Ping does not resolve, nslookup does, DNS queries end up externall

Every so often a few XP machines on our network lose the ability to resolve
DNS for domains hosted on our internal DNS servers.

A ping from the XP machine will either not find the host, or will end up
reaching our External DNS servers to resolve (if the domain in question is on
that external server as well for public resolution).

Nslookup does find the correct host and IP address using our internal DNS
servers.

ipconfig /flushdns solves this issue at times, other times we have to /renew
to get everything to resolve properly.

Any ideas as to what the root of this problem could be?

Thank you for your time.

Never ever ever allow Client machines to ever even "know" an external DNS
exists.

All machines on the LAN (every last one) uses only the internal AD/DNS and
nothing else,...ever.

Configure the AD/DNS machine with the ISPs DNS in the Forwarders List or
leave the list blank and let it default to using Root Hints.

Make sure the Firewall allows *only* the AD/DNS machines to make outbound
DNS Queries. The Firewall should not allow any other machine to ever make
DNS queries.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Mike." <Mike. @discussions.microsoft.com> wrote in message
news:9252E1B3-94E8-4B15-AE26-(E-Mail Removed)...
> Every so often a few XP machines on our network lose the ability to
> resolve
> DNS for domains hosted on our internal DNS servers.
>
> A ping from the XP machine will either not find the host, or will end up
> reaching our External DNS servers to resolve (if the domain in question is
> on
> that external server as well for public resolution).
>
> Nslookup does find the correct host and IP address using our internal DNS
> servers.
>
> ipconfig /flushdns solves this issue at times, other times we have to
> /renew
> to get everything to resolve properly.
>
> Any ideas as to what the root of this problem could be?
>
> Thank you for your time.
>

Yes, it looks like one of my DHCP servers had both the internal and external
DNS servers on the scope. I have removed the external, and ensured that the
external ones are in the forwarders.

Thank you for your time.

"Phillip Windell" wrote:

> Never ever ever allow Client machines to ever even "know" an external DNS
> exists.
>
> All machines on the LAN (every last one) uses only the internal AD/DNS and
> nothing else,...ever.
>
> Configure the AD/DNS machine with the ISPs DNS in the Forwarders List or
> leave the list blank and let it default to using Root Hints.
>
> Make sure the Firewall allows *only* the AD/DNS machines to make outbound
> DNS Queries. The Firewall should not allow any other machine to ever make
> DNS queries.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
> "Mike." <Mike. @discussions.microsoft.com> wrote in message
> news:9252E1B3-94E8-4B15-AE26-(E-Mail Removed)...
> > Every so often a few XP machines on our network lose the ability to
> > resolve
> > DNS for domains hosted on our internal DNS servers.
> >
> > A ping from the XP machine will either not find the host, or will end up
> > reaching our External DNS servers to resolve (if the domain in question is
> > on
> > that external server as well for public resolution).
> >
> > Nslookup does find the correct host and IP address using our internal DNS
> > servers.
> >
> > ipconfig /flushdns solves this issue at times, other times we have to
> > /renew
> > to get everything to resolve properly.
> >
> > Any ideas as to what the root of this problem could be?
> >
> > Thank you for your time.
> >
>
>
>

Good to hear Mike, glad it worked out.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Mike." <(E-Mail Removed)> wrote in message
news:3DB6EAEC-E63A-440D-B1BA-(E-Mail Removed)...
> Yes, it looks like one of my DHCP servers had both the internal and
> external
> DNS servers on the scope. I have removed the external, and ensured that
> the
> external ones are in the forwarders.
>
> Thank you for your time.
>
> "Phillip Windell" wrote:
>
>> Never ever ever allow Client machines to ever even "know" an external DNS
>> exists.
>>
>> All machines on the LAN (every last one) uses only the internal AD/DNS
>> and
>> nothing else,...ever.
>>
>> Configure the AD/DNS machine with the ISPs DNS in the Forwarders List or
>> leave the list blank and let it default to using Root Hints.
>>
>> Make sure the Firewall allows *only* the AD/DNS machines to make outbound
>> DNS Queries. The Firewall should not allow any other machine to ever make
>> DNS queries.
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>
>> "Mike." <Mike. @discussions.microsoft.com> wrote in message
>> news:9252E1B3-94E8-4B15-AE26-(E-Mail Removed)...
>> > Every so often a few XP machines on our network lose the ability to
>> > resolve
>> > DNS for domains hosted on our internal DNS servers.
>> >
>> > A ping from the XP machine will either not find the host, or will end
>> > up
>> > reaching our External DNS servers to resolve (if the domain in question
>> > is
>> > on
>> > that external server as well for public resolution).
>> >
>> > Nslookup does find the correct host and IP address using our internal
>> > DNS
>> > servers.
>> >
>> > ipconfig /flushdns solves this issue at times, other times we have to
>> > /renew
>> > to get everything to resolve properly.
>> >
>> > Any ideas as to what the root of this problem could be?
>> >
>> > Thank you for your time.
>> >
>>
>>
>>