DNS so we are planning to combine
it together (in 2 diff servers - Pri DNS has VPN server & Sec DNS has
backup server).

The Sec DNS server will be together with backup server and pretty much
the same NIC setting like Pri ones (2 NICs).

FYI these DNS servers will be use for all client's domain hosted with
us. Now these domains hosted in ISP DNS service but because need more
control and cut cost so will host by ourselves.

Both servers are stand alone servers without AD or DC.


1. I see there is warning like "[WARNING] Cannot find a primary
authoritative DNS server" when I do netdiag, what cause it?

2. If I just want to listen to internal network A NIC only but still
the DNS works, how to do that? I try choose the NIC that I use (not
all of them) and setup forwarder to ISP DNS, but in "Monitoring" tab
and do DNS query, result fail except if I choose all NIC.

3. I read somewhere for external only hosting like mine plans, the DNS
should not use AD DNS integrated, is it right?

4. All other internal network computers will still use ISP DNS in the
TCP/IP DNS client setting except for all the servers which will use
these new DNS server (before use ISP DNS also). Is this the correct
setting after new pri & sec DNS installed & tested?

5. Looks like the Dns working quite ok but sometimes timeout if I
nslookup from client machine which use ISP dns, is that because
something wrong with the setup?

6. For PTR record/reverse DNS, even though I already create all PTR
for the domains that host in my new DNS servers but when do nslookup
for prt, doesn't work except the one that has ptr record and still
host with ISP DNS. Do I have to ask ISP or Registrar to change the
authoritative DNS server pointing to our new DNS?? If that the case
how about the domain that still host iwth ISP DNS and has PTR record
when queried??

Really appreciate for every comment replied.
Thanks.

Regards,
Joe
 
In Joe <[email protected]> posted a question
Then Kevin replied below:

Joe,
This one is popular today, follow this KB article.
292822 - Name resolution and connectivity issues on a Routing and Remote
Access Server that also runs DNS or WINS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q292822

You'll need to add some registry entries and records, Skip the sections
relating to AD and Global Catalog.

I have setup Pri & Sec DNS server in W2K server SP4.
The Pri DNS server will be together with VPN server and
have 2 NIC ( 2 internal IPs - 1 mapping to public IP in
firewall [network A] & the other connect to different
network [network B] with internal IP behind diff
firewall).

Originally just VPN server installed to enable us to
connect to office network from home but also to connect
to "client hosting in us" network (that's why sec NIC
installed), because no other server available to dedicate
for pri & sec DNS so we are planning to combine it
together (in 2 diff servers - Pri DNS has VPN server &
Sec DNS has backup server).

The Sec DNS server will be together with backup server
and pretty much the same NIC setting like Pri ones (2
NICs).

FYI these DNS servers will be use for all client's domain
hosted with us. Now these domains hosted in ISP DNS
service but because need more control and cut cost so
will host by ourselves.

Both servers are stand alone servers without AD or DC.


1. I see there is warning like "[WARNING] Cannot find a
primary authoritative DNS server" when I do netdiag, what
cause it?

2. If I just want to listen to internal network A NIC
only but still the DNS works, how to do that? I try
choose the NIC that I use (not all of them) and setup
forwarder to ISP DNS, but in "Monitoring" tab and do DNS
query, result fail except if I choose all NIC.

3. I read somewhere for external only hosting like mine
plans, the DNS should not use AD DNS integrated, is it
right?

4. All other internal network computers will still use
ISP DNS in the TCP/IP DNS client setting except for all
the servers which will use these new DNS server (before
use ISP DNS also). Is this the correct setting after new
pri & sec DNS installed & tested?

5. Looks like the Dns working quite ok but sometimes
timeout if I nslookup from client machine which use ISP
dns, is that because something wrong with the setup?

6. For PTR record/reverse DNS, even though I already
create all PTR for the domains that host in my new DNS
servers but when do nslookup for prt, doesn't work except
the one that has ptr record and still host with ISP DNS.
Do I have to ask ISP or Registrar to change the
authoritative DNS server pointing to our new DNS?? If
that the case how about the domain that still host iwth
ISP DNS and has PTR record when queried??

Really appreciate for every comment replied.
Thanks.

Regards,
Joe
Click to expand...
 
I follow the insruction from that link and skip the part that you told me to
skip.
But still the same error shows when I do netdiag /test:dns /v

For my configuration, do I still have to set in all NIC to use NIC IP of
network B??
And in the NIC IP of network A, I use forwarder to ISP DNS with NIC IP of
network A selected (instead of all IP addresses, choose "Only the following
IP address"?

Right now I set the other way around, and when checking from monitor
tab...the dns query fail

--
Regards,
Joe


Kevin D. Goodknecht Sr. said:
In Joe <[email protected]> posted a question
Then Kevin replied below:

Joe,
This one is popular today, follow this KB article.
292822 - Name resolution and connectivity issues on a Routing and Remote
Access Server that also runs DNS or WINS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q292822

You'll need to add some registry entries and records, Skip the sections
relating to AD and Global Catalog.

I have setup Pri & Sec DNS server in W2K server SP4.
The Pri DNS server will be together with VPN server and
have 2 NIC ( 2 internal IPs - 1 mapping to public IP in
firewall [network A] & the other connect to different
network [network B] with internal IP behind diff
firewall).

Originally just VPN server installed to enable us to
connect to office network from home but also to connect
to "client hosting in us" network (that's why sec NIC
installed), because no other server available to dedicate
for pri & sec DNS so we are planning to combine it
together (in 2 diff servers - Pri DNS has VPN server &
Sec DNS has backup server).

The Sec DNS server will be together with backup server
and pretty much the same NIC setting like Pri ones (2
NICs).

FYI these DNS servers will be use for all client's domain
hosted with us. Now these domains hosted in ISP DNS
service but because need more control and cut cost so
will host by ourselves.

Both servers are stand alone servers without AD or DC.


1. I see there is warning like "[WARNING] Cannot find a
primary authoritative DNS server" when I do netdiag, what
cause it?

2. If I just want to listen to internal network A NIC
only but still the DNS works, how to do that? I try
choose the NIC that I use (not all of them) and setup
forwarder to ISP DNS, but in "Monitoring" tab and do DNS
query, result fail except if I choose all NIC.

3. I read somewhere for external only hosting like mine
plans, the DNS should not use AD DNS integrated, is it
right?

4. All other internal network computers will still use
ISP DNS in the TCP/IP DNS client setting except for all
the servers which will use these new DNS server (before
use ISP DNS also). Is this the correct setting after new
pri & sec DNS installed & tested?

5. Looks like the Dns working quite ok but sometimes
timeout if I nslookup from client machine which use ISP
dns, is that because something wrong with the setup?

6. For PTR record/reverse DNS, even though I already
create all PTR for the domains that host in my new DNS
servers but when do nslookup for prt, doesn't work except
the one that has ptr record and still host with ISP DNS.
Do I have to ask ISP or Registrar to change the
authoritative DNS server pointing to our new DNS?? If
that the case how about the domain that still host iwth
ISP DNS and has PTR record when queried??

Really appreciate for every comment replied.
Thanks.

Regards,
Joe
Click to expand...
Click to expand...
 
Back
Top