DNS resolves part of the time
lostinDNS
Windows 2003 with Active Directory on a UNIX environment.
I dont know the exact layout of the UNIX network but my computer is a stand
alone Win2003 Active Directory/Exchange 2003 server. I have been asked to
setup a Exchange 2003 test environment using Outlook 2003.
I setup DNS and ran dcdiag /e and all tests pass. Im using static IP with
the Preferred DNS pointed to my server IP. If I go to the command line and
ping MyDomainName.com, server IP, or localhost. I get a response. Name Server
(NS) and Host (A) records appear to be in order.
DNS event viewer shows... DNS Server has updated is own host (A) records. In
order to ensure that its DS-integrated peer DNS servers are able to replicate
with this server, an attemp was made to update them....
Network connectivity appears to be working fine as I can browse the Internet
and have computers connect to me via Remote Desktop (IP) or
Exchange/Outlook(Server Name or IP).
My big problem is, DNS only resolves 50% part of the time. Im running into
problems listed below;
1. adding a user/computer to domain, it wont resolve MyDomainName.com
2. in Outlook 2003, it wont revolve exchange server name, I have to use the
server IP address
3. web address doesnt resolve
I know I might be asking a lot from 1 computer but user load will not exceed
10 people. Any help is much appreciated.
Herb Martin
news:287B6D07-4831-410C...@microsoft.com...
>I think I'm going crazy with my test stup as DNS only works 50% of the
>time.
While I will really have to read the REST of your message,
from just the ABOVE it is quite likely you have your DNS
clients set to use MULTIPLE DNS servers which cannot
ALL resolve ALL names. (Just a guess so far.)
> Windows 2003 with Active Directory on a UNIX environment.
The odds increase (of the above guess.)
> I dont know the exact layout of the UNIX network but my computer is a
> stand
> alone Win2003 Active Directory/Exchange 2003 server. I have been asked to
> setup a Exchange 2003 test environment using Outlook 2003.
>
> I setup DNS and ran dcdiag /e and all tests pass. Im using static IP with
> the Preferred DNS pointed to my server IP.
Where is the alternate pointed?
You CANNOT (reliably) point your DNS client to DIFFERENT
DNS server sets (different in the sense that they don't return the
SAME answers to ALL questions.) <Still just a guess>
> If I go to the command line and
> ping MyDomainName.com, server IP, or localhost. I get a response. Name
> Server
> (NS) and Host (A) records appear to be in order.
Well, unless a service is acting as it's own resolver (NSLookup does)
it will be using the SAME built-in resolver as Ping.
The thing to do here is to test EVERY DNS server listed on the
DNS Client NIC->IP Properties (or showing in IPConfig /all)
for ALL NICs.
Here's how to do this with NSLookup (substitute names and
DNS Server addresses):
nslookup Name.To.Lookup IP.DNS.Server.Preferred
nslookup Name.To.Lookup IP.DNS.Server.Alternate
nslookup Name.To.Lookup IP.DNS.Server.additional
ALL must work equally well, for ALL addresses.
(And if you have two versions of the SAME zone -- e.g., one on
UNIX and one on MS -- then you CANNOT point the client
at both of those reliably.*)
> DNS event viewer shows... DNS Server has updated is own host (A) records.
> In
> order to ensure that its DS-integrated peer DNS servers are able to
> replicate
> with this server, an attemp was made to update them....
Also make sure the zone is Dynamic.
*Your DNS client (this DNS server is ALSO a DNS client) must ONLY
be able to find the DYNAMIC DNS server (version) of the zone if
you have two versions.
> Network connectivity appears to be working fine as I can browse the
> Internet
> and have computers connect to me via Remote Desktop (IP) or
> Exchange/Outlook(Server Name or IP).
>
> My big problem is, DNS only resolves 50% part of the time. Im running into
> problems listed below;
Sounds very much like you have two (different) sets of DNS
servers configured on the Client setttings.
> 1. adding a user/computer to domain, it wont resolve MyDomainName.com
> 2. in Outlook 2003, it wont revolve exchange server name, I have to use
> the
> server IP address
> 3. web address doesnt resolve
>
> I know I might be asking a lot from 1 computer but user load will not
> exceed
> 10 people. Any help is much appreciated.
No, as far as I could tell you haven't asked very much at all.
Show us your IPconfig /all (paste the text, don't type it, and don't
paste a graphic) from the output of this command.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
lostinDNS
You are correct that I am pointing the Primary DNS to the Windows Box and
Alternate DNS pointing to the UNIX nameserver. I have removed the alternate
UNIX nameserver and it appears my box can resolve MyDomainName properly. I
will test more boxes to verify but so far its looking good.
So now that I have my boxes pointing to the Primary DNS (Windows), I will
have to browse the internet by IP address :) I'm guessing in order for me to
browse the internet, I have 2 options?
1. Have the company update their DNS files and add MyDomainName. (highly
unlikely)
2. Register the test domain and have it propagate through the authoratative
nameservers
Thank you very much, you would not believe how much of a headache you have
saved me on my 1st issue.
Herb Martin
> Thanks for your quick response Herb,
>
> You are correct that I am pointing the Primary DNS to the Windows Box and
> Alternate DNS pointing to the UNIX nameserver. I have removed the
> alternate
> UNIX nameserver and it appears my box can resolve MyDomainName properly. I
> will test more boxes to verify but so far its looking good.
Ok, so you likely are holding TWO DIFFERENT versions
of this zone -- which is POSSIBLE but more work and easy
to mess up.
If that is true, then you must MANUALLY make EVERY
change (your clients care about) to BOTH the UNIX and
also to the Windows version of the DNS zone.
This is generally a poor design for INTERNAL DNS, but
it is common for External (the Internet) and Internal (Windows
even UNIX etc) versions of the same zone.
It isn't so bad in the Internet/internal case because you seldom
have many records on the external version to maintain internally
AND they seldom change.
But if you are doing this for two INTERNAL networks (say Unix
is one and Windows is another) it can become quite tedious if
not unworkable.
Usually the best advice is TWO domains but if it is too late
for that (and it sounds like it is) then it's BEST to make the
Windows server the PRIMARY or MASTER of the zone,
and have the Unix DNS become secondaries (or remove them.)
Really.
> So now that I have my boxes pointing to the Primary DNS (Windows), I will
> have to browse the internet by IP address :) I'm guessing in order for me
> to
> browse the internet, I have 2 options?
No, you can FORWARD from the Windows DNS to the
UNIX DNS for any zone that that the Windows DNS does
not already hold locally.
This means if the UNIX DNS can resolve the Internet
and you forward to them then the Windows DNS can
resolve the Internet too.
Or you coudl just forward to a firewall/caching only
DNS that takes care of the Internet resolution etc.
(Depends on your setup to the Internet.)
> 1. Have the company update their DNS files and add MyDomainName. (highly
> unlikely)
Two points: IF your domainname is DIFFERENT from the
UNIX zone name then you have NO problem with the Internet
or resolving ANYTHING if you just forward to the UNIX
or other appropriate DNS.
AND if you are planning or have a SINGLE LABEL DNS
name for a Windows Domain you have other problems.
Ok, it's THREE THINGS:
The UNIX should ONLY need to add your domain name
IF your domain is a CHILD of their zone.
In that case they SHOULD do it (it should be HIGHLY LIKELY,
not unlikely if they know what they are doing and you are following
the rules, e.g., not hacking.)
> 2. Register the test domain and have it propagate through the
> authoratative
> nameservers
If your zone is NOT a child of the UNIX this is more likely to
work but I would need to discuss you exact names and the
entire name space (including Internet) design to be certain.
> Thank you very much, you would not believe how much of a headache you have
> saved me on my 1st issue.
Glad to help.
lostinDNS
the UNIX namesevers
Open up DNS Snap-In
1. right click on your DNS server, go to properties
2. click on forwarders
3. add the UNIX nameservers
4. press ok
So far so good, my client machines can surf the web, hit my webserver, route
email, etc.
Thanks again for all your help.
Herb Martin
>I think my problem is fixed. I went into the DNS control panel to forward
>to
> the UNIX namesevers
>
Did you understand that this is (correct AND) only effective
for zones you internal server does not hold?
You must manually duplicate any external records if you
internal server also needs to resolve external computers
with names from it's own zone(s).
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
> Open up DNS Snap-In