CLient DNS question

I have a local AD domain with DNS on Win 2003 server. Clients are WinXPsp2.
There is a network gateway to internet at 192.168.1.1.

Clients network connection is configured to use local DNS as primary & have
as alternate DNS the gateway & one of my ISP's DNS.

Problem: if the local domain server is not running, clients cannot access
internet resources - IE gets DNS lookup errors. IF the server is up all is
ok. Can anyone suggest what I have setup incorrectly / need to do
differently so clients can access internet regardless if the server is
running?

Thank you. Dale

Client config example:
IP: 192.168.1.2 (static)
Subnet: 255.255.255.0
Gateway: 192.168.1.1
DNS addresses:
192.168.1.128
192.168.1.1
68.94.156.1
Yes - Append primary & connection specific DNS suffixes + Append parent
suffixes of primary DNS suffix.
No connect specific suffix specified.
Yes - Register this connection's addresses in DNS.
Wins - None
Yes - enable NetBIOS over TCP/IP

Nslookup data:
C:\Documents and Settings\dalesplace.DALESNET> nslookup
Default Server: othercomputer.dalesnet.local
Address: 192.168.1.128

> dalesplace.net
Server: othercomputer.dalesnet.local
Address: 192.168.1.128

Non-authoritative answer:
Name: dalesplace.net
Address: 205.138.196.199

> dalesplace.net 68.94.156.1
Server: [68.94.156.1]
Address: 68.94.156.1

Non-authoritative answer:
Name: dalesplace.net
Address: 205.138.196.199

> dalesplace.net 192.168.1.1
Server: [192.168.1.1]
Address: 192.168.1.1

Non-authoritative answer:
Name: dalesplace.net
Address: 205.138.196.199




Dale Sampson

>I have a local AD domain with DNS on Win 2003 server.

This is the DNS server for your clients. When it's gone (shut down) they
don't have DNS resolution. You get an error.

> Clients network connection is configured to use local DNS as primary &
> have as alternate DNS the gateway & one of my ISP's DNS.

As a side note this configuration is going to mess you up. AD clients must
point to the DNS server set up for the AD domain ONLY. Putting servers on
the client DNS setting that are not DNS servers for the AD domain will cause
all kinds of network problems. The gateway is not a DNS server.


> Problem: if the local domain server is not running, clients cannot access
> internet resources - IE gets DNS lookup errors. IF the server is up all is
> ok.

Basically all AD clients must point to the DNS server set up for the AD
domain ONLY. Servers are AD clients also. The DNS server set up for the AD
domain must point to itself for DNS. For Internet access set up your AD DNS
server to forward requests and list your ISP's DNS servers as the
forwarders. This is the only place in an AD domain your ISP's DNS server(s)
should be listed.

Can anyone suggest what I have setup incorrectly / need to do
> differently so clients can access internet regardless if the server is
> running?

You need to move your DNS to a DNS server that is accessible when the server
is down.
Maybe another server that only does DNS? But *that* server must be
accessible in order to get to the Internet.

hth
DDS


"Dale Sampson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have a local AD domain with DNS on Win 2003 server. Clients are WinXPsp2.
> There is a network gateway to internet at 192.168.1.1.
>
> Clients network connection is configured to use local DNS as primary &
> have as alternate DNS the gateway & one of my ISP's DNS.
>
> Problem: if the local domain server is not running, clients cannot access
> internet resources - IE gets DNS lookup errors. IF the server is up all is
> ok. Can anyone suggest what I have setup incorrectly / need to do
> differently so clients can access internet regardless if the server is
> running?
>
> Thank you. Dale
>
> Client config example:
> IP: 192.168.1.2 (static)
> Subnet: 255.255.255.0
> Gateway: 192.168.1.1
> DNS addresses:
> 192.168.1.128
> 192.168.1.1
> 68.94.156.1
> Yes - Append primary & connection specific DNS suffixes + Append parent
> suffixes of primary DNS suffix.
> No connect specific suffix specified.
> Yes - Register this connection's addresses in DNS.
> Wins - None
> Yes - enable NetBIOS over TCP/IP
>
> Nslookup data:
> C:\Documents and Settings\dalesplace.DALESNET> nslookup
> Default Server: othercomputer.dalesnet.local
> Address: 192.168.1.128
>
>> dalesplace.net
> Server: othercomputer.dalesnet.local
> Address: 192.168.1.128
>
> Non-authoritative answer:
> Name: dalesplace.net
> Address: 205.138.196.199
>
>> dalesplace.net 68.94.156.1
> Server: [68.94.156.1]
> Address: 68.94.156.1
>
> Non-authoritative answer:
> Name: dalesplace.net
> Address: 205.138.196.199
>
>> dalesplace.net 192.168.1.1
> Server: [192.168.1.1]
> Address: 192.168.1.1
>
> Non-authoritative answer:
> Name: dalesplace.net
> Address: 205.138.196.199
>

Danny Sanders said, "You need to move your DNS to a DNS server that is
accessible when the server
is down.
Maybe another server that only does DNS? But *that* server must be
accessible in order to get to the Internet."

By this you mean ... what? Can you point me to documentation that outlines
how to do this? Looking through W3K server help files I haven't (yet) found
a configuration like this. I'll keep reading.

Regard to the rest of your comments - all AD clients do point to the DC DNS
& the DC does point to itself for DNS. Currently, rather than forwarding to
my ISP's DNS, the DC just uses the default root DNS server list. Easy enough
to setup the forwarding.

As an aside, the gateway will forward DNS requests directed to it to the DNS
servers my ISP supplies it during DSL connection. For non-AD (workgroup)
clients on the LAN this works OK for internet browsing. Hence, my trying
that as a secondary DNS for the AD clients.

A curiosity - a wireless connected AD client is able to access the internet
regardless if the server is up. (It also is setup as primary DNS=AD DNS &
secondary is the gateway). I'm thinking this is maybe a quirk of the
gateway?

Thank you for your helpful comments!

Dale

"Danny Sanders" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> >I have a local AD domain with DNS on Win 2003 server.
>
> This is the DNS server for your clients. When it's gone (shut down) they
> don't have DNS resolution. You get an error.
>
>> Clients network connection is configured to use local DNS as primary &
>> have as alternate DNS the gateway & one of my ISP's DNS.
>
> As a side note this configuration is going to mess you up. AD clients must
> point to the DNS server set up for the AD domain ONLY. Putting servers on
> the client DNS setting that are not DNS servers for the AD domain will
> cause all kinds of network problems. The gateway is not a DNS server.
>
>
>> Problem: if the local domain server is not running, clients cannot access
>> internet resources - IE gets DNS lookup errors. IF the server is up all
>> is ok.
>
> Basically all AD clients must point to the DNS server set up for the AD
> domain ONLY. Servers are AD clients also. The DNS server set up for the AD
> domain must point to itself for DNS. For Internet access set up your AD
> DNS server to forward requests and list your ISP's DNS servers as the
> forwarders. This is the only place in an AD domain your ISP's DNS
> server(s) should be listed.
>
> Can anyone suggest what I have setup incorrectly / need to do
>> differently so clients can access internet regardless if the server is
>> running?
>
> You need to move your DNS to a DNS server that is accessible when the
> server is down.
> Maybe another server that only does DNS? But *that* server must be
> accessible in order to get to the Internet.
>
> hth
> DDS
>
>
> "Dale Sampson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have a local AD domain with DNS on Win 2003 server. Clients are
>>WinXPsp2.
>> There is a network gateway to internet at 192.168.1.1.
>>
>> Clients network connection is configured to use local DNS as primary &
>> have as alternate DNS the gateway & one of my ISP's DNS.
>>
>> Problem: if the local domain server is not running, clients cannot access
>> internet resources - IE gets DNS lookup errors. IF the server is up all
>> is ok. Can anyone suggest what I have setup incorrectly / need to do
>> differently so clients can access internet regardless if the server is
>> running?
>>
>> Thank you. Dale
>>
>> Client config example:
>> IP: 192.168.1.2 (static)
>> Subnet: 255.255.255.0
>> Gateway: 192.168.1.1
>> DNS addresses:
>> 192.168.1.128
>> 192.168.1.1
>> 68.94.156.1
>> Yes - Append primary & connection specific DNS suffixes + Append parent
>> suffixes of primary DNS suffix.
>> No connect specific suffix specified.
>> Yes - Register this connection's addresses in DNS.
>> Wins - None
>> Yes - enable NetBIOS over TCP/IP
>>
>> Nslookup data:
>> C:\Documents and Settings\dalesplace.DALESNET> nslookup
>> Default Server: othercomputer.dalesnet.local
>> Address: 192.168.1.128
>>
>>> dalesplace.net
>> Server: othercomputer.dalesnet.local
>> Address: 192.168.1.128
>>
>> Non-authoritative answer:
>> Name: dalesplace.net
>> Address: 205.138.196.199
>>
>>> dalesplace.net 68.94.156.1
>> Server: [68.94.156.1]
>> Address: 68.94.156.1
>>
>> Non-authoritative answer:
>> Name: dalesplace.net
>> Address: 205.138.196.199
>>
>>> dalesplace.net 192.168.1.1
>> Server: [192.168.1.1]
>> Address: 192.168.1.1
>>
>> Non-authoritative answer:
>> Name: dalesplace.net
>> Address: 205.138.196.199
>>
>
>

> Danny Sanders said, "You need to move your DNS to a DNS server that is
> accessible when the server
> is down.
> Maybe another server that only does DNS? But *that* server must be
> accessible in order to get to the Internet."
>
> By this you mean ... what? Can you point me to documentation that outlines
> how to do this? Looking through W3K server help files I haven't (yet)
> found a configuration like this. I'll keep reading.


*Most* set ups *expect* the internet to go down when the single domain
controller for the domain is a DNS server and that server is shut down. In
an AD domain all clients should point to the DNS server for the AD domain
only. For internet access your AD DNS server can use the forwarder set up or
root hints to resolve internet requests. If you MUST have your domain set up
so your AD client will continue to get Internet access when the Domain
controller is down, you have to provide them with a DNS server. Set up a
second server install DNS, point it to itself for DNS in the properties of
TCP/IP. Point all AD clients to this DNS server only. Set it up to use root
hints or forwarders. Now when the Domain controller goes down, it won't
affect your clients getting to the Internet because they are using a DNS
server that is up and working.
You can have a DNS server on a member server or a DC. There is no "hard
fact" that the DNS server has to be on a DC. It just has to be accessible to
your clients. You can use BIND for that matter. The *easiest* and least
expensive would be put DNS on the DC. But that is not the ONLY way.


> As an aside, the gateway will forward DNS requests directed to it to the
> DNS servers my ISP supplies it during DSL connection. For non-AD
> (workgroup) clients on the LAN this works OK for internet browsing. Hence,
> my trying that as a secondary DNS for the AD clients.

AD clients and non domain clients behave differently. While this may work
for workgroup clients this will cause problems for AD clients.


> A curiosity - a wireless connected AD client is able to access the
> internet regardless if the server is up. (It also is setup as primary
> DNS=AD DNS & secondary is the gateway). I'm thinking this is maybe a quirk
> of the gateway?

without more info I can't comment on this.

hth
DDS
"Dale Sampson" <(E-Mail Removed)> wrote in message
news:eLV%23e$(E-Mail Removed)...
> Danny Sanders said, "You need to move your DNS to a DNS server that is
> accessible when the server
> is down.
> Maybe another server that only does DNS? But *that* server must be
> accessible in order to get to the Internet."
>
> By this you mean ... what? Can you point me to documentation that outlines
> how to do this? Looking through W3K server help files I haven't (yet)
> found a configuration like this. I'll keep reading.
>
> Regard to the rest of your comments - all AD clients do point to the DC
> DNS & the DC does point to itself for DNS. Currently, rather than
> forwarding to my ISP's DNS, the DC just uses the default root DNS server
> list. Easy enough to setup the forwarding.
>
> As an aside, the gateway will forward DNS requests directed to it to the
> DNS servers my ISP supplies it during DSL connection. For non-AD
> (workgroup) clients on the LAN this works OK for internet browsing. Hence,
> my trying that as a secondary DNS for the AD clients.
>
> A curiosity - a wireless connected AD client is able to access the
> internet regardless if the server is up. (It also is setup as primary
> DNS=AD DNS & secondary is the gateway). I'm thinking this is maybe a quirk
> of the gateway?
>
> Thank you for your helpful comments!
>
> Dale
>
> "Danny Sanders" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> >I have a local AD domain with DNS on Win 2003 server.
>>
>> This is the DNS server for your clients. When it's gone (shut down) they
>> don't have DNS resolution. You get an error.
>>
>>> Clients network connection is configured to use local DNS as primary &
>>> have as alternate DNS the gateway & one of my ISP's DNS.
>>
>> As a side note this configuration is going to mess you up. AD clients
>> must point to the DNS server set up for the AD domain ONLY. Putting
>> servers on the client DNS setting that are not DNS servers for the AD
>> domain will cause all kinds of network problems. The gateway is not a DNS
>> server.
>>
>>
>>> Problem: if the local domain server is not running, clients cannot
>>> access internet resources - IE gets DNS lookup errors. IF the server is
>>> up all is ok.
>>
>> Basically all AD clients must point to the DNS server set up for the AD
>> domain ONLY. Servers are AD clients also. The DNS server set up for the
>> AD domain must point to itself for DNS. For Internet access set up your
>> AD DNS server to forward requests and list your ISP's DNS servers as the
>> forwarders. This is the only place in an AD domain your ISP's DNS
>> server(s) should be listed.
>>
>> Can anyone suggest what I have setup incorrectly / need to do
>>> differently so clients can access internet regardless if the server is
>>> running?
>>
>> You need to move your DNS to a DNS server that is accessible when the
>> server is down.
>> Maybe another server that only does DNS? But *that* server must be
>> accessible in order to get to the Internet.
>>
>> hth
>> DDS
>>
>>
>> "Dale Sampson" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I have a local AD domain with DNS on Win 2003 server. Clients are
>>>WinXPsp2.
>>> There is a network gateway to internet at 192.168.1.1.
>>>
>>> Clients network connection is configured to use local DNS as primary &
>>> have as alternate DNS the gateway & one of my ISP's DNS.
>>>
>>> Problem: if the local domain server is not running, clients cannot
>>> access internet resources - IE gets DNS lookup errors. IF the server is
>>> up all is ok. Can anyone suggest what I have setup incorrectly / need
>>> to do differently so clients can access internet regardless if the
>>> server is running?
>>>
>>> Thank you. Dale
>>>
>>> Client config example:
>>> IP: 192.168.1.2 (static)
>>> Subnet: 255.255.255.0
>>> Gateway: 192.168.1.1
>>> DNS addresses:
>>> 192.168.1.128
>>> 192.168.1.1
>>> 68.94.156.1
>>> Yes - Append primary & connection specific DNS suffixes + Append parent
>>> suffixes of primary DNS suffix.
>>> No connect specific suffix specified.
>>> Yes - Register this connection's addresses in DNS.
>>> Wins - None
>>> Yes - enable NetBIOS over TCP/IP
>>>
>>> Nslookup data:
>>> C:\Documents and Settings\dalesplace.DALESNET> nslookup
>>> Default Server: othercomputer.dalesnet.local
>>> Address: 192.168.1.128
>>>
>>>> dalesplace.net
>>> Server: othercomputer.dalesnet.local
>>> Address: 192.168.1.128
>>>
>>> Non-authoritative answer:
>>> Name: dalesplace.net
>>> Address: 205.138.196.199
>>>
>>>> dalesplace.net 68.94.156.1
>>> Server: [68.94.156.1]
>>> Address: 68.94.156.1
>>>
>>> Non-authoritative answer:
>>> Name: dalesplace.net
>>> Address: 205.138.196.199
>>>
>>>> dalesplace.net 192.168.1.1
>>> Server: [192.168.1.1]
>>> Address: 192.168.1.1
>>>
>>> Non-authoritative answer:
>>> Name: dalesplace.net
>>> Address: 205.138.196.199
>>>
>>
>>
>
>

Hi Danny Sanders,

Thank you - you've been very helpful.

Dale

"Danny Sanders" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>> Danny Sanders said, "You need to move your DNS to a DNS server that is
>> accessible when the server
>> is down.
>> Maybe another server that only does DNS? But *that* server must be
>> accessible in order to get to the Internet."
>>
>> By this you mean ... what? Can you point me to documentation that
>> outlines how to do this? Looking through W3K server help files I haven't
>> (yet) found a configuration like this. I'll keep reading.
>
>
> *Most* set ups *expect* the internet to go down when the single domain
> controller for the domain is a DNS server and that server is shut down. In
> an AD domain all clients should point to the DNS server for the AD domain
> only. For internet access your AD DNS server can use the forwarder set up
> or root hints to resolve internet requests. If you MUST have your domain
> set up so your AD client will continue to get Internet access when the
> Domain controller is down, you have to provide them with a DNS server. Set
> up a second server install DNS, point it to itself for DNS in the
> properties of TCP/IP. Point all AD clients to this DNS server only. Set it
> up to use root hints or forwarders. Now when the Domain controller goes
> down, it won't affect your clients getting to the Internet because they
> are using a DNS server that is up and working.
> You can have a DNS server on a member server or a DC. There is no "hard
> fact" that the DNS server has to be on a DC. It just has to be accessible
> to your clients. You can use BIND for that matter. The *easiest* and least
> expensive would be put DNS on the DC. But that is not the ONLY way.
>
>
>> As an aside, the gateway will forward DNS requests directed to it to the
>> DNS servers my ISP supplies it during DSL connection. For non-AD
>> (workgroup) clients on the LAN this works OK for internet browsing.
>> Hence, my trying that as a secondary DNS for the AD clients.
>
> AD clients and non domain clients behave differently. While this may work
> for workgroup clients this will cause problems for AD clients.
>
>
>> A curiosity - a wireless connected AD client is able to access the
>> internet regardless if the server is up. (It also is setup as primary
>> DNS=AD DNS & secondary is the gateway). I'm thinking this is maybe a
>> quirk of the gateway?
>
> without more info I can't comment on this.
>
> hth
> DDS
> "Dale Sampson" <(E-Mail Removed)> wrote in message
> news:eLV%23e$(E-Mail Removed)...
>> Danny Sanders said, "You need to move your DNS to a DNS server that is
>> accessible when the server
>> is down.
>> Maybe another server that only does DNS? But *that* server must be
>> accessible in order to get to the Internet."
>>
>> By this you mean ... what? Can you point me to documentation that
>> outlines how to do this? Looking through W3K server help files I haven't
>> (yet) found a configuration like this. I'll keep reading.
>>
>> Regard to the rest of your comments - all AD clients do point to the DC
>> DNS & the DC does point to itself for DNS. Currently, rather than
>> forwarding to my ISP's DNS, the DC just uses the default root DNS server
>> list. Easy enough to setup the forwarding.
>>
>> As an aside, the gateway will forward DNS requests directed to it to the
>> DNS servers my ISP supplies it during DSL connection. For non-AD
>> (workgroup) clients on the LAN this works OK for internet browsing.
>> Hence, my trying that as a secondary DNS for the AD clients.
>>
>> A curiosity - a wireless connected AD client is able to access the
>> internet regardless if the server is up. (It also is setup as primary
>> DNS=AD DNS & secondary is the gateway). I'm thinking this is maybe a
>> quirk of the gateway?
>>
>> Thank you for your helpful comments!
>>
>> Dale
>>
>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> >I have a local AD domain with DNS on Win 2003 server.
>>>
>>> This is the DNS server for your clients. When it's gone (shut down) they
>>> don't have DNS resolution. You get an error.
>>>
>>>> Clients network connection is configured to use local DNS as primary &
>>>> have as alternate DNS the gateway & one of my ISP's DNS.
>>>
>>> As a side note this configuration is going to mess you up. AD clients
>>> must point to the DNS server set up for the AD domain ONLY. Putting
>>> servers on the client DNS setting that are not DNS servers for the AD
>>> domain will cause all kinds of network problems. The gateway is not a
>>> DNS server.
>>>
>>>
>>>> Problem: if the local domain server is not running, clients cannot
>>>> access internet resources - IE gets DNS lookup errors. IF the server is
>>>> up all is ok.
>>>
>>> Basically all AD clients must point to the DNS server set up for the AD
>>> domain ONLY. Servers are AD clients also. The DNS server set up for the
>>> AD domain must point to itself for DNS. For Internet access set up your
>>> AD DNS server to forward requests and list your ISP's DNS servers as the
>>> forwarders. This is the only place in an AD domain your ISP's DNS
>>> server(s) should be listed.
>>>
>>> Can anyone suggest what I have setup incorrectly / need to do
>>>> differently so clients can access internet regardless if the server is
>>>> running?
>>>
>>> You need to move your DNS to a DNS server that is accessible when the
>>> server is down.
>>> Maybe another server that only does DNS? But *that* server must be
>>> accessible in order to get to the Internet.
>>>
>>> hth
>>> DDS
>>>
>>>
>>> "Dale Sampson" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>I have a local AD domain with DNS on Win 2003 server. Clients are
>>>>WinXPsp2.
>>>> There is a network gateway to internet at 192.168.1.1.
>>>>
>>>> Clients network connection is configured to use local DNS as primary &
>>>> have as alternate DNS the gateway & one of my ISP's DNS.
>>>>
>>>> Problem: if the local domain server is not running, clients cannot
>>>> access internet resources - IE gets DNS lookup errors. IF the server is
>>>> up all is ok. Can anyone suggest what I have setup incorrectly / need
>>>> to do differently so clients can access internet regardless if the
>>>> server is running?
>>>>
>>>> Thank you. Dale
>>>>
>>>> Client config example:
>>>> IP: 192.168.1.2 (static)
>>>> Subnet: 255.255.255.0
>>>> Gateway: 192.168.1.1
>>>> DNS addresses:
>>>> 192.168.1.128
>>>> 192.168.1.1
>>>> 68.94.156.1
>>>> Yes - Append primary & connection specific DNS suffixes + Append parent
>>>> suffixes of primary DNS suffix.
>>>> No connect specific suffix specified.
>>>> Yes - Register this connection's addresses in DNS.
>>>> Wins - None
>>>> Yes - enable NetBIOS over TCP/IP
>>>>
>>>> Nslookup data:
>>>> C:\Documents and Settings\dalesplace.DALESNET> nslookup
>>>> Default Server: othercomputer.dalesnet.local
>>>> Address: 192.168.1.128
>>>>
>>>>> dalesplace.net
>>>> Server: othercomputer.dalesnet.local
>>>> Address: 192.168.1.128
>>>>
>>>> Non-authoritative answer:
>>>> Name: dalesplace.net
>>>> Address: 205.138.196.199
>>>>
>>>>> dalesplace.net 68.94.156.1
>>>> Server: [68.94.156.1]
>>>> Address: 68.94.156.1
>>>>
>>>> Non-authoritative answer:
>>>> Name: dalesplace.net
>>>> Address: 205.138.196.199
>>>>
>>>>> dalesplace.net 192.168.1.1
>>>> Server: [192.168.1.1]
>>>> Address: 192.168.1.1
>>>>
>>>> Non-authoritative answer:
>>>> Name: dalesplace.net
>>>> Address: 205.138.196.199
>>>>
>>>
>>>
>>
>>
>
>