Richard is 100% correct.
You *must* point the clients to the internal DNS that hosts the AD domain.
Yes, that will break external ( Internet ) name resolution untill you go
configure the internal DNS server to handle that too.
On the Internal DNS server, configure it like this:
1) Delete any root (.) zone if it exists.
Now, it will be able to resolve external names using the Root Nameservers
listed in Root Hints.
Now, your DNS server will do the full nine yards lookup from the root on
You can leave it like this if you want, but you can also:
2) Go to the forwarders tab, and add the IP address of your ISP's DNS
This will cause it to onpass unresolved ( external ) queries to your ISP's
DNS server, which in turn will do the full nine yards for you. The
advantage of using your ISP as a forwarder is you get the benefit of their
well-populated cache, and so it may be quicker. Also you reduce the load on
the root and TLD nameservers.
Here's my usual lecture on the whole topic:
XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
How Domain Controllers Are Located in Windows XP
If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )
1) Ensure that the XP clients are all configured to point to the local
DNS server which hosts the AD domain. That will probably be the
win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's
( you should use the DHCP server to push out the local DNS server
2) Ensure DNS server on win2k is configured to permit dynamic updates.
3) Ensure the win2k server points to itself as a DNS server.
4) For external ( internet ) name resolution, specify your ISP's DNS server
not on the clients, but in the 'forwarders' tab of the local win2k DNS
On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers:
HOWTO: Remove the Root Zone (Dot Zone)
The following articles may assist you in setting up DNS correctly:
Setting Up the Domain Name System for Active Directory
HOW TO: Configure DNS for Internet Access in Windows 2000
MS-MVP Windows Networking