Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > DNS Server > internal DNS (windows server) conflict with external DNS (ISP) - f

Reply
Thread Tools Display Modes

internal DNS (windows server) conflict with external DNS (ISP) - f

 
 
randyv
Guest
Posts: n/a

 
      09-16-2004
I'm having a frustrating problem.

I have an internal DNS set up on our Windows2000 Advanced Server. This DNS
resolves our server names to their internal IPs for folks at the corporate
office. That's all it really does, there are no forwarders, nor is it really
'public' - not publishing/syncing 'internal' IPs for our server names with
other DNS servers.
We have an external DNS that resolves our server names to their external IP
addresses - the DNS service is supplied by our ISP.

Corporate users for the most part are using WindowsXP Pro. Their TCP/IP
properties are set to use an internal DHCP server to get their IP address
(this runs behind our corporate firewall). The DNS servers however are set
- one (internal DNS) is primary and alternate is our ISP's external DNS.

The idea here was that these corporate clients would always resolve at the
primary first - hence all our server names would get the proper (internal) IP
for the users
at corporate, and all external names (like www.google.com) would resolve at
the alternate (external) DNS server at our ISP. External (branch) users
would always resolve the server names with their external IP addresses using
the external DNS provided by our ISP.

PROBLEM DESCRIPTION -
What happens is that when a corporat user's WindowsXP Pro client reboots,
for some reason, the company server names try to resolve to the external name
server (alternate not primary DNS), which resolves to an external IP address.
Since our firewall keeps the corporate users from 'going out and coming back
in', this resolution fails - mail cannot pop, web pages cannot load.

It is easy for me to fix, I can shut down the DNS server and client service
and restart it, or I can do an ipconfig /release and ipconfig /renew - why
that works I cannot figure out DHCP has nothing to do with name resolving, I
just figure it is forcing the client to recognize the internal DNS server
somehow.

However, while it is easy for me, it is constantly happening all over
corporate, which is irritating, and giving IT unwanted exposure in the
executive office.

Does anyone have an idea why the WindowsXP Pro client is not resolving names
'hierarchically'? That is, why isn't the client trying to resolve the name
first at the primary, and only if not found at the primary, resolving to the
alternate?

Any advice is appreciated !!!


--
randyv
 
Reply With Quote
 
 
 
 
Steve Bruce, mct
Guest
Posts: n/a

 
      09-16-2004
While opinions vary on the wisdom of this, it sounds like you must be using
the same domain name inside and out ??

The failover interval between querying the first or second dns server listed
in dns properties is almost instantaneous. It's purpose isn't for
sequencing, but to find a DNS server that holds a zone. If two servers hold
a zone of the same name, it is likely that they will send queries to both
available dns servers listed.

An alternative configuration to try, would be to remove the ISP's dns server
listing on the clients. Create static A records on you internal dns server
for your external servers that are supposed to be accessed with a public IP
by internal users.

Then configure forwarders on your dns server pointing the ISP's DNS Servers.






"randyv" <> wrote in message
news:BD29D783-F825-497B-9A0B-...
> I'm having a frustrating problem.
>
> I have an internal DNS set up on our Windows2000 Advanced Server. This
> DNS
> resolves our server names to their internal IPs for folks at the corporate
> office. That's all it really does, there are no forwarders, nor is it
> really
> 'public' - not publishing/syncing 'internal' IPs for our server names with
> other DNS servers.
> We have an external DNS that resolves our server names to their external
> IP
> addresses - the DNS service is supplied by our ISP.
>
> Corporate users for the most part are using WindowsXP Pro. Their TCP/IP
> properties are set to use an internal DHCP server to get their IP address
> (this runs behind our corporate firewall). The DNS servers however are
> set
> - one (internal DNS) is primary and alternate is our ISP's external DNS.
>
> The idea here was that these corporate clients would always resolve at the
> primary first - hence all our server names would get the proper (internal)
> IP
> for the users
> at corporate, and all external names (like www.google.com) would resolve
> at
> the alternate (external) DNS server at our ISP. External (branch) users
> would always resolve the server names with their external IP addresses
> using
> the external DNS provided by our ISP.
>
> PROBLEM DESCRIPTION -
> What happens is that when a corporat user's WindowsXP Pro client reboots,
> for some reason, the company server names try to resolve to the external
> name
> server (alternate not primary DNS), which resolves to an external IP
> address.
> Since our firewall keeps the corporate users from 'going out and coming
> back
> in', this resolution fails - mail cannot pop, web pages cannot load.
>
> It is easy for me to fix, I can shut down the DNS server and client
> service
> and restart it, or I can do an ipconfig /release and ipconfig /renew - why
> that works I cannot figure out DHCP has nothing to do with name resolving,
> I
> just figure it is forcing the client to recognize the internal DNS server
> somehow.
>
> However, while it is easy for me, it is constantly happening all over
> corporate, which is irritating, and giving IT unwanted exposure in the
> executive office.
>
> Does anyone have an idea why the WindowsXP Pro client is not resolving
> names
> 'hierarchically'? That is, why isn't the client trying to resolve the
> name
> first at the primary, and only if not found at the primary, resolving to
> the
> alternate?
>
> Any advice is appreciated !!!
>
>
> --
> randyv



 
Reply With Quote
 
 
 
 
Kevin D. Goodknecht Sr. [MVP]
Guest
Posts: n/a

 
      09-17-2004
In news:BD29D783-F825-497B-9A0B-,
randyv <> wrote their comments
Then Kevin replied below:
> I'm having a frustrating problem.
>
> I have an internal DNS set up on our Windows2000 Advanced
> Server. This DNS resolves our server names to their
> internal IPs for folks at the corporate office. That's
> all it really does, there are no forwarders, nor is it
> really 'public' - not publishing/syncing 'internal' IPs
> for our server names with other DNS servers.
> We have an external DNS that resolves our server names to
> their external IP addresses - the DNS service is supplied
> by our ISP.
>
> Corporate users for the most part are using WindowsXP
> Pro. Their TCP/IP properties are set to use an internal
> DHCP server to get their IP address (this runs behind
> our corporate firewall). The DNS servers however are set
> - one (internal DNS) is primary and alternate is our
> ISP's external DNS.
>
> The idea here was that these corporate clients would
> always resolve at the primary first - hence all our
> server names would get the proper (internal) IP for the
> users
> at corporate, and all external names (like
> www.google.com) would resolve at the alternate (external)
> DNS server at our ISP. External (branch) users would
> always resolve the server names with their external IP
> addresses using the external DNS provided by our ISP.


Your idea is incorrect, DNS resolution does not work this way, if either DNS
answers not found, the query stops and the other DNS will not be queried.

If this is Active Directory, and I assume it is, there should be no
references for external or ISP's DNS in TCP/IP properties, this must be
strictly adhered to. All DNS resolution for domain clients must come from
the internal DNS servers. The DNS server is capable of resolving any name in
the ICANN root of the internet without using a forwarder.

I'm also assuming that the internal AD domain name is the same as your
Public domain name? Therefore, any host name in the public domain, such as
www or mail, must be added to the internal DNS zone. You cannot access the
external site by only the domain name without a host name, this record must
point to domain controller's IP address that has file sharing enable for the
SYSVOL DFS share to be accessed.


>
> PROBLEM DESCRIPTION -
> What happens is that when a corporat user's WindowsXP Pro
> client reboots, for some reason, the company server names
> try to resolve to the external name server (alternate not
> primary DNS), which resolves to an external IP address.
> Since our firewall keeps the corporate users from 'going
> out and coming back in', this resolution fails - mail
> cannot pop, web pages cannot load.
>
> It is easy for me to fix, I can shut down the DNS server
> and client service and restart it, or I can do an
> ipconfig /release and ipconfig /renew - why that works I
> cannot figure out DHCP has nothing to do with name
> resolving, I just figure it is forcing the client to
> recognize the internal DNS server somehow.
>
> However, while it is easy for me, it is constantly
> happening all over corporate, which is irritating, and
> giving IT unwanted exposure in the executive office.
>
> Does anyone have an idea why the WindowsXP Pro client is
> not resolving names 'hierarchically'? That is, why isn't
> the client trying to resolve the name first at the
> primary, and only if not found at the primary, resolving
> to the alternate?


Because you whole scenario as to how DNS resolution is handled by the DNS
client is incorrect, and you have chosen the same internal name as your
public domain name.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================
--
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
================================================
http://www.lonestaramerica.com/
================================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
================================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
================================================


 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internal to External to Internal Routing. tc Server Networking 3 10-27-2008 11:55 PM
DNS setting so external dns resolves to the internal dns server Gee DNS Server 1 08-11-2007 11:01 AM
DNS setting so external dns resolves to the internal dns server Gee DNS Server 0 08-11-2007 09:24 AM
assign external FQDN DNS name to internal SBS IP for internal use Nick Windows Small Business Server 2 11-16-2004 07:15 PM
RE: pop3 connector and internal/external domain conflict Ricky Morris [MSFT] Windows Small Business Server 3 07-21-2004 11:56 PM