This is the network diagram:

<<<Internet>>>-------<<eth0+++eth1>>----<<LAN>>---<Active Directory>

Internet: ADSL (1)
eth0-eth1: Linux Gateway configured with DNS: abc.com (2)
LAN: Clients join to domain configured on Active Directory with DNS: xyz.com (3)
Active Directory: Windows 2003 (configured DNS: xyz.com) (4)

Clients (3) in local network use Internet through Squid proxy on Linux Gateway (2). Everything seem working well, however if client doesn't fill DNS address of Active Directory_win2k3 (4), they won't mount network drive from server run Active Directory (script log on and log off. Log on script mount the network drive for every departments). But when client fill DSN address of (4), they can mount the drives.
So, why i have to fill DNS address for very client? Are there solutions to solve it? It means every clients don't need to fill DNS address, but they can mount network drives from (4) with domain xyz.com.

Please help me solve the problem. Thank you very much

I'm not quite sure I understand but I'll give it a shot. So, you are saying that you are calling xyz.com via the domain name and not the IP, right? What you need to do is setup your Active directory server to act as a caching name server, or authoritative, whichever you want, and then in your resolv.conf file add the following:

search [YOUR WINDOWS DOMAIN]
nameserver [YOUR NS1 IP]
nameserver [YOUR NS2 IP (optional)]

What that will do is tell the box where to go for naming information, and it will then resolve xyz.com to the appropriate IP address and be able to mount shares without needing to specify addresses each time. Does that answer your question?

Thanks for your reply,

2 domains that configured only run on local network. Not query together or Internet outside. Active Directory has domain 'xyz.com' because it is the first server, after that i have purchased Linux server and i have configured it with domain 'abc.com' with Gateway role. Now, i have 2 DNS in localnetwork and all clients only join to Windows 2k3 (Active Directory).

Is that clear for you. Please give me your idea. Thank you very much.

It's clear, yeah, but I don't think I can help. I haven't done what you are trying to do before, I thought it was something else.

If the logon script is using fully qualified domain names to mount the shares on file servers then obviously the clients needs the DNS to resolve these name.
Simply add these host records to whichever DNS server your clients are using, or just sync the zone data.

Can you give me an example for your idea.
Thanks so much.

Please help me, i really need your answer.
My network seems slow down when all client poited to my Win2k3 server when they surf web.
Please.

Your post is still confusing. But if I'm understanding it correctly, it sounds like you need to join your linux box into your AD domain (as a member) using the same domain name as your Winders server. See: http://us3.samba.org/samba/docs/man/...tml#ads-member

As for setting the DNS server. Are you running a DHCP server on your LAN? If so, is it configured to return your DNS servers so all clients automagiacally configure themselves with the proper DNS servers?

Noway to solve the problem, exclude join my Linux gateway which running others DNS to Win2k3 Domain Controller. I want them can be separate.
And problem here:

+ Win2k3 server:
- DNS: xyz.com
- Service: AD, DNS, File Sharing

+ Linux Gateway
- DNS: abc.com
- Service: DHCP, Squid, BIND, ...

* When filling DNS of win2k3 for all clients, they can map all network drives on win2k3 server, however they can't use POP3, and must put proxy if they want to use YM and others
* And in case, they fill DNS of Linux gateway for all clients, they can access POP3, no need to fill proxy for YM or others, however they can't map network drives from win2k3 server.
* Another canse, filling two DNS for all clients, if the "Primary DNS" is DNS of Win2k3, reach to the first case, or "Primary DNS" is DNS of Linux gateway , reache to second case.

Please show me the mistake here. Thank you very much.

I can't be sure here, but it sounds like you need to implement bind "views" (thats what I do). With bind "views", you would have an internal view that returns private (rfc1918) address range for clients behind the firewall and public address space for external cleints. By doing do, there is no need for your firewall to re-map an internal client (asking for the external public ip of your firewall) back to a private address space. Or in your case (if I understand correctly) the proxy is doing the re-mapping.

This is more information of tracert command on client:

First case:
Tracert result:
c:\tracert -d www.microsoft.com
Unable to reslove the target system named www.microsoft.com

Second case:
Tracert result:
c:\tracert -d www.microsoft.com
Tracing route to www.microsoft.com.nsatc.net [207.46
over a maximum of 30 hops:

1 <1 ms 1 ms <1 ms 192.168.1.1
2 * * * Request timed out.
3 * * * Request timed out.
4 ^C

Please show me the mistake, and please help me. Thank you very much.

Note: 192.168.1.1 is IP address of Linux DNS.

Please help me.
I also try to fill DNS into /etc/dhcpd.conf
Please help,
Thank you very much

Please help me.
I need your help. My network is too slow.