We have a RODC with DNS installed, but When clients using RODC's IP as their DNS address, they cannot browse internet. DNS is installed when promoting RODC, it's replicating from other DNS fine, forwarder is configured to ISP's DNS. Run nslookup on RODC Server: localhost Address: 127.0.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to localhost timed-out

Hi, Please in network properties(ncpa.cpl) in preferred dns put the self ip address not (127.0.0.1). Then try ipconfig /flushdns ipconfig /registerdns Also please provide us ipconfig /all output from client machine and rodc. Check on rodc port 53 is workingDisclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have applied the advised changes. before changes: run nslookup on client PC *** Can't find server name for address 192.168.5.11: Timed out *** Default servers are not available Default Server: Unknown Address: 192.168.5.11 After changes: nslookup on client PC C:\>nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.5.11: Timed out *** Default servers are not available Default Server: UnKnown Address: 192.168.5.11 > google.com Server: UnKnown Address: 192.168.5.11 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out nslookup on RODC: C:\>nslookup Default Server: UnKnown Address: 192.168.5.11 > google.com Server: UnKnown Address: 192.168.5.11 *** UnKnown can't find google.com: No response from server > ipconfig /all: (only one adaptor is in using) Ethernet adapter Local Area Connection - LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Gigabit ET Dual P ter Physical Address. . . . . . . . . : 00-XXXXXX DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.5.11(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.5.1 DNS Servers . . . . . . . . . . . : 192.168.5.11 192.168.100.11 NetBIOS over Tcpip. . . . . . . . : Enabled

Hi, Try to access the DNS console on RODC and check reverse lookup zone is properly loaded or not. Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Hi, Try to access the DNS console on RODC and check reverse lookup zone is properly loaded or not. Yes, eveything looks the same as the DNS console at hub site.. In the consle there are two subnets in the reverse lookup zone, 192.168.5.11 has a PTR record Have tried to disable the windows firewall, still no success.

Hi, So your RODC is not a DNS. Then please put the DNS server address in RODC (ncpa.cpl) and check for name resolution. I suggest You to make it a DNS as it will hold the Read only copy of Primary zone but it will help clients for name resolution. http://itbloggen.se/cs/blogs/chrisse/archive/2009/01/25/how-read-only-domain-controllers-and-dns-works.aspx http://technet.microsoft.com/en-us/library/cc742490(WS.10).aspx Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Try to access the DNS console on RODC and check reverse lookup zone is properly loaded or not. Yes, eveything looks the same as the DNS console at hub site.. In the consle there are two subnets in the reverse lookup zone, 192.168.5.11 has a PTR record Have tried to disable the windows firewall, still no success. the other two DNS servers at hub sites show 'name server' under DNS console, but RODC doesn't. Does RODC suppose to be a NS ?

Hello, if your RODC is not a DNS server, it can not respond for DNS requests. Please install DNS on your RODC and then your AD-integrated zones will be replicated. Once done, configure forwarders to point to your ISP DNS servers and check again. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

It is a DNS server, because when I did the rodc promote, I ticked the DNS option, and the RODC has DNS service running, the dns console in RODC shows exactly the same content as the two DNS server at hub site.

on RODC run nslookup: resolve internal PCs --OK with DNS 127.0.0.1 resolve google.com --fail resolve internal PCs --fail with DNS 192.168.5.11 (rodc's IP) resolve google.com --fail C:\>nslookup Default Server: UnKnown Address: 192.168.5.11 > pc1 Server: UnKnown Address: 192.168.5.11 *** UnKnown can't find maritsupport: No response from server --------------------------- on client PC(DNS point to RODC only) run nslookup: C:\>nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.5.11: Timed out *** Default servers are not available Default Server: UnKnown Address: 192.168.5.11 > google.com Server: UnKnown Address: 192.168.5.11 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out

Below ports should be open. Pls telnet from both the ends. Port:53, 445,3268,389,88,135 and so on, find the below link. http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspxBest regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

I have had the windows firewall / antivirus disabled...

Hi, Are you able to telnet the above ports from both the end? run, ipconfig /flushdns ipconfig /registerdns restart the "netlogon" service Check the DNS events for more info. Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

No, I just tested telnet to RODC with port 53, no success. but telnet to 3389 is ok. I have added firewall rule with manually defined allowing local port 53 for both incoming and outgoing, still no success. Strange..because I have had windows firewall and antivirus off. What kind of applications or services could prevent port 53 being accessed?

Issue fixed, a DNS service restart did it. Looks like the pollices have not been activated, a service restart is required. Tanmoy, Biswajit, thanks for pointing me to the right direction!