Hello everyone, I have all my workstations configured to use my internal server as a primary DNS server, and my ISP as a secondary. The problem is that if my primary DNS server goes down, the client does not use the secondary server (ISP DNS server). I get nothing but DNS errors in the browser. Has anyone experienced this..and is there a solution?? Any replies appreciated.

on the clients set the internal server as DNS server, DO NOT add the isp details here. Now go to the server and in DNS right click on your server and go to properties. Now go to forwarders click enable and add the dns addresses of your isp here. This will mean if a dns is required you server will try to resolve, if it can't then it will forward the request to the dns addresses listed in there. It's the best and easiest way. Good Luck Matt

thansk for the reply matt. I understand your point..but then why is there an option for the secondary DNS server configuration in the win 2k clients. My main problem is not my internal DNS server not being able to resolve, but that I may have to shut ther server down for various reasons. Another thing I am baffled by is how do client machines browse the net if they are logging into a win 2k domain and the domain controller is not conncetd to the internet (seeing as the primary DNS server for the clients has to point at the domain controller). This must be why there is a secondary DNS server option, although it doesent seem to work.

do all your pc's have fully qualified and public domain names, ie pc123@yourdomain.com, and do your servers have public ip addresses. External DNS servers will not beable to resolove addresses that they cannot see, or know where they are. I think what you are trying to achieve is not how things work. Essentially what you want whould involve your pc's having dns records stored on a remote dns server, thus anyone in the world could ping pc123@yourdomain.com and resolve your addresses. "I think" Regards Matt

The secondary DNS server settings is there so that if the Primary does not respond, the secondary will be used. It is not there, as many people think, to be used in the Primary can not resolve a name. If the Primary responds at all, even by saying "I don't know", the secondary is not contacted. In your case if you shut down the Primary, the Secondary would be contacted. A bit more info about your setup would help. As Matt asked, what are your IP ranges? Are you using Active Directory, and what sort of errors do you get? Generally, the internal DNS server would be used to service internal requests. That is, computers on your LAN or WAN. Internet requests would be Forwarded to an ISP or external DNS server. This would be set on the Forwarding Tab on a Windows 2000 server. If that server is down, the clients may be contacting the ISPs DNS server for internal queries which the ISP would (or should) have no knowledge of but they would still most likely be able to resolve Internet requests. So, do you have DNS Forwarding enabled?

All my machines including the AD Domain Controller are running unregistered addresses (10.10.1.x). My Domain controller currently does not forward DNS requests, it places the requests for my win 2k clients itself (it knows where the real root servers are etc.). If I make it a root server for purposes of the AD Domain then I would have to forward the requests, right. I guess if what Glen is saying is true then this is impossible, right? Maybe what I am trying to achieve is not possible. I wanted to setup my domain controller as a file server and central logon server for my win 2k clients (this is and isolated lan situation, no wan). Yet I did not want the server to have any contact to the outside world at all...even if it is just to forward a DNS request. I do not want my server connecting to the world in any way. I wanted my clients to be able to login to my internal server and then be able to resolve live domain names themselves (without the domain controller at all) with the help of the ISPs DNS Server. I hope I am making sense here.. Thanks for the help guys

if you mean public domain names by saying "resolve live domain names" then you should let ICANN know if you can figure this one out. the whole purpose of dns is to break away from one central repository of "live domain names". originally, back in the day, one could argue that the 'host' file would serve this function and then the real internet hit and there was no way for one machine to host every single domain name/ip address in the world so dns was created to offload this problem and make it scalable beyond 1 central machine. you main hope here for what you are trying is to make a dns caching server and let it build a strong baseline for the majority of your sites which you access. you can then use this server to service the majority of your requests until, of course, you start accessing new sites. then you will get alot of "page not found" errors. stick with the forwarders and let your dns do recursive queries. your much better off. hope this helps.