I have two active directory dns server. I ran a test and realize that when I
shut the primary active directory server and left the secondary active
directory dns server up no one was able to surf the internet but they are
able to logon to the Active Directory. I even test the a linux workstation
that do not point their DNS to the AD domain, they are able to browse the net
when the primary AD server is up but when the primary AD server is down. The
linux workstation is not able to surf the net even when it is not pointing to
the AD DNS server. The primary AD server has all the roles. We plan to move
the roles after upgrading to Widnows 2003, but the situation puzzled us
because how one AD server stop internet access even for non windows machine
who are not on AD domain.

Thank you in advance.

"John Wong" wrote in message
news:C92D9CD4-A14B-46AE-A1E3-98370D313349@microsoft.com...
:I have two active directory dns server. I ran a test and realize that when
I
: shut the primary active directory server and left the secondary active
: directory dns server up no one was able to surf the internet but they are
: able to logon to the Active Directory. I even test the a linux
workstation
: that do not point their DNS to the AD domain, they are able to browse the
net
: when the primary AD server is up but when the primary AD server is down.
The
: linux workstation is not able to surf the net even when it is not pointing
to
: the AD DNS server. The primary AD server has all the roles. We plan to
move
: the roles after upgrading to Widnows 2003, but the situation puzzled us
: because how one AD server stop internet access even for non windows
machine
: who are not on AD domain.

In an AD domain, all systems should point their DNS to the local DNS. The
router should point it's DNS to the ISP. The Linux box, if not pointing its
DNS to the local DNS, where is it pointing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

"John Wong" <JohnWong@discussions.microsoft.com> wrote in message
news:C92D9CD4-A14B-46AE-A1E3-98370D313349@microsoft.com...
>I have two active directory dns server. I ran a test and realize that when
>I
> shut the primary active directory server and left the secondary active
> directory dns server up no one was able to surf the internet but they are
> able to logon to the Active Directory.

This implies strongly that the 1st server is (properly) configured
to either Forward to an Internet capable DNS server or was doing
explicit recursion itself, but that the second is unable to do either
of these.

Are you Forwarding (usually better choice) or explicitly
recursing (using root hints)?

What was the difference for forwarding/recursing between
these two DNS servers? (You're answer is likely there.)

> I even test the a linux workstation
> that do not point their DNS to the AD domain, they are able to browse the
> net
> when the primary AD server is up but when the primary AD server is down.
> The
> linux workstation is not able to surf the net even when it is not pointing
> to
> the AD DNS server. The primary AD server has all the roles. We plan to
> move
> the roles after upgrading to Widnows 2003, but the situation puzzled us
> because how one AD server stop internet access even for non windows
> machine
> who are not on AD domain.

Likely your second server is not forwarding or was
(incorrectly) forwarding to the 1st server.

Forward both internal DNS servers to your firewall
or the ISP DNS server (i.e., one which can resolve
Internet addresses).

Set all internal clients (including the DNS, DCs, and
other servers) STRICTLY to the INTERNAL DNS
servers which can resolve all internal AND external
names.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

We have 4 dns server, two active directory intergrated dns for workstation in
the domain. The other two dns are linux dns. The two linux dns existed
before the active directory dns so it resolved all internal website and
external. The two active directory dns are forwarded to the linux dns for
corporate website and external website. The two active directory dns does
not forward each other but they forward to both linux dns.

The linux workstation point to the linux dns since they do not have need for
the active directory.

It was stranged that if the second dns is not configured correctly, how does
it affect the linux machine when it does not communicate to Active directory
and it simply do es not resolved name thru the linux dns. Only when we turn
back the primary active directory dns that the linux workstation resolved
website.

"Roland Hall" wrote:

> "John Wong" wrote in message
> news:C92D9CD4-A14B-46AE-A1E3-98370D313349@microsoft.com...
> :I have two active directory dns server. I ran a test and realize that when
> I
> : shut the primary active directory server and left the secondary active
> : directory dns server up no one was able to surf the internet but they are
> : able to logon to the Active Directory. I even test the a linux
> workstation
> : that do not point their DNS to the AD domain, they are able to browse the
> net
> : when the primary AD server is up but when the primary AD server is down.
> The
> : linux workstation is not able to surf the net even when it is not pointing
> to
> : the AD DNS server. The primary AD server has all the roles. We plan to
> move
> : the roles after upgrading to Widnows 2003, but the situation puzzled us
> : because how one AD server stop internet access even for non windows
> machine
> : who are not on AD domain.
>
> In an AD domain, all systems should point their DNS to the local DNS. The
> router should point it's DNS to the ISP. The Linux box, if not pointing its
> DNS to the local DNS, where is it pointing?
>
> --
> Roland Hall
> /* This information is distributed in the hope that it will be useful, but
> without any warranty; without even the implied warranty of merchantability
> or fitness for a particular purpose. */
> Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
> WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
> MSDN Library - http://msdn.microsoft.com/library/default.asp
>
>
>

"John Wong" <JohnWong@discussions.microsoft.com> wrote in message
news:B8941A3C-7835-4E41-8252-A7336914E1D4@microsoft.com...
> We have 4 dns server, two active directory intergrated dns for workstation
> in
> the domain. The other two dns are linux dns. The two linux dns existed
> before the active directory dns so it resolved all internal website and
> external. The two active directory dns are forwarded to the linux dns for
> corporate website and external website. The two active directory dns does
> not forward each other but they forward to both linux dns.

Then test each of them FROM their RESPECTIVE command lines
to make sure that each of them (presumably #1 works fine) can
specify the Forwarder in an explicit NSLookup request.

If this works AND the DNS console is using STRICTLY the
Forwarders that test to be working it pretty much HAS TO work.

> The linux workstation point to the linux dns since they do not have need
> for
> the active directory.

One might guess you have multiple problems or else that
Linux is not set as you think it is set.

> It was stranged that if the second dns is not configured correctly, how
> does
> it affect the linux machine when it does not communicate to Active
> directory

It might still be using the #1 DNS even if it has no need of AD.

> and it simply do es not resolved name thru the linux dns.

From what you have said, I would require proof of this or
suspect you have multiple (unrelated) problems.

> Only when we turn
> back the primary active directory dns that the linux workstation resolved
> website.

Then almost certainly your report is incorrect and the Linux
box is actually using the #1 DNS server.


> "Roland Hall" wrote:


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
>> "John Wong" wrote in message
>> news:C92D9CD4-A14B-46AE-A1E3-98370D313349@microsoft.com...
>> :I have two active directory dns server. I ran a test and realize that
>> when
>> I
>> : shut the primary active directory server and left the secondary active
>> : directory dns server up no one was able to surf the internet but they
>> are
>> : able to logon to the Active Directory. I even test the a linux
>> workstation
>> : that do not point their DNS to the AD domain, they are able to browse
>> the
>> net
>> : when the primary AD server is up but when the primary AD server is
>> down.
>> The
>> : linux workstation is not able to surf the net even when it is not
>> pointing
>> to
>> : the AD DNS server. The primary AD server has all the roles. We plan
>> to
>> move
>> : the roles after upgrading to Widnows 2003, but the situation puzzled us
>> : because how one AD server stop internet access even for non windows
>> machine
>> : who are not on AD domain.
>>
>> In an AD domain, all systems should point their DNS to the local DNS.
>> The
>> router should point it's DNS to the ISP. The Linux box, if not pointing
>> its
>> DNS to the local DNS, where is it pointing?
>>
>> --
>> Roland Hall
>> /* This information is distributed in the hope that it will be useful,
>> but
>> without any warranty; without even the implied warranty of
>> merchantability
>> or fitness for a particular purpose. */
>> Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
>> WSH 5.6 Documentation -
>> http://msdn.microsoft.com/downloads/list/webdev.asp
>> MSDN Library - http://msdn.microsoft.com/library/default.asp
>>
>>
>>