No internet connection and forward-Lookup-Zone in my AD DNS?

We have an 2K3 R2 AD server. It is also serves as our DNS server.

When I look at the DNS entries I see the following:

do I really need all these entries?

I currently have a problem that my AD can not access the internet. From SF-Q I can guess it has to do with my dns entries, and I think that fixing that will solve my network access.

Running NetDiag /l shows me an error in the DNS entry as follow

DNS test . . . . . . . . . . . . . : Failed
      [WARNING] Cannot find a primary authoritative DNS server for the name
        'OptiTexDC.optitex.'. [ERROR_TIMEOUT]
        The name 'OptiTexDC.optitex.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.0.2'. Please wait for 30 minutes for DNS server replication.
   [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 80.179.52.100, ERROR_TIMEOUT. 
[FATAL] No DNS servers have the DNS records for this DC registered.

I want to point, all of my users/computers et el. can access the internet.

I am not really sure what to do?!

<< edit >> DNS management forwaders are defined as my ISP provider gave me. This usually propogates to all users. Should I add my DC (192.168.0.2) as one as well?

This is a ipcnofig /all from a client. Both my ISP DNS are listed, as well as my Domain.

Adding some more information: Looking at the Server Event viewer, Under DNS, I see the following:

Event Type: Warning
Event Source:   DNS
Event Category: None
Event ID:   7062
Date:       8/10/2011
Time:       16:03:03
User:       N/A
Computer:   OPTITEXDC
Description:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.2. The     packet is for the DNS name "localhost.OPTITEX.OPTITEX.". The packet will be discarded. This condition usually indicates a configuration error. 

Check the following areas for possible self-send configuration errors: 
  1) Forwarders list. (DNS servers should not forward to themselves). 
  2) Master lists of secondary zones. 
  3) Notify lists of primary zones. 
  4) Delegations of subzones.  Must not contain NS record for this DNS server unless     subzone is also on this server. 
  5) Root hints. 

Example of self-delegation: 
  -> This DNS server dns1.example.microsoft.com is the primary for the zone     example.microsoft.com. 
  -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, 
  (bar.example.microsoft.com NS dns1.example.microsoft.com) 
  -> BUT the bar.example.microsoft.com zone is NOT on this server. 

Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result.  If found, the subzone DNS server admin should remove the offending NS record. 

You can use the DNS server debug logging facility to track down the cause of this problem.

For more information, see Help and Support Center at     http://go.microsoft.com/fwlink/events.asp.
Data: 0000: 50 25 00 00               P%..    

• I visited the link provided. Did not help me.

<< edit - Add Server connection settings >> I am also adding my server network settings. I don't think I can make these settings dynamically from DHCP as I am the DHCP. I do have set as a DNS - my own IP, and 1 of my ISP's. Do I need to change?

Checklist: Both DNS Client and DNS Server are working on the server.

Thanks

The OP could use the root hints rather than forwarders, which is the default setting for an install of the DNS service.

I edited my Q with the DNS management data. The DNS there are what my ISP provided. Do I need to add my DC as well?

@Saariko No, you're good

Is root hints vs forwarders more of a personal choice, or is there a best practice? This KB seems to indicate that it would be better to use forwarders (I'm assuming depending on how large your network is). technet.microsoft.com/en-us/library/cc782142(WS.10).aspx

Thanks for a detailed answer. I will try to act step by step, and see what will solve my problem: 1. Can I delete both forward zones than? the optitex and _msdsc.optitex ? just like that?

@Saariko: You don't want to delete those zones! They're necessary for Active Directory to function properly.

@evan_anderson As for my single-label domain - That's all I have. A local domain in my intranet, no forest, no delegates, no clones. I guess it's the simplest of all domains, so I never figured i need to do the optitex.com name

@Nixphoe: I suppose it's personal choice. I've had bad experiences with ISPs who can't keep basic services (like DNS) running so I prefer to root-resolve versus relying the ISP. You could argue that forwarding to the ISP is friendlier because it allows their DNS caches to minimize traffic to other DNS servers (saving on bandwidth and DNS server resources), but I'd rather have reliable DNS than be a bit "friendly" with such small amounts of traffic.

@Saariko: If this domain isn't in production yet you really should change the name to be a multi-label. This isn't my preference-- it's a recommendation from Microsoft. (I don't know what you mean by "no forest, no delegates, no clones"-- you have an AD forest if you have even a single domain. I don't know what a "delegate" or a "clone" is.) You also shouldn't use a valid Internet domain name for an AD domain name, either. You may find that the single-label name limits your abilities down the road. That would be my concern.

@Evan: Thanks, great way of putting it. I've ran into that same issue with ISP dns servers, I usually just change over to 8.8.8.8 or 4.2.2.2. Root hints seem like a better solution to solve the problem, not the symptom.

Evan - do you have time/do you mind going to a chat room on this?

@Saariko: I'm sorry, but I don't have time right now. I'm heading out the door in a couple of minutes. I'll probably be back on in 2 - 3 hours, assuming this issue I'm going to go look at is easily resolved.

If I have forwarders set on my DC in DNS management, don't they get set to my clients? According to what you say, if on a client I write: ipconfig /all - all I need to see in DNS is my DC IP?

I have edited my Q with the settings of the network on my server. I have DNS settings there, but it's my own IP as well. So I am even more confused now. do I need to remove these settings?

@Saariko: The DNS clients (including the server) should only have your internal DNS server set as their DNS server, and that should be reflected when you run ipconfig/all. You should see only your internal DNS server listed. The DNS server's forwarders are for the DNS server component to use to forward requests to for DNS zones that it's not authoratative for. The forwarders do not need to be, and should not be, set as the DNS servers for any internal computer, including the DNS server itself. The DNS server component and the DNS client component on the server are independent components.

The DNS client component on the server is a client to the DNS server component on the server, but they're 2 independent components. If that idea is confusing, then when you're configuring the DNS client component on the server just forget that it's also the DNS server and configure it as you would every other DNS client on your network... it should only point to your internal DNS server (which is itself) for DNS.

@joequwerty by forwarders I guess you mean the DNS IP's i got from my ISP?

@Saariko: Yes, exactly.

Thanks all for your tips. Problem solved as it was a error in the default gateway on the Server - was set to 192.168.0.2 instead of 192.168.0.254

Thanks all for your tips. Problem solved as it was a error in the default gateway on the Server - was set to 192.168.0.2 instead of 192.168.0.254