AD Integrated DNS and DHCP does not always work 1

[ankle]

I have 2 Win 2003 Standard DCs: DC1 and DC2. I have DNS set up as AD integrated. DC1 is DNS server and is currently the DHCP server. DC2 is also DNS server. Replication appears to be working OK. I have setup a dedicated AD account to be used for DHCP. I have added both DC1 and DC2 to DnsUpdateProxy group. I have transferred FSMO roles from DC1 to DC2 because DC1 is going to be shut down soon.

Here are the problems.
- If I list DC1 first as the DNS server in DHCP scopes all is OK.
- If I list DC2 first and DC1 second in the scopes, I have DNS problems.
- If I only list DC2, then I have DNS problems.

The problems are that you cannot get to several Internet sites, including our email server which is located at another domain.

I have run DCDIAG and NETDIAG with no errors. I need to understand what the problem is as I plan to add another server, DC3 and then turn on DHCP on DC2 and as I said above then shutdown DC1.

I have read a lot of articles, but I just cannot pinpoint the problem. Can anyone steer me in the right direction?

Thanks

 

[Roadki11]

Are you using DNS forwarders? Are they the same on both DC's? I dont use root hints, i use my ISP dns servers.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[ankle]

Thank you so much. I thought I had looked at everything and matched the configuration, but I missed that one. I guess I thought that info would come from the original DNS server, DC1. I added that info on DC2 and now it is working as I expected.

I was looking at all the complicated solutions. Should have known it would be the simple fix. Those are the ones you overlook.

Thanks again.