Zones not found by caching-only DNS Server

  • Thread starter Thread starter Eve Lynes
  • Start date Start date
E

Eve Lynes

Hello,

I am setting up a caching-only DNS server on a W2K AD domain, and have
run into a problem of it not locating all the zones installed on the
authoritative dns server. I don't want to install secondary zones on
this new server, because it is on the far side of a WAN link, but I am
not sure what else I can do.

Here is a longer description:

Once DNS was installed, the new server immediately populated it's DNS
with the forward and reverse lookup zones it belongs to using it's own
ip configuration. So, if the new server is called C.company.global,
the zones for "company.global" popped in.

On the authoritative dns server C is pointing to, there is also a
primary zone, "company.com," which has the private records for our
webservers (ie, we are behind a nat-enabled firewall). When I try to
find www.company.com from a host pointing to C, it doesn't do the
right thing. It returns the public Internet address for
www.company.com, which actually fails because the firewall can't
figure out how to return the packets.

Why didn't it find the zone pointing to the private address on the
authoritative server?

Thanks for any help.

- Eve

======================================
Eve Lynes, Information Systems Manager
Teton County Government
P.O.Box 3594
200 South Willow Street
Jackson, WY 83001
voice: 307-732-8460
cell: 307-690-3838
fax: 307-733-4451
e-mail: (e-mail address removed)

Please visit us at www.tetonwyo.org
======================================
 
I would guess C is pointing to both Public and Private Forwarders or using
root-hints to resolve the name and is using a public DNS server to do it -
so you get the public IP back. To force private, setup a seconday or using
forward zones (w2k3 only) to force that private zone to be used.
 
In
Eve Lynes said:
Hello,

I am setting up a caching-only DNS server on a W2K AD domain, and have
run into a problem of it not locating all the zones installed on the
authoritative dns server. I don't want to install secondary zones on
this new server, because it is on the far side of a WAN link, but I am
not sure what else I can do.

Here is a longer description:

Once DNS was installed, the new server immediately populated it's DNS
with the forward and reverse lookup zones it belongs to using it's own
ip configuration. So, if the new server is called C.company.global,
the zones for "company.global" popped in.

On the authoritative dns server C is pointing to, there is also a
primary zone, "company.com," which has the private records for our
webservers (ie, we are behind a nat-enabled firewall). When I try to
find www.company.com from a host pointing to C, it doesn't do the
right thing. It returns the public Internet address for
www.company.com, which actually fails because the firewall can't
figure out how to return the packets.

Why didn't it find the zone pointing to the private address on the
authoritative server?

Thanks for any help.

- Eve
Click to expand...

In addition to William's suggestions, is this on a DC? DCs will do that if
the zones are AD Integrated.

WIth caching servers, the idea is to forward requests elsewhere. Did you
setup a forwarder to the AUthorative DNS?

If this DNS is a DC, and the zone is AD Integrated, why fight it and just
let the zone populate and use it? Its replicating thru the AD replication
process anyway.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Hello, thanks so much for your input. I am very pleased to say that
your suggestions worked. This caching-only dns server is an AD, and
Ace's suggestion to add the authoritative dns server as a forwarder
worked. I can now find all the W2K servers in all the zones on the
authoritative dns server - AD Integrated Zones and Primary Zones
alike. I will have to add a manual entry for the NT4 Servers on my
network.

Thanks!!!!

Eve
 
In
Eve Lynes said:
Hello, thanks so much for your input. I am very pleased to say that
your suggestions worked. This caching-only dns server is an AD, and
Ace's suggestion to add the authoritative dns server as a forwarder
worked. I can now find all the W2K servers in all the zones on the
authoritative dns server - AD Integrated Zones and Primary Zones
alike. I will have to add a manual entry for the NT4 Servers on my
network.

Thanks!!!!

Eve
Click to expand...

Cool! Glad I was of assistance!

:-)

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top