I'm not positive, but I think it has to do with the way your DNS is
set up. An optimal DNS setup would be (and if you're not using DHCP,
you should be..):
In IP settings on the DC, have its DNS point to itself.
In the DNS Manager snap-in, go to your server's properties and set it
to use forwarders. Use the DSL DNS IP addresses in here. (If this is
greyed out, expand your forward lookup zone, and delete the folder
with the period. This happens if you set up DNS without access to root
In your DHCP scope, set the DNS to the DC's IP (or go to all 22
desktops and do it manually). For the secondary DNS, if you don't have
another DNS server internal, either put the DC in again, or leave it
blank. I think most of this problem stems from the workstation's
ability to use the DSL DNS, which you don't really want if you're in a
Now your DC will be handling ALL DNS requests. Anything on the local
LAN will be answered by whatever the DC has in it's DNS (i.e., the
internal address of the web server). Any requests for resources out on
the Internet will be sent to the DC, which in turn will pass the
request on to the forwarders it has configured (DSL DNS), then pass
the resolution on to your clients.
This will work best if your server is multihomed (or you have a
router), so you can control things through the DC, but I don't know
what sort of environmental/budget/equipment restrictions you may have.
Anyway, this should work well for you.
If you'd like anything clarified, just shoot me a mail. Otherwise,
> I have a Win 2K server handling DNS and approx. 20 Win 98 workstations
> and 2 Win 2K Pro workstations all pointing to the Win 2K server as
> primary DNS and our DSL's DNS servers as secondary DNS. We have a web
> server behind a firewall with a private I.P. address (192.168.1.5). The
> Win 2K server has host records pointing to the web server
> (www.mycompany.com) with I.P. address 192.168.1.5.
> The problem I am having is that sometimes the Win 2K pro workstations
> will not get the private I.P. address for the web server, they will get
> the external I.P. address (from DSL's DNS) to access the server, which
> then gets blocked at the firewall because I have it set up to deny
> incoming access from hosts with private I.P. addresses. The Win 98
> workstations never have a problem getting the private address.
> Both Win 2K pro workstations are logged onto the domain ( one with
> administrative privileges) and can use all services with no problem.
> There are no routers between workstations and Win 2K server. When I use
> nslookup, it returns the Win 2K server as the DNS server and it will
> resolve to the correct internal address for the web server. However, if
> I then ping the web server, I get the external address. Again, this does
> not happen all the time, sometimes the Win 2K pro machines will get the
> internal I.P. address, but not all of the time.
> Any ideas on what may cause the behavior?
> Thanks for your help.