Windows 2000 domain DNS / outside access question ...

[tknodav1]

Okay, I'm setting up a server, and have everything configured, except for one problem. The server is 2000 Server, Active Directory, DHCP, DNS, WINS. Everything works great on the server itself. When a member computer logs into the domain, it gets a correct IP, and DNS/gateway/etc... information from the server. I can ping the server and access shares just fine.

The problem is that workstations cannot access the internet. I can't ping anything, including www.yahoo.com OR yahoo.com's actual IP. Dont get any response. In the DHCP console, I have the server IP (192.168.0.5) as the first DNS, then the 2 DNS addresses provided by my ISP next. The servers IP is also listed as a Router (003). Under the DNS tab I just have the default settings that the wizard put in, using the Active-directory-integrated DNS setting. Any ideas why my workstations aren't getting outside the network??

Any help appreciated in advance!!!
Cheers!!
Dave

 

[Agamar]

You will need either a proxy server, or an actual router to get what you need done here. I think Win2k Pro comes with a proxy app that will let you share the internet, but I am pretty sure server makes you either buy their new proxy, or get a small router. Sygate may work in your case (it is a software solution you can run on the server). I personally like hardware routers myself...Cheap nowadays too.

 

[Saltin]

You could install Routing and Remote Access from Add/Remove Windows Components. It will allow you to configure the server as a software router.
Also, you will want to get rid of the "." zone in your DNS. If you let the OS configure DNS for you, it will likely be there and your DNS server wont work properly (i.e. it wont forward DNS requests to the internet) with it there.

 

[Fuzznuts]

Originally posted by: Saltin
You could install Routing and Remote Access from Add/Remove Windows Components. It will allow you to configure the server as a software router.
Also, you will want to get rid of the "." zone in your DNS. If you let the OS configure DNS for you, it will likely be there and your DNS server wont work properly (i.e. it wont forward DNS requests to the internet) with it there.

windows arrogance in putting in the forward . zone has always really bugged me

 

[tknodav1]

Thanks for all the help guys!! For reference, I just ended up putting the address of my D-Link router as the DHCP assigned gateway, and then put 3 DNS servers (1 local, 2 from ISP) in the DHCP assigned DNS servers. Everything is working now.

Here's my last DNS question ...
It involves the NETLOGON error 5774...

Here is the error I get in the event viewer. I am aware of the Microsoft KB article that covers this error, but that hasn't helped me at all.
I actually get this SAME error at 2 different company sites I do work for, and both are referencing the server....

Registration of the DNS record '0dc5078b-5035-4f58-bfc8-8350124243ed._msdcs.nmc.org. 600 IN CNAME SERVER2000.nmc.org.' failed with the following error:
DNS name does not exist.

As far as relevant information, the server is running DNS, and has the 2 ISP DNS servers, and then itself referenced as DNS, so 3 in total. The DNS is the active-directory integrated type. And I just stepped through the wizard to set it up. I have forward and reverse lookup zones. I put an entry into the reverse lookup for the server.

Under forward lookup zones, there is '.' and 'nmc.org'. Under '.', there is 'arpa', which in turn has the subnet (192.168.0.xxx) and also 'org', which in turn has nmc under that.

Under 'org', there is 'nmc' ... which has one entry in it for name server 'server2000.nmc.org'.

Hopefully some of this information will be helpful.
Any help would be much appreciated!!

Cheers!!
Dave

 

[ivwshane]

This site might help, eventID.net

 

[tknodav1]

The solution to my problem with the netlogon 5774 was this:

Servers NIC DNS : points to itself (192.168.0.5)
DNS configuration: Delete the root '.', then enable forwarders and put ISP DNS's in there.

Okay great! Did that and I now have my clients resolving outside DNS's. I guess this is the last piece of the puzzle now ... When I try to ping outside for example www.yahoo.com, it resolves the host address correctly, but times out on the pinging. I am currently telling DHCP to tell clients to look at the server IP for the router/gateway. I'm sure if I changed the gateway to the actual router IP (d-link, using for testing) it would work. What do I need to have the server do the routing? Is this even the best-practice for the situation?

And I guess this begs the question, should I just let our router do the DHCP and/or DNS serving, since it was designed to do it in the first place. What are the disadvantages?

Cheers!
Dave

 

[Saltin]

Any server running DNS should be referencing itself and *only* other internal DNS servers in it's TCP/IP properties DNS configuration.
All internal DNS servers should be set to forward to your ISP's DNS servers.

Clients, ideally, should only reference internal DNS servers as well.

With this setup, your clients and servers will always be able to resolve internal and external namespaces.

As for your latest question, I would allow Win2k to cover DNS and DHCP. You will benifit from Dynamic updates and the integration between 2k DNS and 2k DHCP.
Let your router do the routing.