DNS Test in Netdiag Failing

[leeym]

We have a Win2003 DC/DNS server and another Win2003 server running Exchange 2003.

For some reason the Exchange server cannot find the domain controller. I confirmed this by running netdiag on this box (everything else passed). Here is the actualt text:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'exchange.domain.com.'. [ERROR_TIMEOUT]
The name 'exchange.domain.com.' may not be registered in DNS.

Any suggestions on how to fix this?

 

[pytchley]

Have you tried nslookup

 

[NickFerrar]

What's the primary DNS server configured on the Exchange box? It shouldn't be an external DNS server...

 

[leeym]

The Exhcnage server does not run DNS. Since it's got a static IP, DNS is configured to point to the DC/DNS server. It also points to 2 other external DNS addresses so thi box can get Internet access.

I have not tried nslookup because Exchange works fine.

 

[Daveyd123]

The Exchnage box should not point to any External DNS servers. Point it to the internal DNS server(s) and if need be set up forwarders on the internal DNS servers to point to your ISP's DNS servers

 

[leeym]

How do I configure forwarders on the internal DNS server to point to external dns servers without affecting other clients who receive addresses via DHCP?

Just to clarify, you're suggesting that it's okay to assign external DNS addresses via DHCP to clients, just not the Exchange server, right?

 

[Daveyd123]

No, providing you have an internal newtork, you want all clients to have internal DNS addresses.

To set up forwarders...go into dns management, right click on your primary DNS servers and click the forwarders tab. Enter your ISP's DNS address in there.

This way any DNS requests you internal DNS server cannot find will be forwarded onto your ISP servers

 

[leeym]

so take those external dns addresses out of DHCP as well?

won't doing this slow the external access down a bit since all these requests now have to go thru the internal dns server?

 

[Daveyd123]

Yes, take out the external DNS settings in DHCP and change them to you internal settings. You want you clients to try to access your internal DNS servers first to authenticate while logging in. If you have the clients pointing to an external DNS server then you should have noticed it takes a considerable amount of time for users to log on to the Domain.

It will definitely not slow down the requests. It should help as clients will be accessing the internal DNS servers cache as it builds.

 

[leeym]

ok let me try this out. also, where does this cache build up within the dns?

 

[Daveyd123]

Go into DNS management...make sure Advanced is checked under "View". There should be a Cached Lookups folder.

 

[leeym]

ok i just looked at the forwarders tab, and the internal AND external IP addresses are all here. it seems you're suggesting I take out the internal one, correct? if so, why? thx

 

[Daveyd123]

Unless you are using a separate DNS server just for caching purposes, I would remove the internal DNS servers from the Forwarders tab. You need forwarders so the internal DNS servers can forward DNS requests they cannot resolve to upstream dns servers. By default, if you don't setup forwarders, your internal DNS servers will forward unknown DNS requests to the Root servers (Look on the Root hints tab).

For ease of name resolution/Domain authentication, all clients should have their Primary/Secondary DNS settings pointing to your internal DNS servers. Your internal DNS servers should have their own DNS settings poing to thmeselves. You should configure Forwarders on the DNS servers to go to your external (ISP) DNS servers.

You want clients to query your local DNS server first...if your local DNS server cannot respond to the query, it quesies your forwarders (ISP). Your ISP DNS servers will more than likey have the answer to the query. Your ISP DNS servers (setup in the Forwarders tab) will more than like have less of a response time than Root servers.