Please Urgent DNS nameserver disaster recovery

Archived from groups: microsoft.public.win2000.dns (More info?)

"Nagaraja" <Nagaraja@discussions.microsoft.com> wrote in message
news:4CAAA82A-12F6-40DC-ABAA-3A429881C2FA@microsoft.com...
> Hi all,
>
> My company network worked well until yesterday since an american company
> decided to register on internet the same name of my internal network.
> Now every request from any internal computer (tested with ping and tracert
> and confirmed by nslookup) is forwarded to this new external network.
> We use a windows 2000 domain and i know that this OS cannot help me to
> rename the domain name (without losing computer, users, profiles and so
on).
> I am thinking about to install a new Windows 2000, configure a new domain
> and try to migrate informations to this one but i have not clear the
> conseguences of this.
>
> Someone can help me? Any other idea to suggest?
>
> Thanks to all in advance
>
> Walter

A quick fix to get you working whilst you work out a permanent solution
would be to turn off forwarding lookups on the DNS server/s i.e. so that the
DNS server/s don't know where to look apart from themselves for DNS lookups.

Of course this will kill off internet access but you could always use a
proxy server of some kind to get that back and working if you can't rename
the domain quickly.

I'm planning a domain rename at work at the moment for a Win2k3 migration
here's how it should work:

1. setup new dc and DNS domain
2. establish trust between the two
3. migrate data, user accounts, pc's
4. dcpromo out all original dc's except last one and rebuild on new domain
5. dissolve the trust and then rebuild the last remianing DC on the old
domain

Did you name your AD domain using a tld? e.g. company.com?

Chris

Archived from groups: microsoft.public.win2000.dns (More info?)

> A quick fix to get you working whilst you work out a permanent solution
> would be to turn off forwarding lookups on the DNS server/s i.e. so that
the
> DNS server/s don't know where to look apart from themselves for DNS
lookups.

That is NOT necessary. (See my other post).

And it will cause the Internet problems you mention below.

> Of course this will kill off internet access but you could always use a
> proxy server of some kind to get that back and working if you can't rename
> the domain quickly.

All this complication and disabling is completely unnecessary if
he sets up his INTERNAL DNS CLIENTS and servers correctly.

Which he needed to do before this problem.

He likely has clients with both external AND internal DNS servers
listed -- they are resolving the Internet names BEFORE resolving
internal names or he would not even be aware of the problem
(until someone complained about the "new company" being unreachable.)

He needs the NICs on his internal clients to specify ONLY the
inernal DNS servers and then he NEEDS FORWARDING ENABLED
for resolving the rest of the Internet (except the conflicting zone.)


> I'm planning a domain rename at work at the moment for a Win2k3 migration
> here's how it should work:
>
> 1. setup new dc and DNS domain
> 2. establish trust between the two
> 3. migrate data, user accounts, pc's
> 4. dcpromo out all original dc's except last one and rebuild on new domain
> 5. dissolve the trust and then rebuild the last remianing DC on the old
> domain
>
> Did you name your AD domain using a tld? e.g. company.com?
>
> Chris
>


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Chris Dugan" <chrisdotdugan@bloodyobvious.co.uk> wrote in message
news:bIlpe.5963$8m5.3278@newsfe5-gui.ntli.net...
> "Nagaraja" <Nagaraja@discussions.microsoft.com> wrote in message
> news:4CAAA82A-12F6-40DC-ABAA-3A429881C2FA@microsoft.com...
> > Hi all,
> >
> > My company network worked well until yesterday since an american
company
> > decided to register on internet the same name of my internal network.
> > Now every request from any internal computer (tested with ping and
tracert
> > and confirmed by nslookup) is forwarded to this new external network.
> > We use a windows 2000 domain and i know that this OS cannot help me to
> > rename the domain name (without losing computer, users, profiles and so
> on).
> > I am thinking about to install a new Windows 2000, configure a new
domain
> > and try to migrate informations to this one but i have not clear the
> > conseguences of this.
> >
> > Someone can help me? Any other idea to suggest?
> >
> > Thanks to all in advance
> >
> > Walter
>
>

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks to all for yor answers and ideas but they arrived to me to late when i
needed to start my recovery program:

0) Unplug network cable from routers
1)Add a new domain controller (using vmware ) with a new domain with
endind name .local
2)Add a trust between the domains
3)Migrate users,computers and profiles using ADMT (very nice app)
4)Delete the old domain from the old DC using dcpromo
5)Add the old DC as a replica to the new domain

It is a long work but give satisfaction

Now i need to elige the replica DC to master but when i try to shutdown the
actual DC, leaving the replica alone, my network connections delay to much. I
discovered an error request related to objects in AD. For example, When i try
to add a new user selecting its group from the groups list in AD, search
windows take a long time and instead of the list it displays an error message
saying that there are not any domain controller for this OU.
Then i tried to ping the domain name and it shows me the IP address of this
DC.

Of course, Everything works fine if my DC is online.

How to solve?

Thanks again
Walter

"Herb Martin" ha scritto:

> > My company network worked well until yesterday since an american company
> > decided to register on internet the same name of my internal network.
>
> If you didn't register it then it is NOT 'your name' as far as the Internet
> goes.
>
> > Now every request from any internal computer (tested with ping and tracert
> > and confirmed by nslookup) is forwarded to this new external network.
>
> If you have internal nameservers holding that zone they are setup
> incorrectly
> in all likelyhood.
>
> If you don't have that zone internally then the above is the correct
> behavior.
> (They aren't really 'forwarded' though -- the name resolves to that network;
> there is a difference.)
>
> > We use a windows 2000 domain and i know that this OS cannot help me to
> > rename the domain name (without losing computer, users, profiles and so
> on).
>
> You cannot rename the domain. You would have to create a new domain.
>
> But if you are seeing this problem (you report) you internal
> DNS CLIENTS are setup WRONG anyway.
>
> Internal DNS clients must point SOLELY at your INTERNAL DNS
> server (set).
>
> If your internal DNS server set holds that zone it will NEVER see the
> new Internet commercial zone/domain -- your users will not be able
> to contact (easily) that domain but they will NOT have trouble with
> your internal names and domains.
>
> > I am thinking about to install a new Windows 2000, configure a new domain
> > and try to migrate informations to this one but i have not clear the
> > conseguences of this.
>
> That might be the long term solution but unless the 'new' domain is
> important to you the problem is NOT CRITICAL.
>
> > Someone can help me? Any other idea to suggest?
>
> Fix your internal DNS servers and clients and not only will this
> solve OTHER (authentication and replication) problems it will
> HIDE this specific external issue:
>
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ....or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /serverC-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Label domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
>