I'm running a Windows 2000 Advanced Server. I have IIS, DNS, and few
other services installed. My problem is that when I put a new Domain
Name (DomN from here on) into the DNS server, I can NOT ping locally
on the server right away.

Sometimes I add a DomN in DNS and everything works fine and I ping it
immediately. Other times I add a DomN and nothing pings. Then if I
wait like an hour or more it will start to ping correctly. The last
DomN I added did this exact case (nslookup worked, ping didn't). I
then tried about a couple of hours later, MAKING NO CHANGES TO DNS or
anything else, and ping worked.

What I'm doing is going to a 'Command Window' and using the 'ping' and
'nslookup' commands to verify information. I know the Mirosoft DNS
server is working, because as soon as I add a DomN I can go to a
command window and do a nslookup and get the correct response
(everytime). However if in that same window I try to ping the new DomN
added I get "Request timed out.".

Some experiments I have tried, which may help find answer.
1.) After adding DomN and problem happened, I rebooted the server.
When it came back up, and I logged back in, everything worked.
2.) Another time when problem occured, I went in the network card
properties, looked around, then clicked the "OK" buttons to get out.
This seemed to cause the network card to reinitialize (I saw a
momentary stop in traffic) and everything worked.

To me I think there has to be some settings in the Registry that can
effect the network card and any caching it may do. I'm guessing that
some registry value is telling the network to cache information. My
old NT4 server didn't do this, but I ran a DNS server that wasn't
microsoft.

The response I looking for is probably the registry settings I need to
change to get rid of this problem. They could be related to DNS (but
don't think so) or more likely to some settings about how the card
performs.

In case you want to know why this is such a BIG deal to me. Everytime
I add a new customer I immediately want to DNS the DomN and add their
web site. The problem is the DomN may not be in the InterNic until
later that day or next. But I need to have everything up and working.
I setup IIS to host the site, then I go and add FrontPage 2000
Extensions, finally I go to add users to the site for login. I found
the easist way to add users in through FrontPage 2000 Administrator,
which goes through the browser. However FrontPage 2000 Administration
works only buy using the DomN (hostname) associated with the web site.
So if I can't ping the DomN through a command window, a local browser
window won't find it either. Therefore, it can take me many hours
waiting until I finally get a new site added, when it should only take
a few minutes.
 
I have the SP3 insalled, and all the lastest patches. The network card
itself is a "Intel(R) PRO/100+ Server Adapter (PILA8470B)". Network
card Driver information. Driver Provider:INTEL Driver Date:2/25/2002
Driver Version:6.1.3.0

I remeber about two patches ago installing some updated network
driver, but this did NOT help solve the problem. I have 64 IPs bound
to the card. The DNS setting on the card is set to a local IP address,
while the backup DNS setting is another server.

---

Request for Question Clarification by sublime1-ga on 14 Jan 2003 23:15 PST

s58smith...

Try this:
--------------------------
 1. Start Registry Editor (Regedit.exe).
 2. Locate the MaxCacheEntryTtlLimit value under the following
    registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
 3. On the Edit menu, click Modify. Type 1, and then click OK.
 4. Quit Registry Editor.

Note that this setting does not really disable the client-side DNS
cache. Instead, it lowers the Maximum TTL value within the client's
DNS cache to one second. This gives the appearance that the
client-side DNS cache has been disabled. Each sequential ping results
in a DNS query to the DNS server.

From Microsoft's site:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q245437
--------------------------
Let me know the results. You can export the existing parameters prior
to making the change, and restore them if it doesn't work. If you're
not clear on how to do that, let me know, and I'll elaborate.

sublime1-ga

---

Clarification of Question by s58smith-ga on 15 Jan 2003 09:46 PST

I looked over the Mircosoft article and this may work. I have made the
change in the Registry, but I believe I'll need to reboot the server
for it to take effect. I can't reboot until early morning hours, so
I'll have to let you know tomorrow if this completly solved the
problem.

I did however do the /flushdns mentioned in the article and this
corrected the problem each time I tested today. So this looks to be
the answer I was after. Also using what you showed me I found an
article at Microsoft
http://support.microsoft.com/default.aspx?scid=kb;en-us;263558 which I
may also apply if IE doesn't seem to get fixed.

Like I said above, I'll try these tonight when I can again work on the
server and see if they solve the issue.

---

Request for Question Clarification by sublime1-ga on 15 Jan 2003 20:07 PST

Thanks for clarifying your progress. I look forward to 
hearing the outcome.

---

Clarification of Question by s58smith-ga on 16 Jan 2003 07:50 PST

I rebooted server and thinngs seemed to work fine. Then after about 10
minutes things reverted. I actually changed NOTHING, and suddenly my
test didn't work.

I setup a DomN "stupidtest.com". Before I made DNS addition.

C:\>ping stupidtest.com

Pinging stupidtest.com [216.187.118.221] with 32 bytes of data:

Reply from 216.187.118.221: bytes=32 time=47ms TTL=52
Reply from 216.187.118.221: bytes=32 time=32ms TTL=52
Reply from 216.187.118.221: bytes=32 time=32ms TTL=52
Reply from 216.187.118.221: bytes=32 time=32ms TTL=52

Ping statistics for 216.187.118.221:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum =  47ms, Average =  35ms

C:\>

Then I added a DomN in my DNS server for "stupidtest.com". After I did
this it seemed to work fine.

C:\>ping stupidtest.com

Pinging stupidtest.com [64.242.37.206] with 32 bytes of data:

Reply from 64.242.37.206: bytes=32 time<10ms TTL=128
Reply from 64.242.37.206: bytes=32 time<10ms TTL=128
Reply from 64.242.37.206: bytes=32 time<10ms TTL=128
Reply from 64.242.37.206: bytes=32 time<10ms TTL=128

Ping statistics for 64.242.37.206:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

C:\>

****************
I then and did some other work and came back about 10 minutes later. I
had NOT removed the DomN from DNS server (which is what I coming back
to do) and decided to do another ping. This time it went to wrong
address.

C:\>ping stupidtest.com

Pinging stupidtest.com [216.187.118.221] with 32 bytes of data:

Reply from 216.187.118.221: bytes=32 time=46ms TTL=52
Reply from 216.187.118.221: bytes=32 time=33ms TTL=52
Reply from 216.187.118.221: bytes=32 time=32ms TTL=52
Reply from 216.187.118.221: bytes=32 time=32ms TTL=52

Ping statistics for 216.187.118.221:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum =  46ms, Average =  36ms

C:\>
*****************

Now the solution:
What I did was to eliminte my secondary DNS server entry in network
card properties. This forced only local DNS server as the available
DNS server to the card. The secondary DNS server was another machine
was didn't get all my DNS changes. (So didn't know I built that
"stupidtest.com".)

Somehow the DNS order on the card wasn't being obeyed. Now I shouldn't
have had to change the DNS entries on the card, since according to
what I found the order (Primary, Secondary) is supposed to work. But
once this was done everything has continued to work. Your registry
setting then worked and continued to work the rest of the night. Just
means that if my DNS service ever fails I won't go anywhere on that
Win2K server.

So for now I'll call this done. Not the perfect solution I wanted, but
then I'm dealing with Micro$oft crap.

Post an answer, and I'll close this.

s58smith...

You said:

"Somehow the DNS order on the card wasn't being obeyed. Now I
shouldn't
 have had to change the DNS entries on the card, since according to
 what I found the order (Primary, Secondary) is supposed to work. But
 once this was done everything has continued to work. Your registry
 setting then worked and continued to work the rest of the night. Just
 means that if my DNS service ever fails I won't go anywhere on that
 Win2K server."

The following discussion of primary/secondary DNS may interest you:

"You have a probably heard or seen the terms "primary DNS server"
 and "secondary DNS server". Actually a DNS server
 (the computer/software) is not specifically "primary" or
 "secondary". A DNS server can be primary for one zone (domain)
 and secondary for another. In fact, Simple DNS Plus can be both
 primary and secondary for the same zone."

and:

"Please note - registrars requiring 2 DNS servers sometimes refer
 to these as "primary" and "secondary". This has absolutely
 nothing to do with the actual primary/secondary functionality,
 and it doesn't  matter in which order you enter your DNS servers
 for the domain name. This is just a list of servers, and there
 could be 1, 2, or any number of DNS servers listed for a domain
 name."
From JH Software's discussion of DNS:
http://www.jhsoft.com/help/ht_primsec.htm

Simple DNS Plus is a JH Software product - 'a simple yet powerful
DNS Server for Windows' (all versions), and costs $79 to register
for one machine. You can look it over here, and there's a 14-day
free trial:
http://www.jhsoft.com/

The solution you came up with will likely work just fine,
but I thought I'd point you to an alternative to Microsoft.


Please do not rate this answer until you are satisfied that
the answer cannot be improved upon by means of a dialog
established through the "Request for Clarification" process.

sublime1-ga


Searches done, via Google:

primary secondary DNS server
://www.google.com/search?num=50&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=primary+secondary+DNS+server&btnG=Google+Search

---

Request for Answer Clarification by s58smith-ga on 16 Jan 2003 11:12 PST

Maybe I wasn't make myself clear on what I changed. If you go to the
properties of the network card. Right-click on "My Nework Places",
then right-click on "Local Area Network". Then select 'TCP/IP'
protocol and button for 'Properties'. In here will be listed
"Preferred DNS server" and "Alternate DNS server". (Note: If you go to
"Advanced" you selct the tab DNS and put in more than two.)

According to microsoft is does use the "Primary DNS" entry first, then
check with the secondary/alternate DNS server.
http://support.microsoft.com/default.aspx?scid=kb;en-us;135919
"Windows enables you to specify multiple Domain Name System (DNS)
servers so that names are resolved even if your primary DNS server is
down. If your primary DNS server (the first name in the list) does not
acknowledge, Windows attempts the next DNS server in the list. "

To me this is impling that the primary DNS server is always checked
with first then it checks with the second DNS entry if the first
didn't respond.

What I was seeing when pinging the DomN "stupidtest.com" was DNS check
(IP packet) went out against the second DNS server, without the PC
first checking against the local DNS server. Even though the local DNS
server was listed first (primary) in the DNS ertries for the network
card. This didn't agree with what Microsoft said. (In my mind.)

That is why on the network card I removed any other DNS entries. Then
the only DNS server listed was the local DNS server running on the
server itself.

If you want to tell me why the network card didn't obey the rules for
first checking again the primary DNS entry and moving to the second
entry, that would really help. However, that wasn't my direct question
stated above here, so I don't know if it falls within the rules. It
just seems to me this was the cause of the real problem. You helped me
to figure out a work around, and I think that is the best I can hope
for.

---

Clarification of Answer by sublime1-ga on 16 Jan 2003 12:47 PST

s58smith...

You were clear on what you changed. When you went into the
network card properties to make the changes to the TCP/IP
protocol, you are accessing Microsoft's TCP/IP software,
and perhaps their protocol is that the primary DNS is 
targeted first and the secondary second. My take on JH
Software's statements regarding 'Simple DNS Plus' was that
their software could be configured differently than
Microsoft's, and that, while Microsoft has their software
configured so that Primary is first and Secondary second,
this prioritizing is not inherent in the protocol itself,
so that, by using different software, such as 'Simple DNS
Plus' it can be configured differently.

Hope that helps...

sublime1-ga

Gave me the correct answer to get my problem solved. I had a issue
that I asked one question, but end result was I had to look beyond to
get everything working.

Had discusssion about second problem, but researcher was NOT
understanding what I trying so say I needed to do to fix the problem,
and what other problems it made for me. In the end I fixed my orginal
problem and I couldn't have done that without the information the
researcher found for me.