--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Darrel" <dl1972####hotmail.com> wrote in message
news:ez2fA7xU...@tk2msftngp13.phx.gbl...
It's recommended NOT to multihome a DNS, DC, or Exchange server or mutliple
issues will occur, and I know, that was discussed in that other thread with
Kevin.
Any specific errors you're getting on a client or the server? If you *think*
it's based on Netlogon's default hourly registration period (in W2k only),
then an error will more than likely appear in the event viewer.
Have you tried changing the forwarder? Try 4.2.2.2.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:%23OP1Bg1...@TK2MSFTNGP09.phx.gbl...
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Darrel" <dl1972####hotmail.com> wrote in message
news:O%23AXjt6U...@TK2MSFTNGP12.phx.gbl...
"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:uMaF$B8UEH...@TK2MSFTNGP09.phx.gbl...
On the external interface, have you disabled MS Client, F&P services and
Netbios?
In DNS server properties, interface tab, have DNS only listen on the
internal interface.
Did changing the forwarder work?
I've also seen this happen if the DNS server is directly connected to an
ADSL router using PPPoE and the router has a time out setting and will drop
the link due to inactivity. Once the connection is broken and the forwarder
is not available, DNS seems to fall asleep and when the connection comes
back up, DNS doesn't, so a restart of the DNS server service will kick it
back to life.
If you do have an ADSL connection directly connected using PPP, check this
out. This is an old article, but it applies to W2k as well:
175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP Link Goes Down
{applies to W2k too]:
http://support.microsoft.com/?id=175436
The only thing I have checked on the external NIC is TCP/IP. The DNS Server
is setup to only listen on the internal interface.
> Did changing the forwarder work?
No, it still loses connection for a few minutes.
> I've also seen this happen if the DNS server is directly connected to an
> ADSL router using PPPoE and the router has a time out setting and will
drop
> the link due to inactivity. Once the connection is broken and the
forwarder
> is not available, DNS seems to fall asleep and when the connection comes
> back up, DNS doesn't, so a restart of the DNS server service will kick it
> back to life.
>
> If you do have an ADSL connection directly connected using PPP, check this
> out. This is an old article, but it applies to W2k as well:
> 175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP Link Goes
Down
> {applies to W2k too]:
> http://support.microsoft.com/?id=175436
>
Don't think this applies to me. I don't have to restart the server to get
the connection back. It just starts working again within a few minutes.
Plus, this never happened until I reconfigured the DNS server last week -
had been working ok for over 2 years.
thanks though!
>> I've also seen this happen if the DNS server is directly connected
>> to an ADSL router using PPPoE and the router has a time out setting
>> and will drop the link due to inactivity. Once the connection is
>> broken and the forwarder is not available, DNS seems to fall asleep
>> and when the connection comes back up, DNS doesn't, so a restart of
>> the DNS server service will kick it back to life.
>>
>> If you do have an ADSL connection directly connected using PPP,
>> check this out. This is an old article, but it applies to W2k as
>> well: 175436 - Microsoft NT4 DNS Stops Forwarding Queries After PPP
>> Link Goes Down {applies to W2k too]:
>> http://support.microsoft.com/?id=175436
>>
> Don't think this applies to me. I don't have to restart the server
> to get the connection back. It just starts working again within a
> few minutes. Plus, this never happened until I reconfigured the DNS
> server last week - had been working ok for over 2 years.
> thanks though!
No prob, just trying to work thru possibilities. So you say you do have
ADSL?
If I may ask, and I know you and Kevin were working on this together, but
what exactly was reconfigured with DNS last week? Usually it's prudent to
look at what was recently changed in determining problem causes with regards
to any tech issues, especially if you believe the problem just started
happening and a change was recently made and especially if it was working
for the past 2 years and all of a suddent it's not working.
Under the zone lan.publicname.com (active directory integrated with secure
updates only), the name of the computer (server1) keeps changing its IP
address to the public IP as a nameserver and host. This last time that it
did it, I just left it at the external address to see if that makes a
difference. I haven't noticed it yet, but I haven't been on the internet
all that much since then, so I'm still checking that out.
I had one other question about the reverse zones. The reverse zone for
192.168.1.x is AD integrated with secure updates only. And the reverse zone
for my public IP is Primary with NO updates. I know that Kevin said for the
forward public zones to NOT allow updates, but he still had the reverse zone
set up to YES updates. I changed it to NO. Which is correct?
thanks again
If you only have one DNS server, I don't understand why you even needed a
delegation. If your AD DNS domain name is:
lan.publicname.com
Then just create that zone in DNS and allow updates. Do you have a parent or
the root domain called publicname.com and do you have a child domain called
lan.publicname.com or is it just the one AD domain name, which is also the
root of your forest, called: lan.publicname.com ? If that's so, I don't see
why a delegation was necessary. It can also invite errors if there's not a
DNS server to "delegate" to. Know what I mean?
Could you elaborate on that for me?
> I had one other question about the reverse zones. The reverse zone
> for 192.168.1.x is AD integrated with secure updates only. And the
> reverse zone for my public IP is Primary with NO updates. I know
> that Kevin said for the forward public zones to NOT allow updates,
> but he still had the reverse zone set up to YES updates. I changed
> it to NO. Which is correct?
> thanks again
Internally its ok to let it allow updates. Externally, there's no need for a
reverse zone, since the public IP is owned by your ISP.
Is that still happening?
Is DNS still only listening on the internal IP on the interfaces tab?
DNS is supposed to use the IP on the listener tab for the IP of the Domain
Controller, that is what is supposed to happen anyway. If DNS is listening
on the internal IP and it is giving the DC host record the public IP
something is amiss, there is a KB article on this I'll have to look it up
and post it when I can find it.
> I had one other question about the reverse zones. The reverse zone
> for 192.168.1.x is AD integrated with secure updates only. And the
> reverse zone for my public IP is Primary with NO updates. I know
> that Kevin said for the forward public zones to NOT allow updates,
> but he still had the reverse zone set up to YES updates. I changed
> it to NO. Which is correct?
> thanks again
Your delegate reverse public zone should be set to no, in fact all you
public zones should be no updates, the inernal private zones should be Only
secure updates, I apologize if I missed that.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
The delegation is to the internal name of the DC
"server1.lan.publicname.com" with its private IP.
Kevin, I was wondering where you were with this... glad you jumped in.
How many DNS servers are there? I'm kind of confused on this. Are there two
DNS servers or is there just one? I thought there was just one server. I'm
not able to make that clear thru the replies. If there's two, and there's
only one internally, where's the other one?
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:uOPwzoSV...@tk2msftngp13.phx.gbl...
YES - right now, the nameserver/host server1.lan.publicname.com under the
lan.publicname.com is my external IP.
> Is DNS still only listening on the internal IP on the interfaces tab?
YES - listens only on internal
> DNS is supposed to use the IP on the listener tab for the IP of the Domain
> Controller, that is what is supposed to happen anyway. If DNS is listening
> on the internal IP and it is giving the DC host record the public IP
> something is amiss, there is a KB article on this I'll have to look it up
> and post it when I can find it.
>
> > I had one other question about the reverse zones. The reverse zone
> > for 192.168.1.x is AD integrated with secure updates only. And the
> > reverse zone for my public IP is Primary with NO updates. I know
> > that Kevin said for the forward public zones to NOT allow updates,
> > but he still had the reverse zone set up to YES updates. I changed
> > it to NO. Which is correct?
> > thanks again
>
> Your delegate reverse public zone should be set to no, in fact all you
> public zones should be no updates, the inernal private zones should be
Only
> secure updates, I apologize if I missed that.
No sweat - that is how it is currently setup. If you need to get back in
with TS, I'll enable it again.
Pardon my ignorance, then why are we delegating? What is being delegated
from what DNS server to what other DNS server? IF there is only one DNS
server, then I'm not seeing the necessity...
Due to a misconfiguration.
As far as my intermittent problem - it seems like it has gone away. Kevin
mentioned that I had a registry key problem -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\PublishA
ddresses
I had my public IP in there and it should have been my private IP. I tried
restarting services, but I was still losing connection. After I restarted
the server, the problem seemed to go away. I'm not sure if the registry
entry was what did it or I just needed to restart, but the registry key was
still wrong!. Thanks for all the help!
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:e1Rho1ZV...@TK2MSFTNGP09.phx.gbl...
Kevin and I talked about this offline. He mentioned the reg key. We both
believe that was probably the cause.
Glad it's working now!
Cheers!
:-)