General discussion


domain ctrlr cannot access the internet

By deng ·
I have a windows 2003 server installation that had no problems accessing the internet until I promoted it to a domain controller. Now, as a domain controller, I can see my resources on my subnet, but am unable to see the internet. I have configured the DNS server with a forwarder to my ISP's DNS server, but I still can't see the internet. Can anyone help?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to domain ctrlr cannot acces ...
Collapse -

by deng In reply to

I don't think the problem is related to enhanced internet explorer security. I have sites that have been added to the trusted site zone and it still doesn't work.

I suspect the problem is related to my DNS server or the Active directory. But so far, I haven't been able to locate the problem.

Collapse -

by sgt_shultz In reply to domain ctrlr cannot acces ...

you probably gonna reject this without trying also, but i suggest you hold your assumptions a moment and read this:
How to Remove the Root DNS Zone
A DNS server running Windows Server 2003 follows specific steps in its name-resolution process. A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders, and then it tries resolution by using root servers.

By default, a Microsoft DNS server connects to the Internet to process DNS requests more with root hints. When you use the Dcpromo tool to promote a server to a domain controller, the domain controller requires DNS. If you install DNS during the promotion process, a root zone is created. This root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use forwarders or root hints in the name-resolution process.

1. Click Start, point to Administrative Tools, and then click DNS.
2. Expand ServerName, where ServerName is the name of the server, click Properties and then expand Forward Lookup Zones.
3. Right-click the "." zone, and then click Delete.
it is from;en-us;323380

Collapse -

by deng In reply to

Now why would you think that I'd reject the last suggestion without trying it? I did read his article and there was nothing specific to try. And I also disabled the enhanced security on the server.

Your suggestion was looked into already. There is no "." zone defined in the Forward Lookup Zones branch of the server.

Thanks for the suggestion though ...

Collapse -

by jdgretz In reply to domain ctrlr cannot acces ...

Couple of quick questions - can you ping an address by IP Address outside your network? If you do an NSLOOKUP for a domain, do you get a valid return or an error message, and if so, what is the message?

It does sound like a DNS issue, but need more info first.

Just for giggles, if you can ping outside, load FireFox and see if you can surf.


Related Discussions

Related Forums