none
My DC don't have Internet Connection

    Question

  • I just recently promoted a domain on our environment, create a DNS and DHCP were handled by a router/appliance. added a new client and it can access internet using the IP of the DC which also holds the DNS. my router also have a DNS enable and not keen on disabling it for now. funny is that my domain controller cannot access internet but my clients/pc can do. I also set forwarder (In case someone will ask) on the DNS server pointed to my routers IP. I also make sure that the DC is bypassed on the router. can someone help me on this or maybe I miss something that is very obvious.

    My main problem is my Internal domain name (abc.com) is the same with our external website (abc.com) and I am trying to add a delegation for 'www' to the public name servers that are authoritative to my domain zone so that  it will query the SOA of my public domain name (abc.com) and will get the current IP address of our website (abc.com). When I try to add the DNS of our public website it will not resolve since the DC itself don't have an Internet Access.


    Thursday, July 04, 2013 11:47 AM

Answers

All replies

  • Hello,

    in a domain you need a DNS setup that require to be special for the DCs, this cannot be done by default with a router. In your case disable the DNS on the router and use ONLY the domain DNS server on all domain machines NICs.

    On the DNS server properties in the DNS management console you have to configure the FORWARDERS to your ISPs DNS server so internet access is possible via the domain internal DNS.

    Using an external DNS server for the internal domain result in access problems, slow logons, GPOs are not applied correct and some more problems you will not have.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, July 04, 2013 12:55 PM
  • Hi,

    It seems your DC DNS configuration was fine, you can try confirm your default gateway configuration is correct or not and try to extend the DNS Forwards time out threshold value.

    About your external website same with your domain name, it will cause the DNS resolution result of the website to be the same as the DC's IP. Therefore you can’t access your external website, please refer the following related article.

    TechNet thread:
    Configuring Split-Brain DNS
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c38035f8-b975-4c58-99b2-952f3de9db74/configuring-splitbrain-dns

    Third party article:
    Split Zone or no Split Zone - Can't Access Internal Website with External Name
    http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx

    Hope this helps.


    Alex Lv

    Friday, July 05, 2013 6:26 AM
  • Hi Meinolf,

    I added the IP address of our ISP to the forwarders and everything is fine now with my client/machines. they can now resolve abc.com (external website) internally. I created a delegation for the www to the public name server to get the current IP of my external website abc.com. still my DC dont have internet access connection, the DNS is the same IP and the server's GW is the routers IP.

    Friday, July 05, 2013 8:40 AM
  • Hello,

    please post an unedited ipconfig /all from the DC, so we can verify some basic settings.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, July 05, 2013 9:27 AM
  • Hi Meinolf,

    please see below. not sure though what else needs to be done.

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SSVR1
       Primary Dns Suffix  . . . . . . . : ABC.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ABC.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
       Physical Address. . . . . . . . . : 
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.254.4(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 0.0.0.0
                                           192.168.254.2
       DNS Servers . . . . . . . . . . . : 192.168.254.4
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes


    • Edited by Gerald John Friday, July 05, 2013 9:36 AM isap mac
    Friday, July 05, 2013 9:33 AM
  • Hello,

    please adjust your default gateway settings:

     Default Gateway . . . . . . . . . : 0.0.0.0
                                           192.168.254.2


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Gerald John Monday, July 08, 2013 8:59 AM
    Friday, July 05, 2013 9:38 AM
  • Hi

    Thanks, I will check on this and see how this goes later when no one is connected now on the server.

    Br,

    Gerald

    Friday, July 05, 2013 10:46 AM
  • Hi,

    Your internal domain name and external domain name the same, and the webserver is hosted externally.

    This type of same name scenario is called a split zone

    Please refer the following related article.

    Split zone

    http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx

    Hope this helps


    Alex Lv

    • Marked as answer by Gerald John Monday, July 08, 2013 8:59 AM
    Monday, July 08, 2013 7:39 AM