Possible DNS issue

Our company inherits networks with some unusual issues, and this one has us a little stumped.

We recently took over a company with a Windows 2000 Server (setup as DC, DNS, DHCP and Terminal Server.) The website and email for this company is hosted off-site with alternate vendors.

The local domain is "company.com" (just as an example) and their email domain is mail.company.com and their website is www.company.com .

We are in the process of trying to implement a VPN between the corporate office and all three of their remote locations. The issue we are having includes the workstations returning the error that the domain either does not exist or the DC cannot be contacted. In looking at the DNS information, we learned that the server is handing out not only it's own IP for resolution but also the DNS numbers for the ISP the company uses. The DC is using only itself for DNS, and cannot visit, nor ping either the website or the email server. Each of the workstation do not have this problem, unless we remove the ISP's DNS numbers. If we do that, they also cannot visit or ping these sites.

Our group is divided over how to fix this problem, short of completely rebuilding the Active Directory. I am open to suggestions. If more information is required please let me know.

From your comments, it appears that the ISPs DNS servers are being handed out to clients using the DHCP Scope Options. I find the best way to do this under W2K/W2K3 is to set the DNS server in DHCP Scope Options to the DC and then to set the Forwarders option in DNS configuration to your ISP's servers. That way, the clients always look to the DC for DNS, and the DC then deals with any unresolved queries.

When you have set the forwarder options on the DC, then go to the TCP/IP properties for the DC NIC and set the preferred DNS server address to the DC. I am of course assuming that the server has a static IP. This will solve the DNS problems for the DC itself.

They are. And while, in a perfect world, the DC of the domain should also be the only DNS handed out, doing so in this particular situation prevents ALL of the workstations the ability to see the email and web servers, hosted off-site.

What we need is to be able to do exactly what you suggested, while allowing them access to those two servers. What confuses us is why there are being prevented that access to begin with.

I checked the forwarders while on-site, because I thought the same thing, however they are configured correctly. The DC is indeed static.

Under the DNS forwarder settings, there is an option to perform a test. Did you try this? If this test is postive then it means that your local DNS server is not functioning properly and you may have to take more drastic action.

The forwarders seem to be working perfectly.

What drastic actions are we looking at?

By drastic action, I meant the original suggestion in your first post. However, before jumping in, have you tried running "ipconfig /flushdns" on all your boxes and server as well. Also I'm sure you've tried restarting your DNS server.