PHWinfo - Afficher un message

19/07/2006, 18h06

steve wrote:
> Hi,
>
> i have a problem when i did a ping in my new AD 2003. i have 2 DC
> also a dns
> server. the 2 DC server dns IP settings is pointing to itself. 1 file
> server
> dns setting is pointing to the 2 Dns server internally.
> My AD name is 'ael.ms.sg', DNS are AD-integrated.
> Problem here: when i do a pinging of any invalid hostname, it returns:
C:\Documents and Settings\Administrator>ping test
Pinging test.ms.sg [203.117.178.39] with 32 bytes of data:

<snip>

> The below is the IPconfig/all on my DC1
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : AELDC1
> Primary Dns Suffix . . . . . . . : ael.ms.sg
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ael.ms.sg
> ms.sg
>
> Ethernet adapter LAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection #
> 2
> Physical Address. . . . . . . . . : 00-13-72-5B-86-B9
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 198.1.1.60
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 198.1.1.3
> DNS Servers . . . . . . . . . . . : 198.1.1.60
> Primary WINS Server . . . . . . . : 198.1.1.60
> Secondary WINS Server . . . . . . : 198.1.1.61
>
>
> C:\Documents and Settings\Administrator>
>
> workaround:
> i remove the 'Append parent suffixes of the primary DNS' tick, in
> DC1. i did
> the same ping. Now, it replys normal as in 'ping request could not
> find host
> test.' Which this is a normal reply for invaild hostname.
>
> This is not a good solutions and it should not forward to external to
> resolve anway, plus the return of ping 'www.microsoft.com.ms.sg' is
> stupid..
>
> any clus what's going on with my DNS?

Nothing is wrong with your DNS, this is a problem for Active Directory
domains that are in the same DNS tree at the third or lower level as your
public Domain and there is a Wildcard record in the public domain tree at a
higher level.

There is only one solution since getting rid of the Wildcard record in a
domain you have no control of is out of the question. That solution is to
remove ms.sg from the DNS suffix search list, by configuring each machine
with a custom DNS suffix search list. Win2k3 and XP clients are fairly easy
and can be done in the Default Domain and Default Domain Controller policy.

Computer Configuration
-Administrative templates
-Network
-DNS Client <DNS Suffix search list>
Make ael.ms.sg the only name in the search list.

This policy is ignored by WIn2k clients, they will have to be manually done
at the client in TCP/IP properties, on the DNS tab. Select the radial
button, "Append these suffixes (in order)" then enter ael.ms.sg as the only
suffix appended.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

19/07/2006, 18h06	#2
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: problem with internal dns query steve wrote: > Hi, > > i have a problem when i did a ping in my new AD 2003. i have 2 DC > also a dns > server. the 2 DC server dns IP settings is pointing to itself. 1 file > server > dns setting is pointing to the 2 Dns server internally. > My AD name is 'ael.ms.sg', DNS are AD-integrated. > Problem here: when i do a pinging of any invalid hostname, it returns: C:\Documents and Settings\Administrator>ping test Pinging test.ms.sg [203.117.178.39] with 32 bytes of data: <snip> > The below is the IPconfig/all on my DC1 > > Microsoft Windows [Version 5.2.3790] > (C) Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator>ipconfig/all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : AELDC1 > Primary Dns Suffix . . . . . . . : ael.ms.sg > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : ael.ms.sg > ms.sg > > Ethernet adapter LAN: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection # > 2 > Physical Address. . . . . . . . . : 00-13-72-5B-86-B9 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 198.1.1.60 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 198.1.1.3 > DNS Servers . . . . . . . . . . . : 198.1.1.60 > Primary WINS Server . . . . . . . : 198.1.1.60 > Secondary WINS Server . . . . . . : 198.1.1.61 > > > C:\Documents and Settings\Administrator> > > workaround: > i remove the 'Append parent suffixes of the primary DNS' tick, in > DC1. i did > the same ping. Now, it replys normal as in 'ping request could not > find host > test.' Which this is a normal reply for invaild hostname. > > This is not a good solutions and it should not forward to external to > resolve anway, plus the return of ping 'www.microsoft.com.ms.sg' is > stupid.. > > any clus what's going on with my DNS? Nothing is wrong with your DNS, this is a problem for Active Directory domains that are in the same DNS tree at the third or lower level as your public Domain and there is a Wildcard record in the public domain tree at a higher level. There is only one solution since getting rid of the Wildcard record in a domain you have no control of is out of the question. That solution is to remove ms.sg from the DNS suffix search list, by configuring each machine with a custom DNS suffix search list. Win2k3 and XP clients are fairly easy and can be done in the Default Domain and Default Domain Controller policy. Computer Configuration -Administrative templates -Network -DNS Client <DNS Suffix search list> Make ael.ms.sg the only name in the search list. This policy is ignored by WIn2k clients, they will have to be manually done at the client in TCP/IP properties, on the DNS tab. Select the radial button, "Append these suffixes (in order)" then enter ael.ms.sg as the only suffix appended. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ https://secure.lsaol.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================