Announcement

Collapse
No announcement yet.

DNS Forwarding

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Forwarding

    Hello,
    I am trying to trouble shoot a problem I have here at work. We run MS 2003 Server. Our DNS does also forward to another DNS server to resolve some Intranet address. What the problem is, is that it seems like the DNS server does not forward to the forwarding DNS server. I have set up the forwarding and tried Conditional Forwarding and it still seems it will not forward to the forwarding DNS server.
    What is odd and it seems to than work "Resolving Intranet Sites" if I do a ipconfig /release ipconfig /renew the client can than go to the Intranet sites.

    Maybe I do not have a DNS problem but a router or DHCP problem?
    This problem also occurs if the DHCP client has a reserved ip address.

    Any help would be great.
    Thanks....

  • #2
    Re: DNS Forwarding

    first, where are you experiencing the problem, i.e a client station, the server itself...

    second, what is the lease period for your addresses?

    to help us out, start>run> "cmd" then> "c:/> ipconfig/all" and post the results.

    what type of interval do you see this happening? is it daily, once a week, once in a while?

    Our DNS does also forward to another DNS server to resolve some Intranet address.
    i would think that if the site is on the INTRANET, then there would be no need to refer client requests to an external DNS server. it should be within AD's DNS already, assuming you created them and such....

    are there any appliances involved in your network? for example, a websense server, or a nokia checkpoint or other brand firewall, a DNS/DHCP appliance?

    i have some users that do not log off their workstations. then, when they come back in on monday morning, the try to get online to watch youtube or whatever our clients do, and they cannot, because the websense server cannot authenticate them. if they reboot or simply log off and back on, they can browse fine...

    this problem occurs because the permissions for your browsing session are determined by your security group membership. resticted/guest accounts are given no rights, only INTRAnet access; HTTP_level1 is allowed some privileges like web based email and forum/discussion boards; HTTP_level2 is unrestricted with the exception of pron (which is always blocked)...

    if you cannot be authenticated as HTTP1 or 2, then you are assigned to the guest policy. once you reboot and your membership can be determined then all is fine.

    sorry for the long post.. i just wanted to be sure you understood why i was curious about the appliances.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: DNS Forwarding

      Hello,
      Thanks for the reply. The problem is at the workstations. The lease period from DHCP is 8 days. IPCONFIG is listed below. The problem seems to happen once a week on average. It did seem to be worse about a month ago.
      DNS\DHCP are coming from MS 2003 Server.
      The reason that we are forwarding to another DNS server is because the department I am in has its own domain separate from the corporate domain. We forward to the corporate DNS server to be able to access some of the corporate Intranet's web pages.

      Thank you.

      Windows IP Configuration



      Host Name . . . . . . . . . . . . : hart

      Primary Dns Suffix . . . . . . . : tacc.net

      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No

      DNS Suffix Search List. . . . . . : tacc.net

      tacc.net



      Ethernet adapter Local Area Connection:



      Connection-specific DNS Suffix . : tacc.net

      Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

      Physical Address. . . . . . . . . : 00-14-22-27-3C-30

      Dhcp Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      IP Address. . . . . . . . . . . . : 10.77.25.99

      Subnet Mask . . . . . . . . . . . : 255.255.255.192

      Default Gateway . . . . . . . . . : 10.77.25.65

      DHCP Server . . . . . . . . . . . : 10.77.25.126

      DNS Servers . . . . . . . . . . . : 10.77.25.126

      192.168.74.4

      10.77.25.120

      66.63.128.50

      Primary WINS Server . . . . . . . : 10.77.25.126

      Secondary WINS Server . . . . . . : 192.168.74.4

      Lease Obtained. . . . . . . . . . : Monday, October 01, 2007 10:38:26 AM

      Lease Expires . . . . . . . . . . : Tuesday, October 09, 2007 10:38:26 AM




      Originally posted by James Haynes View Post
      first, where are you experiencing the problem, i.e a client station, the server itself...

      second, what is the lease period for your addresses?

      to help us out, start>run> "cmd" then> "c:/> ipconfig/all" and post the results.

      what type of interval do you see this happening? is it daily, once a week, once in a while?



      i would think that if the site is on the INTRANET, then there would be no need to refer client requests to an external DNS server. it should be within AD's DNS already, assuming you created them and such....

      are there any appliances involved in your network? for example, a websense server, or a nokia checkpoint or other brand firewall, a DNS/DHCP appliance?

      i have some users that do not log off their workstations. then, when they come back in on monday morning, the try to get online to watch youtube or whatever our clients do, and they cannot, because the websense server cannot authenticate them. if they reboot or simply log off and back on, they can browse fine...

      this problem occurs because the permissions for your browsing session are determined by your security group membership. resticted/guest accounts are given no rights, only INTRAnet access; HTTP_level1 is allowed some privileges like web based email and forum/discussion boards; HTTP_level2 is unrestricted with the exception of pron (which is always blocked)...

      if you cannot be authenticated as HTTP1 or 2, then you are assigned to the guest policy. once you reboot and your membership can be determined then all is fine.

      sorry for the long post.. i just wanted to be sure you understood why i was curious about the appliances.

      Comment

      Working...
      X