I have 2 name servers running and registered with static ip.  I'm running se
rver 2000 on both name servers with DNS in Active Directory.  The DNS seem t
o work local just fine, because I'm able to do a nslookup and get a reply ba
ck from both name servers.  The problem I have is my domain name never resol
ved on the internet.  Not sure if it is the router ( Netopia 3346n) config w
ith SBC static ip's or if it is the BlackICE firewall sofware stopping the D
NS updates.  Please need help to know where i should start looking for the p
roblems.

[ Post a follow-up to this message ]

"fbwest" <fbwest.2dvq8b@mail.webservertalk.com> wrote in message
news:fbwest.2dvq8b@mail.webservertalk.com...
>
> I have 2 name servers running and registered with static ip.  I'm
> running server 2000 on both name servers with DNS in Active Directory.
> The DNS seem to work local just fine, because I'm able to do a nslookup
> and get a reply back from both name servers.  The problem I have is my
> domain name never resolved on the internet.

Have you chosen to setup FORWARDING or are you using
physical recursion by these internal name servers?

If the former, then go to the DNS servers (command line) and
check that each of them can reach the forwarder DNS server
at your gateway or ISP by specifying it's IP....

If the firewall is blocking the internal server it will also not
work for NSLookup:

nslookup www.google.com  IP.of.DNS.Forwarder

If you are using direct recursion then just check in a similar
manner for any known working DNS server on the Internet:

nslookup www.google.com  4.2.2.1


> Not sure if it is the
> router ( Netopia 3346n) config with SBC static ip's or if it is the
> BlackICE firewall sofware stopping the DNS updates.

Checking the path from the internal DNS server to either the
forwarders OR external servers will prove the internal servers
can reach externals sources.

> Please need help
> to know where i should start looking for the problems.

If you have a "." zone on your internal servers then you
need to delete that (to enable recursion and forwarders),
or if you have the DNS Server set to "disable recursion"
in the Advanced tab you need to uncheck that.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
>
> --
> fbwest
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message1662526.html
>
>

[ Post a follow-up to this message ]

fbwest wrote:
> I have 2 name servers running and registered with static ip.  I'm
> running server 2000 on both name servers with DNS in Active Directory.
> The DNS seem to work local just fine, because I'm able to do a
> nslookup and get a reply back from both name servers.  The problem I
> have is my domain name never resolved on the internet.  Not sure if
> it is the router ( Netopia 3346n) config with SBC static ip's or if
> it is the BlackICE firewall sofware stopping the DNS updates.  Please
> need help to know where i should start looking for the problems.

You need to clarify, does this mean you cannot resolve external IPs or are
you trying to use your two DNS server for Public Name servers?

IF you have black Ice on the DCs it's not going to work though, your going
to have to remove it from your servers.

If you're trying to use your local DNS for Public servers, the 3346n is
somewhat of a different critter to set up to do this. In the default mode,
even though you may have 5 public IP addresses, the only one that is
accessible from the internet is the Gateway address which is the router's
IP. It can be set up to allow incoming connections to each of the addresses
they gave you, I had to get Netopia to set it up for me and he told me how
to do it, but for the life of me its been two years and I don't have a clue.
I don't personally have one, but one of my clients does, and he wanted
incoming connections to each of the five addresses he has.
There may be a way to set the 3346n up in firewall mode and still allow
incoming connections to each of the IP addresses you have, but you really
need to contact Netopia and tell them what you want so they can help you.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

[ Post a follow-up to this message ]

In news:fbwest.2dvq8b@mail.webservertalk.com,
fbwest <fbwest.2dvq8b@mail.webservertalk.com> stated, which I commented on
below:
> I have 2 name servers running and registered with static ip.  I'm
> running server 2000 on both name servers with DNS in Active Directory.
> The DNS seem to work local just fine, because I'm able to do a
> nslookup and get a reply back from both name servers.  The problem I
> have is my domain name never resolved on the internet.  Not sure if
> it is the router ( Netopia 3346n) config with SBC static ip's or if
> it is the BlackICE firewall sofware stopping the DNS updates.  Please
> need help to know where i should start looking for the problems.

I am confused as to exactly what you're trying to do. Are you trying to host
DNS services on the internet witrh your internal DNS server? If AD I
wouldn't suggest it. Kevin and Herb gave you some good suggestions
otherwise.

But I am wondering... Do you mean your internal DNS servers can't resolve
your public domain name, such as www.yourdomainname.com?

If this is the case, is the internal AD domain name and the external public
domain name the same?

You can test this while using nslookup, change the server reference to an
external server and re-run the query. For instance, in nslookup, use:

server 4.2.2.2

That command tells nslookup to now use an external server to resolve the
query. If that works, then I would assume that the internal andexternal
domain names are the same. If such the case, simply creating a www record
under your own internal zone and give it the actual external IP address of
the ISP's web server will do the trick. Delegating 'www' under your zone
would be better; jsut provide the authorative nameserver(s) of your public
domain name.

If I wrong with my assumption, please follow the other suggestion.

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty.  Now, beam down my clothes."

The only constant in life is change...

[ Post a follow-up to this message ]