DNS questions

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

This may be same or similar to other post-sorry.

I have a dns server on my network which has entries
for "local" servers. I have 2 dns entries in my client
network setup, one for the local dns server and one for my
isp's. If I put the isp dns entry as my primary one, I
can't ping local servers by their full dns names. If I
move my local dns server up to the top, I can ping OK.
Why is this ? I thought if the primary one cannot resolve
the name, the client would try the second one ??

If the answer is to delete the "." entry in my forward
lookup zones and put forwarder info there, I don't see
a "." entry. Or is the "." entry a generic term for
something else ??

Thanks
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Dave,

External DNS servers cannot resolve names to internal IP's. This is why your primary internal DNS server should point to itself. Please leave your "." entries as is.
--
Jason Parks
MCSE, MCDBA, MCAD
www.moonlight-it.com


"Dave McDuell" wrote:

> This may be same or similar to other post-sorry.
>
> I have a dns server on my network which has entries
> for "local" servers. I have 2 dns entries in my client
> network setup, one for the local dns server and one for my
> isp's. If I put the isp dns entry as my primary one, I
> can't ping local servers by their full dns names. If I
> move my local dns server up to the top, I can ping OK.
> Why is this ? I thought if the primary one cannot resolve
> the name, the client would try the second one ??
>
> If the answer is to delete the "." entry in my forward
> lookup zones and put forwarder info there, I don't see
> a "." entry. Or is the "." entry a generic term for
> something else ??
>
> Thanks
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

"Dave McDuell" <anonymous@discussions.microsoft.com> wrote in message
news:1f7fa01c457d3$6b0bd4f0$a401280a@phx.gbl...
> This may be same or similar to other post-sorry.
>
> I have a dns server on my network which has entries
> for "local" servers. I have 2 dns entries in my client
> network setup, one for the local dns server and one for my
> isp's.

All internal clients should be configures as above.

>If I put the isp dns entry as my primary one, I
> can't ping local servers by their full dns names. If I

And this will occur unles the INTERNAL servers are
configured to use the ISP DNS (or equivalent external
DNS servers) as FORWARDERS.

> move my local dns server up to the top, I can ping OK.

Don't do that -- even though it "seems" to work it is
unreliably and the source of many "intermittant errors",
often giving admins the mistaken impression that name
resolution or Active Directory are unreliable since they
don't understand the real problem.

> Why is this ? I thought if the primary one cannot resolve
> the name, the client would try the second one ??

No. Clients assume that EVERY DNS server will return
the same -- and the correct -- answer, even if that is "Name
not found." (aka, negative response.)

> If the answer is to delete the "." entry in my forward
> lookup zones and put forwarder info there, I don't see
> a "." entry. Or is the "." entry a generic term for
> something else ??

If you don't have a "." root zone on your DNS servers then
you can skip that step and just configure the FORWARDER
property sheet.

Those who have the "." zone (yes, literally that name) have
their forwarders configuration GREYED out and DISABLED.

If yours is enable then you can just configure it.

While we are on the subject, make sure that ALL of your
clients are configured to point ONLY to the internal DNS
server (set).

Clients include DCs, DNS servers themselves, and in other
"internal server."

(Even my ISA box which is part of my firewall is a "member"
machine of the internal domain and must override the automatic
setting it gets from the ISP when it does DHCP client etc...)




--
Herb Martin


>
> Thanks
 
Archived from groups: microsoft.public.win2000.dns (More info?)

"J Parks" <JParks@discussions.microsoft.com> wrote in message
news:32E1BA5D-BC61-4B73-936D-75031D77EF4E@microsoft.com...
> Dave,
>
> External DNS servers cannot resolve names to internal IP's. This is why
your primary internal DNS server should point to itself. Please leave your
"." entries as is.
> --


Almost everyone should delete the "." root entry -- unless
they specifically need it -- and then they likely created and
understand it.

People with one or only a few domains should dump it
99.9% of the time.

--
Herb Martin


> Jason Parks
> MCSE, MCDBA, MCAD
> www.moonlight-it.com
>
>
> "Dave McDuell" wrote:
>
> > This may be same or similar to other post-sorry.
> >
> > I have a dns server on my network which has entries
> > for "local" servers. I have 2 dns entries in my client
> > network setup, one for the local dns server and one for my
> > isp's. If I put the isp dns entry as my primary one, I
> > can't ping local servers by their full dns names. If I
> > move my local dns server up to the top, I can ping OK.
> > Why is this ? I thought if the primary one cannot resolve
> > the name, the client would try the second one ??
> >
> > If the answer is to delete the "." entry in my forward
> > lookup zones and put forwarder info there, I don't see
> > a "." entry. Or is the "." entry a generic term for
> > something else ??
> >
> > Thanks
> >
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks for all the info. I'm a little confused by what
seems to a 2 conflicting staements, though. In the first
part of my oringinal post, I say I have 2 dns entries in
each client -- one set to my local dns server and one set
to my isp's dns server. Your response is that clients
should be "configured as above".

Later you state that clients should only point to internal
dns server set. If this is true then the clients use the
forwarders configured on the internal dns server set to
resolve names not found directly on the internal dns
server set ??
It seems dns can take 10 words to explain and a lifetime
to master.

Thanks


>-----Original Message-----
>"Dave McDuell" <anonymous@discussions.microsoft.com>
wrote in message
>news:1f7fa01c457d3$6b0bd4f0$a401280a@phx.gbl...
>> This may be same or similar to other post-sorry.
>>
>> I have a dns server on my network which has entries
>> for "local" servers. I have 2 dns entries in my client
>> network setup, one for the local dns server and one for
my
>> isp's.
>
>All internal clients should be configures as above.
>
>>If I put the isp dns entry as my primary one, I
>> can't ping local servers by their full dns names. If I
>
>And this will occur unles the INTERNAL servers are
>configured to use the ISP DNS (or equivalent external
>DNS servers) as FORWARDERS.
>
>> move my local dns server up to the top, I can ping OK.
>
>Don't do that -- even though it "seems" to work it is
>unreliably and the source of many "intermittant errors",
>often giving admins the mistaken impression that name
>resolution or Active Directory are unreliable since they
>don't understand the real problem.
>
>> Why is this ? I thought if the primary one cannot
resolve
>> the name, the client would try the second one ??
>
>No. Clients assume that EVERY DNS server will return
>the same -- and the correct -- answer, even if that
is "Name
>not found." (aka, negative response.)
>
>> If the answer is to delete the "." entry in my forward
>> lookup zones and put forwarder info there, I don't see
>> a "." entry. Or is the "." entry a generic term for
>> something else ??
>
>If you don't have a "." root zone on your DNS servers then
>you can skip that step and just configure the FORWARDER
>property sheet.
>
>Those who have the "." zone (yes, literally that name)
have
>their forwarders configuration GREYED out and DISABLED.
>
>If yours is enable then you can just configure it.
>
>While we are on the subject, make sure that ALL of your
>clients are configured to point ONLY to the internal DNS
>server (set).
>
>Clients include DCs, DNS servers themselves, and in other
>"internal server."
>
>(Even my ISA box which is part of my firewall is
a "member"
>machine of the internal domain and must override the
automatic
>setting it gets from the ISP when it does DHCP client
etc...)
>
>
>
>
>--
>Herb Martin
>
>
>>
>> Thanks
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1fc9001c4589c$984d6d10$a301280a@phx.gbl,
Dave McDuell <anonymous@discussions.microsoft.com> posted a question
Then Kevin replied below:
> Thanks for all the info. I'm a little confused by what
> seems to a 2 conflicting staements, though. In the first
> part of my oringinal post, I say I have 2 dns entries in
> each client -- one set to my local dns server and one set
> to my isp's dns server. Your response is that clients
> should be "configured as above".

Let me clarify, do not use your ISP's DNS in any position on an Active
Directory domain member, period.


> Later you state that clients should only point to internal
> dns server set. If this is true then the clients use the
> forwarders configured on the internal dns server set to
> resolve names not found directly on the internal dns
> server set ??
> It seems dns can take 10 words to explain and a lifetime
> to master.

Point all AD Domain members and Domain Controllers, only to the internal DNS
server that hosts the AD Domain zone, if you have only one, use only one.
Non members do not have to use the internal DNS but, DNS stores the location
info on your local network, as far as client IP addresses go and you can
connect to the servers by their DNS name (\\server.domain.com)


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

"Dave McDuell" <anonymous@discussions.microsoft.com> wrote in message
news:1fc9001c4589c$984d6d10$a301280a@phx.gbl...
> Thanks for all the info. I'm a little confused by what
> seems to a 2 conflicting staements, though. In the first
> part of my oringinal post, I say I have 2 dns entries in
> each client -- one set to my local dns server and one set
> to my isp's dns server. Your response is that clients
> should be "configured as above".

As above in "my explantion": The local DNS ONLY,
leave out the ISP.

Sorry for the confusion.

> Later you state that clients should only point to internal
> dns server set. If this is true then the clients use the
> forwarders configured on the internal dns server set to
> resolve names not found directly on the internal dns
> server set ??

Maybe I moved the paragraphs around trying to make it
more clear and screwed it up.

> It seems dns can take 10 words to explain and a lifetime
> to master.

Actually, when you "get it" you get it. The weird thing
about DNS is actually the opposite -- with the GUI it is
so easy to get simple setups correct that many people who
don't really understand it thing that they do.

I know this was true for me -- the first time I ever played
with DNS I used the MS GUI and 20 minutes later had
a production setup working.

Boy did I have a lot to learn, but none of it was really that
hard.

--
Herb Martin


>
> Thanks
>
>
> >-----Original Message-----
> >"Dave McDuell" <anonymous@discussions.microsoft.com>
> wrote in message
> >news:1f7fa01c457d3$6b0bd4f0$a401280a@phx.gbl...
> >> This may be same or similar to other post-sorry.
> >>
> >> I have a dns server on my network which has entries
> >> for "local" servers. I have 2 dns entries in my client
> >> network setup, one for the local dns server and one for
> my
> >> isp's.
> >
> >All internal clients should be configures as above.
> >
> >>If I put the isp dns entry as my primary one, I
> >> can't ping local servers by their full dns names. If I
> >
> >And this will occur unles the INTERNAL servers are
> >configured to use the ISP DNS (or equivalent external
> >DNS servers) as FORWARDERS.
> >
> >> move my local dns server up to the top, I can ping OK.
> >
> >Don't do that -- even though it "seems" to work it is
> >unreliably and the source of many "intermittant errors",
> >often giving admins the mistaken impression that name
> >resolution or Active Directory are unreliable since they
> >don't understand the real problem.
> >
> >> Why is this ? I thought if the primary one cannot
> resolve
> >> the name, the client would try the second one ??
> >
> >No. Clients assume that EVERY DNS server will return
> >the same -- and the correct -- answer, even if that
> is "Name
> >not found." (aka, negative response.)
> >
> >> If the answer is to delete the "." entry in my forward
> >> lookup zones and put forwarder info there, I don't see
> >> a "." entry. Or is the "." entry a generic term for
> >> something else ??
> >
> >If you don't have a "." root zone on your DNS servers then
> >you can skip that step and just configure the FORWARDER
> >property sheet.
> >
> >Those who have the "." zone (yes, literally that name)
> have
> >their forwarders configuration GREYED out and DISABLED.
> >
> >If yours is enable then you can just configure it.
> >
> >While we are on the subject, make sure that ALL of your
> >clients are configured to point ONLY to the internal DNS
> >server (set).
> >
> >Clients include DCs, DNS servers themselves, and in other
> >"internal server."
> >
> >(Even my ISA box which is part of my firewall is
> a "member"
> >machine of the internal domain and must override the
> automatic
> >setting it gets from the ISP when it does DHCP client
> etc...)
> >
> >
> >
> >
> >--
> >Herb Martin
> >
> >
> >>
> >> Thanks
> >
> >
> >.
> >
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1fc9001c4589c$984d6d10$a301280a@phx.gbl,
Dave McDuell <anonymous@discussions.microsoft.com> posted their thoughts,
then I offered mine
> Thanks for all the info. I'm a little confused by what
> seems to a 2 conflicting staements, though. In the first
> part of my oringinal post, I say I have 2 dns entries in
> each client -- one set to my local dns server and one set
> to my isp's dns server. Your response is that clients
> should be "configured as above".
>
> Later you state that clients should only point to internal
> dns server set. If this is true then the clients use the
> forwarders configured on the internal dns server set to
> resolve names not found directly on the internal dns
> server set ??
> It seems dns can take 10 words to explain and a lifetime
> to master.
>
> Thanks

Just to verify and confirm what Kevin and Herb are saying, do NOT use your
ISP's DNS for anything on your internal clients and/or DCs, other than just
as a forwarder.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:epv$zCRWEHA.2972@TK2MSFTNGP12.phx.gbl,
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com>
posted a question
Then Kevin replied below:
> Just to verify and confirm what Kevin and Herb are saying, do NOT use
> your ISP's DNS for anything on your internal clients and/or DCs,
> other than just as a forwarder.

Do you think he is getting the picture now? :-D

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks so much for your time and Patience !! I may
actually be getting it.


>-----Original Message-----
>"Dave McDuell" <anonymous@discussions.microsoft.com>
wrote in message
>news:1fc9001c4589c$984d6d10$a301280a@phx.gbl...
>> Thanks for all the info. I'm a little confused by what
>> seems to a 2 conflicting staements, though. In the
first
>> part of my oringinal post, I say I have 2 dns entries in
>> each client -- one set to my local dns server and one
set
>> to my isp's dns server. Your response is that clients
>> should be "configured as above".
>
>As above in "my explantion": The local DNS ONLY,
>leave out the ISP.
>
>Sorry for the confusion.
>
>> Later you state that clients should only point to
internal
>> dns server set. If this is true then the clients use
the
>> forwarders configured on the internal dns server set to
>> resolve names not found directly on the internal dns
>> server set ??
>
>Maybe I moved the paragraphs around trying to make it
>more clear and screwed it up.
>
>> It seems dns can take 10 words to explain and a lifetime
>> to master.
>
>Actually, when you "get it" you get it. The weird thing
>about DNS is actually the opposite -- with the GUI it is
>so easy to get simple setups correct that many people who
>don't really understand it thing that they do.
>
>I know this was true for me -- the first time I ever
played
>with DNS I used the MS GUI and 20 minutes later had
>a production setup working.
>
>Boy did I have a lot to learn, but none of it was really
that
>hard.
>
>--
>Herb Martin
>
>
>>
>> Thanks
>>
>>
>> >-----Original Message-----
>> >"Dave McDuell" <anonymous@discussions.microsoft.com>
>> wrote in message
>> >news:1f7fa01c457d3$6b0bd4f0$a401280a@phx.gbl...
>> >> This may be same or similar to other post-sorry.
>> >>
>> >> I have a dns server on my network which has entries
>> >> for "local" servers. I have 2 dns entries in my
client
>> >> network setup, one for the local dns server and one
for
>> my
>> >> isp's.
>> >
>> >All internal clients should be configures as above.
>> >
>> >>If I put the isp dns entry as my primary one, I
>> >> can't ping local servers by their full dns names.
If I
>> >
>> >And this will occur unles the INTERNAL servers are
>> >configured to use the ISP DNS (or equivalent external
>> >DNS servers) as FORWARDERS.
>> >
>> >> move my local dns server up to the top, I can ping
OK.
>> >
>> >Don't do that -- even though it "seems" to work it is
>> >unreliably and the source of many "intermittant
errors",
>> >often giving admins the mistaken impression that name
>> >resolution or Active Directory are unreliable since
they
>> >don't understand the real problem.
>> >
>> >> Why is this ? I thought if the primary one cannot
>> resolve
>> >> the name, the client would try the second one ??
>> >
>> >No. Clients assume that EVERY DNS server will return
>> >the same -- and the correct -- answer, even if that
>> is "Name
>> >not found." (aka, negative response.)
>> >
>> >> If the answer is to delete the "." entry in my
forward
>> >> lookup zones and put forwarder info there, I don't
see
>> >> a "." entry. Or is the "." entry a generic term for
>> >> something else ??
>> >
>> >If you don't have a "." root zone on your DNS servers
then
>> >you can skip that step and just configure the FORWARDER
>> >property sheet.
>> >
>> >Those who have the "." zone (yes, literally that name)
>> have
>> >their forwarders configuration GREYED out and DISABLED.
>> >
>> >If yours is enable then you can just configure it.
>> >
>> >While we are on the subject, make sure that ALL of your
>> >clients are configured to point ONLY to the internal
DNS
>> >server (set).
>> >
>> >Clients include DCs, DNS servers themselves, and in
other
>> >"internal server."
>> >
>> >(Even my ISA box which is part of my firewall is
>> a "member"
>> >machine of the internal domain and must override the
>> automatic
>> >setting it gets from the ISP when it does DHCP client
>> etc...)
>> >
>> >
>> >
>> >
>> >--
>> >Herb Martin
>> >
>> >
>> >>
>> >> Thanks
>> >
>> >
>> >.
>> >
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:OcITjESWEHA.1760@TK2MSFTNGP10.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> posted their thoughts,
then I offered mine
>> Just to verify and confirm what Kevin and Herb are saying, do NOT use
>> your ISP's DNS for anything on your internal clients and/or DCs,
>> other than just as a forwarder.
>
> Do you think he is getting the picture now? :-D
>
> --

I thnk he's got it now! 🙂



--
Ace