Announcement

Collapse
No announcement yet.

Win2K3 DNS Server in NT 4 Domain!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win2K3 DNS Server in NT 4 Domain!

    Hi,

    I'm trying to make a windows server 2003 as a Primary DNS Server in NT 4 Domain. When I go to the Monitoring Tab and test, it pass the Simple Query Test but it Failed the Recursive Query to other DNS Server.

    Once it's failed, i see the in the DNS Console Red Mark, Automated Test Query Failed.

    Any help?
    ================================
    HND: Higher National Diploma in
    Computer Science(IT)


    Passed:
    MCSA+Security 2003, VCP3, VCP4
    Done:VMware DSA
    ================================[/COLOR]

  • #2
    Re: Win2K3 DNS Server in NT 4 Domain!

    What's the event in DNS log when the query fails......?

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Win2K3 DNS Server in NT 4 Domain!

      Are you using forwarders? If so, it could be that those forwarders don't support recursive queries. The easiest way to test this is to run nslookup using the server(s) you have as forwarders and see if they resolve names they're not authoritative for. If they don't then that's probably the problem but it shouldn't affect your internal DNS operations. I would recommend using the root hints and not using forwarders.

      Comment


      • #4
        Re: Win2K3 DNS Server in NT 4 Domain!

        Originally posted by joeqwerty View Post
        Are you using forwarders? If so, it could be that those forwarders don't support recursive queries. The easiest way to test this is to run nslookup using the server(s) you have as forwarders and see if they resolve names they're not authoritative for. If they don't then that's probably the problem but it shouldn't affect your internal DNS operations. I would recommend using the root hints and not using forwarders.
        Hi,
        Yes, I'm using Forwarders. What I need to do is and this is the correct DNS Infrastructure Setup to let the DNS Server to forward the Internal Internet Request to the External DNS Servers.

        I have the ISA Server setup with two NICs, WAN and LAN. The WAN Nic is configured with the External ADSL IP Schema Addressing which is 10.0.0.x and the LAN Nic is using 128.x.x.x Schema. Currently, the WAN Nic is having the DNS Server "ADSL Router IP" Configured to go out to the Internet.

        The correct Setup for the ISA Server is to let the WAN Nic having only the IP Address and the Gateway, without any additional IP Addresses. And the LAN Nic is should have the Internal IP Address as well as the Internal DNS Sever or the DC IP Address if it;s the DNS Integrated Active Directory, and the client should point to this DNS Server for querying External Addresses or Websites.

        Do you think if I remove the Forwarders, the clients will be able to Query External Websites by using the Internal DNS Server?

        Thanx,

        habibalby
        ================================
        HND: Higher National Diploma in
        Computer Science(IT)


        Passed:
        MCSA+Security 2003, VCP3, VCP4
        Done:VMware DSA
        ================================[/COLOR]

        Comment


        • #5
          Re: Win2K3 DNS Server in NT 4 Domain!

          Originally posted by kapilsharma11 View Post
          What's the event in DNS log when the query fails......?

          Regards,
          Hi,
          I have no Error Events in the DNS Console Events.

          BR,
          Habibalby
          ================================
          HND: Higher National Diploma in
          Computer Science(IT)


          Passed:
          MCSA+Security 2003, VCP3, VCP4
          Done:VMware DSA
          ================================[/COLOR]

          Comment


          • #6
            Re: Win2K3 DNS Server in NT 4 Domain!

            Your post is a little confusing to me as I have never used ISA. As for forwarders, it's neither correct nor incorrect to use them, it's your preference. I prefer to use the root hints only so that my DNS server can resolve all requests for clients instead of relying on my ISP's DNS servers. Make sure that your internal DNS server is set to listen on the internal address only and make sure that only the WAN NIC has a default gateway. Hope this helps.

            Comment


            • #7
              Re: Win2K3 DNS Server in NT 4 Domain!

              Hi joe,

              It's not confusing, but the correct DNS Infrastructure Setup is this. I have implemented so many networks like this way, and this is the first time i'm facing this problem. In my previous setup, i always using the ISP DNS as the forwarder in the DNS Server and it works fine when i query for any domain using NSLOOKUP.

              As what you have suggested, i have removed the ISP As forwarder and i kept it empty, and removed the DNS of the router from the WAN NIC in the ISA Server and set the LAN NIC to use the Internal DNS. Result = Internet is Not working and Resolving cannot be done.

              Any help?
              ================================
              HND: Higher National Diploma in
              Computer Science(IT)


              Passed:
              MCSA+Security 2003, VCP3, VCP4
              Done:VMware DSA
              ================================[/COLOR]

              Comment


              • #8
                Re: Win2K3 DNS Server in NT 4 Domain!

                How are your clients configured at the moment??

                In an ideal situation your internal clients should be pointing to an internal DNS server for name resolution. Your DNS server then has the server pointing to itself for DNS resolution.

                Within the DNS console on the server you should have your forwarders set to the DNS server of your ISP (or whatever DNS server you want)

                How exactly are your clients interacting with your server.

                What primary DNS server does your server point to??

                Can you ping the external DNS server?? (Some servers you can't ping)

                Comment


                • #9
                  Re: Win2K3 DNS Server in NT 4 Domain!

                  Originally posted by wullieb1 View Post
                  How are your clients configured at the moment??

                  In an ideal situation your internal clients should be pointing to an internal DNS server for name resolution. Your DNS server then has the server pointing to itself for DNS resolution.

                  Within the DNS console on the server you should have your forwarders set to the DNS server of your ISP (or whatever DNS server you want)

                  How exactly are your clients interacting with your server.

                  What primary DNS server does your server point to??

                  Can you ping the external DNS server?? (Some servers you can't ping)
                  Hi,
                  I agree with you entirely, in ideal situation the clients must be pointing to the internal DNS Server and the Internal DNS Server is pointing to itself, once the request comes from the internal clients, the DNS Server will forward the request to external DNS Server via the forwarders.

                  Currenlty, the ISA Server is configured with Two NICs.
                  WAN 10.0.0.x and LAN 128.0.0.x. The WAN NIC Configured with D.Gateway and a DNS Server IP Address which is the Router IP Address. The LAN NIC is conifgured without a D.Gateway and the DNS Server is pointing to the Internal DNS Server on 128.x.x.x segment.

                  The correct design of the ISA Server, the WAN NIC shouldn't be configured with a DNS Server IP or any other configuration other than the D.Gateway.

                  The clients are pointing to the Internal DNS Server on 128.x.x.x segment, but when i NSLookup querying for external Domain, i get Request timeout.

                  Browsing, is working, because the WAN NIC of the ISA Server is configured with a DNS Server IP Address. If i remove this DNS Server IP from the WAN Link, and relying on the Internal DNS Server for forwarding, it doesn't forward the request nor the Internet is working.



                  I cannot pint an external DNS Server, may be due to ICMP restriction

                  C:\>ping ns.batelco.com.bh

                  Pinging ns.batelco.com.bh [193.188.97.197] with 32 bytes of data:

                  Request timed out.
                  Request timed out.
                  Request timed out.
                  Request timed out.

                  Ping statistics for 193.188.97.197:
                  Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
                  Approximate round trip times in milli-seconds:
                  Minimum = 0ms, Maximum = 0ms, Average = 0ms

                  FYI, the Rule in ISA Server is Allow ALL Protocols from Internal Network to External Network.

                  BR,
                  Habibalby
                  Last edited by habibalby; 17th January 2008, 06:57.
                  ================================
                  HND: Higher National Diploma in
                  Computer Science(IT)


                  Passed:
                  MCSA+Security 2003, VCP3, VCP4
                  Done:VMware DSA
                  ================================[/COLOR]

                  Comment


                  • #10
                    Re: Win2K3 DNS Server in NT 4 Domain!

                    Just view the ISA logging if ICMP is blocked.
                    I thought that ICMP doens't belong to all outbound traffic.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Win2K3 DNS Server in NT 4 Domain!

                      Can you post your ipconfig /all from the ISA server here?
                      BTW why are you using 128.104.0.0 addresses - they aren't in the private ranges.
                      TIA

                      Steven Teiger [SBS-MVP(2003-2009)]
                      http://www.wintra.co.il/
                      sigpic
                      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                      We donít stop playing because we grow old, we grow old because we stop playing.

                      Comment


                      • #12
                        Re: Win2K3 DNS Server in NT 4 Domain!

                        Why doesn't your DNS server have a Default Gateway??

                        Comment


                        • #13
                          Re: Win2K3 DNS Server in NT 4 Domain!

                          Originally posted by wullieb1 View Post
                          Why doesn't your DNS server have a Default Gateway??
                          Bingo! How do you expect the DNS to be able to resolve anything if it cannot access any external networks? Also, why aren't the DC and the client using the DNS's IP as their DNS server?
                          Cheers,

                          Daniel Petri
                          Microsoft Most Valuable Professional - Active Directory Directory Services
                          MCSA/E, MCTS, MCITP, MCT

                          Comment

                          Working...
                          X