Hi fellow community, I'm a newbee on the networking field and I'm struggling with some awesome problems when trying to migrate a web domain name (for purposes of this thread, the domain should read huzfdomain.com) from a dedicated Windows Server 2008 Standard Edition (on Host Provider 1) to another dedicated Windows 2008 Server Standard Edition (on Host Provider 2). Unfortunatelly there's no server admin I could ask for assistance, so I'm faced with the only choice to learn it myself the hard way... :) If I could get help here form the fellow community , then I'll be happy. Now some details about my target configuration: The dedicated server (actually they're two) on host provider 2 holds small windows domain containing one DC and up to 4 domain machines. The windows domain has the name huzf.local. The domain controller has FQDN dc.huzf.local and each of the domain machines has FQDN webN.huzf.local where N is a number between 1 and 4. The host provider 2 also provides a firewall (very good indeed!) so on all machines inside the windows domain the windows firewall is off. The DC has the DNS rolle installed so it acts also as a DNS server, but the machine has only one network connection (IPv4 address set from the internal address range - say for example 192.168.100.111). The DC machine has connection to the outer wourld through the provider's firewall which also acts as a router. It seems the DNS server is correctly configured as when I do compare the settings from the old configuration (on the host provider 1) with those from the new configuration then there're only few differences (mainly DNS entries for other domains which also reside on the old configuration and which I won't migrate). But I can imagine one single difference could make the whole DNS structure unusable... So I say "it seems" the new DNS configuration is correct... Each of the domain machines has two network connections: one from the allocated external IPv4 address range (say for example 88.xxx.xxx.10N) and one from the internal IPv4 address range (say for example 192.168.100.10N), N is the same number as in the FQDN of the domain machines. These machines have the only rolle of being web servers (IIS7 installed). Using the external IPv4 address they're accessible through the world wide web. What does not function is the name resolving - the web1.huzfdomain.com (also web1.huzf.local) are unknown hosts... Also I cannot ping any windows domain name inside the domain. Ping with the IP address works. Using nslookup shows that only the host provider's DNS server is available and of course that DNS has no knowledge of my domain names... Well the question is how to make the name resolving function properly? I'd greatly appreciate if fellows here could spend some more time than reading this and probably provide me with point marks or even solution for my problem. For questions or if additional information is needed, I'll be glad to provide it here if possible. Many thanks in advance! Kind regards, sbogus.

Hi fellow community, I'm still having the described troubles, so please could one of you (or probably more than one!) have look together with me at the problem? If this is the wrong place to ask for help, then I'd be thankfull for your advises where the problem will be better placed... Many thanks in advance. sbogus.

This appears to be a DNS client/server configuration issue. Your internal DNS servers should host at the very mimimum, the huzf.local zone poplulated with the internal IPs for the members of the domain. This DNS server should be allowed to access the internet to resolve internet DNS names. Since huzfdomain.com is being used for internet clients, that zone should remain on a internet facing DNS server. So, the domain members should have the DNS Primary (and secondary) IP settings pointing to the internal DNS server. That is it, based on your description.Visit my blog: anITKB.com, an IT Knowledge Base.

Thank you Jorge Mederos, The DC which also acts as a DNS Server is allowed to have only one (internal) IPv4 address. For security purposes (and I think noone would like to expose his/her domain controller to the outer world, even protected by a firewall) this machine has configured only the connection to the intranet. The access to the outer world succeeds via the firewal/router of the host provider. The only address for DNS resolving (primary) configured for the DC is the DNS server from the host provider. Sorry if I misunderstood you, but do you mean I need to assign and configure also an external IPv4 address for my DC? The rest 4 domain machines have set two DNS servers - one (primary) ist the domain's DNS (the DC machine), but the secondary is the host provider's DNS server. Should I replace that DNS with the address of the primary DNS Server (or just remove the secondary DNS address)? To my itnernal DNS on the DC machine. It indeed hosts the whole huzf.local domain (and it has done it automatically as I joined the 4 web servers), but I'm now unsure for which IPv4 addresses it has been done. As far as I remember, each time a new machine has joined the domain it put entries in the huzf.local zone for both IPv4 addresses (external and internal ones). Should I delete the records for the external adresses? You said "at the very minimum" the huzf.local zone should be configured for the domain's DNS. What also do you recomend to host there? Should I also add records (in the huzf.local zone) for the internet domain names (for example web1.huzfdomain.com, of course with their respective external IPv4 addresses)? Many thanks in advance for your help and for your valuable answers. Kind regards, sbogus.

See my comments: The only address for DNS resolving (primary) configured for the DC is the DNS server from the host provider. I do not recommend this configuration. The DC/DNS server should be pointing to itself for DNS (in the TCP/IP properties). Sorry if I misunderstood you, but do you mean I need to assign and configure also an external IPv4 address for my DC? No, you should not assign an external IPv4 address to the DC. Not a good idea. The rest 4 domain machines have set two DNS servers - one (primary) ist the domain's DNS (the DC machine), but the secondary is the host provider's DNS server. Should I replace that DNS with the address of the primary DNS Server (or just remove the secondary DNS address)? You should simply remove the provider's DNS server info from your servers. While its a very good idea to have at least 2 DNS servers for name resolution, it is a very bad idea to point to 2 DNS servers that DO NOT host the same zones. For instance, when your server decides to query the provider's DNS for huzf.local, how will it resolve any hosts?, it cant... Always point your hosts to DNS servers that will always respond with the same answers to queries. To my itnernal DNS on the DC machine. It indeed hosts the whole huzf.local domain (and it has done it automatically as I joined the 4 web servers), but I'm now unsure for which IPv4 addresses it has been done. As far as I remember, each time a new machine has joined the domain it put entries in the huzf.local zone for both IPv4 addresses (external and internal ones). No, you dont want both the external and internal IPs listed there, although it probably doesnt create issues based on your network description. I would recommend that make the internal NIC highest in priority in the TCP/IP Stack, on the external NICs, disable NetBIOS over TCP/IP, remove the Client for MS Networks, and remove File and Print Sharing. IN addition, on the DNS tab, remove "Register this connection's address in DNS.." <-- make sure you test all of this before you make changes to production....!!! These changes should work without any issues if your AD and DNS infrastructure is configured correctly. Visit my blog: anITKB.com, an IT Knowledge Base.

Thank you again! The first of your recomendations succeeded - pointing the DC to itself as primary DNS resolver did what you said... The second one - the DC remains without external IPv4 address. The third one also did show the mentioned effect - removing the secondary DNS resolver didn't brought any issues to the intranet/internet connectivity. Well the fourth recomendation is not so easy to follow: I'm slightly confused why should the external IPv4 address should be removed from the DNS registration (... IN addition, on the DNS tab, remove "Register this connection's address in DNS. ). Is it then not supposed to have those external IPv4 addresses as part of the DNS lookup/resolving? I was able to do the things you mention in the rest of the recomendation. As the name resolution still not function properly, now I guess my AD and DNS infrastructure are configured incorrectly. Probably if I knew how to make simple backup/export of the entries of the DNS server I could provide you with some more data, that might help you help me further... The way Microsoft recomends backing up the DNS configuration does not let me the ability simply to export the contents of the forward and reverse lookup zones (I do not have condition forwarders). What additional information could you need to help me identify the presisting name resolving issue? Again many thanks for your help! Kind regards, sbogus.

Hello S Bogus, more comments: I'm slightly confused why should the external IPv4 address should be removed from the DNS registration (... IN addition, on the DNS tab, remove "Register this connection's address in DNS. ). Is it then not supposed to have those external IPv4 addresses as part of the DNS lookup/resolving? The reason I recommended that was because you are already registering the internal private IPs in your internal DNS zone. The public IPs are not needed in that zone. You can resolve internally using the private IPs. However, as I mentioned, it probably wont matter and negatively impact your network is you leave them. However, i would need more info to be clear on that recommendation. Ok, now on name resolution, for you to be able to resolve the hosts in "huzfdomain.com", YOUR DNS server needs to know how to resolve names in that zone. Where is the authoritative DNS server for those zones? Are they on the same DNS servers as huzf.local? If so, as long as your servers point to your internal DNS, they should resolve hosts from both zones. If this zone "huzfdomain.com" is located somewhere else, then create a conditional forward on your internal DNS servers pointing to where those DNS servers hosting that zone is located. I have some articles in the DNS section on my blog on how to create Conditional Forwarders. So, for your response, we need to know: Are your servers now able to resolve huzf.local hostnames & where is the huzfdomain.com zone located?Visit my blog: anITKB.com, an IT Knowledge Base.

Hi Jorge Mederos, sorry for the delayed post here - I'm doing also other tasks than configuring and administering Win2k8 domains... ;-) Today evening I'll try to execute all the remaining steps which you've recomended to see if the name resolution will start to work... So please (to the forum admins too) do not close this thread - probably I'll have to post here questions again. I'll keep you informed of my progress. Many thanks in advance for the help! Kind regards, sbogus.

Still monitoring...no worries :-)Visit my blog: anITKB.com, an IT Knowledge Base.

Hi fellows, sorry for the long silence - I was abroad and have had no way to do anything to my small domain... Now I'm back to the DNS configuration ____... I was unpleasantly surprised that now my Webserver does not show in the internet even using the assigned external IPv4-Address. Furthermore even localhost does not respond when loading it in the IE browser on the Webserver itself... I'm certain it should to do with the setting the only DNS resolver to the DNS Server of my domain, but I cant recon what stops the DNS forwarding... Now to your last questions: - no I'm not able to resolve neither huzf.local nor huzfdomain.com. The huzfdomain.com zone has been set up on a public domain host service (United Domains), but I don't know to bind to their DNS Servers. - Typing the external IPv4-Address of one of the Webservers (say 88.xyz.mnk.102) ends up with an error for not finding the specified address. If I add the host provider's DNS Resolver to the DNS Server (for example as secondary DNS Provider) then I can land on the default II7 page. nslookup huzf.local displays the correctly detected DNS Information, but nslookup ls -d huzf.local fails with an error like "Unable to transfer the DNS records to your DNS Server..." The same problem is when nslookup-ing the xuzfdomain.com Tonight I'll look at the DNS section of the Jorge Mederos' blog, but also a "live" advises are very very wellcome... Thank you in advance! Kind regards, sbogus.

Hi again, here I have another question regarding the DNS Server configuration: I've compared the configurations of our old DNS (working) hosted by our old provider with the configurations of my new DNS Server (not working, and which is the matter of this discussion) and found one difference which I don't know how to interpret: The old server has in the huzf.local forward lookup zone one "special" record (I don't know of which type, because its icon likes the one of a forward lookup zone, but is grayed and has inside only one sub-record which is a NS pointing the the domain controller). I'm unable to create such record inside the huzf.local forward lookup zone in the new configuration. Some one knowing how to do this and if it is really needed? Many thanks in advance. Kind regards, sbogus.

Hello sbogus, from your last post, that question is fairly easy to answer. If you see a "grey" folder with a record inside labeled "NS", that folder is a SUBDOMAIN, and the record inside is the NAMESERVER record that hosts the zone. for instance is the grey folder is called domain1 and the NS points to 192.168.0.1, then there is a zone hosted on that remote DNS server for "domain1.huzf.local". I am leaving out the door at the moment, so I dont have time to read this entire thread (to refresh my memory) at the moment to help you with your previous question. Visit my blog: anITKB.com, an IT Knowledge Base.

back to your pending issues... The huzfdomain.com zone has been set up on a public domain host service (United Domains), but I don't know to bind to their DNS Servers. Not sure what you mean by binding? It doesn't matter where the zone is located as long as you can resolve the NS records so DNS servers know how to reach the zone. - Typing the external IPv4-Address of one of the Webservers (say 88.xyz.mnk.102) ends up with an error for not finding the specified address. If I add the host provider's DNS Resolver to the DNS Server (for example as secondary DNS Provider) then I can land on the default II7 page. If you are using your internal DNS servers and you cannot resolve, but can resolve when you use your ISP's, then it is simply a matter of configuring your DNS servers correctly. I have mentioned several ways to accomplish this in early in this thread (forwarding, conditional forwarding, etc...) nslookup huzf.local displays the correctly detected DNS Information, but nslookup ls -d huzf.local fails with an error like "Unable to transfer the DNS records to your DNS Server..." The same problem is when nslookup-ing the xuzfdomain.com. "ls -d" is the nslookup parameter to transfer the zone file. If the zone where the master copy is configured to not allow zone transfers, this message is expected. It wouldn't be a good thing if anyone was freely able to transfer zone files. It may be necessary to re-establish what issues you are having as this thread has touched on many different issues and problems. I am not sure any more of what the core issue is and what has been resolved, and what is still penging. Visit my blog: anITKB.com, an IT Knowledge Base.

Thank you for the answers and for the help! Well your last question is very legitimate - in the course of this thread I've been struggling with all those different issues but here is the status quo: - I'm currently able to successfully resolve any existing local domain name (i.e. any name in the form xxxxx.huzf.local). - I'm also able to resolve WWW names including the ones from the huzfdomain.com, but not through my own DNS Server. The resolver get forwarded through my DNS Server to the one from United Domains (thanks Jorge for the Forwarder-Article in your blog!) I think the long TTL (24 hours, see bellow) has been influencing the DNS resolving functionality and has lead to my two last posts... The damn "construction" needed more time to start functioning. - What I still can't make are those subdomains you've mentioned - in order to have w123.huzf.local successfully resolved I need to put one Host (A-Record) in each related lookup zone in my DNS Configuration. In order to have w123.huzfdomain.com successfully resolved I need to put one Host (A-Record) in the related lookup zone from the Domain Host Provider's DNS (United Domains) and wait for 24 hours (seems the TTL can't be changed to any less amount of time). This I make through the web interface to my domain portfolio there. Considering the wast amount of time and efforts I've spend, and also considering your valuable time spend, I think I can accept such minor drawback - my main goal has been achieved, for further finetunings I would have time in the future. So let close this thread, any further question I'd put in separate threads. Many thanks to you Jorge Mederos for your qualified advices - I've learned alot, but still need to learn much much more. Kind regards, sbogus.