win2k server, dns & ics giving me problems!

[wildguy2k 0]

i'm using one win2k server machine for my dns, dhcp, & ad. this machine has a pci modem which i use to dial-up to the internet. upon enabling ics, my ip is set to 192.168.0.1, & i have configured my dhcp scope accordingly. the current scope options are pointing the "router" (default gateway) option to 192.168.0.1, pointing the "dns server" option to the same ip, & defining my domain name. on-demand dialing is enabled for ics & my dialup connection is configured for dhcp. as it is merely a home lan, & i am not constantly connected to the internet, i have not registered my domain.

 

dns is configured with one fwd & one rev lookup zone. they are both ad integrated, & the server is a root server, which doesn't allow me to enter forward'ers or root hints thru the gui.

a check with ipconfig & nslookup both confirm that all options that i have currently enabled are working. pinging back & forth across the network is possible & both files & printers are successfully shared.

 

the problem is that attempting to access the internet via a win2k client machine will always bring up error msg's. no outside internet content is available to any machine on the network besides the server; however, pinging my isp's dns server (or any other internet ip) from the client machine is possible.

 

the only reason i've setup dns on my server is because it is "recommended" for best ad performance. previously, under a different installation (w/out dns), internet content was served to the entire network (which consists of not only win2k, but win98, linux & unix machines) without problems.

 

have tried adding the ip address of one of my isp's dns servers to my dhcp scope options & configuring dns to note that server as a 2ndary server for the zone; with no luck.

 

any help would be appreciated.

[BenZeKat 0]

Okey,

 

First of all, you _do not need_ AD for making a DNS working alright, resp. you NEED a working DNS to make AD working. Also, it can be a Win2000 DNS, allowing forwarding & dynamic update from clients (non secured updates, that's it)

 

That won't help w/ your problem, but AD is resources consuming, and that's not what someone typically needs/wants So you may remove AD easily using dcpromo, as you made to create AD.

 

Also, you can ping external IP from local subnet, are you able to connect to any other port using a TCP connection ?

 

Best guess is trying :

telnet www.microsoft.com 80

or telnet www.yourisp.com 80

 

If your telnet session ends to a connexion refused, well, you can't pass through your gateway on port 80. Otherwise, press several time return to receive the "bad http request" message

 

I don' tthink ICS allows direct connection, I think it's a stupid proxy-like connexion sharing service.

 

You may better configure WinRoute, which natively supports NAT, DNS forwarding and a Firewall (Pro version only I think)

[clutch 1]

If you have Win2K server, your best bet is to can ICS and use RRAS with NAT enabled. As for (what sounds like) your name resolution issue, did you put your ISP's DNS servers in the forwarders tab of your local DNS box?

[benoitska 0]

Hi,

 

Keep your internal DNS on your server and remove the "." corresponding to the roots servers. This will allow you to add forwarders to your ISP's DNS? This might require to reboot. But i'm absolutely sure it works.

 

The test order is:

--> ping your ISP's DNS server with its IP from your server

--> ping a web site IP from your server

--> ping a web site name from your server

Your server is properly configured

--> ping your server IP from your client

--> ping your ISP's DNS server with it's IP from your client

--> ping a web site name from your client

 

Also verify client IP configuration, such as Gateway and DNS server...

 

PS: ICS is best used with W2k Pro, W2K Server integrates RRAS service which is designed for your needs... you can find informations to configure RRAS on www.microsoft.com/technet

 

Bye