Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secondary DNS server? 1

Status
Not open for further replies.
donutman

donutman

Programmer
Dec 20, 2002
2,481
0
0
US
Can I use a member server as a DNS server that will forward all 1st to the internet DNS server, but will otherwise forward 1st to my local DNS server?
I know this sounds like a strange request, but I restrict internet access to only a select few workstations by NOT having a forwarder on my local DNS server. Then at the workstation level I hard code the webs DNS server as the 1st DNS server and the secondary is set to the local. However, this causes very slow logons and reversing the order prevents web access. So I was hoping to find a work around. I have lots of W98 boxes so group policy isn't workable.
-Karl

[red] Cursors, triggers and user-defined functions are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Sort by date Sort by votes
If you only want to give a few workstations access to the internet you could always assign them static IP's. Keep forwarders setup on your primary DNS server, tell DHCP to only lease IP's and Local DNS server IP, dont lease the gateway IP to DHCP clients. The few work stations you want to have internet access assign the IP statically with the gateway IP + local DNS IP.

 
Upvote 0 Downvote
That would normally work, but in my situation the internet DNS server is down-wind from my gateway as is the other two locations in my intra-net. So all workstations need the gateway.
I could use the static ip idea (or reserved ips) and put an access table in the firewall router, but I was looking for a simpler alternative (without a table of ips to maintain). I was hoping that I could give the privileged workstations a special DNS server to poll.
-Karl

[red] Cursors, triggers and user-defined functions are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
What about ISA or some sort of proxy server to deny access? Or use a firewall or router to block a range of IP's. Assign reversed IP's via DHCP to the clients you want to have access, make sure the IPs are near the end or start of the range. On the router or firewall allow these IP's to pass through any other IP's outside the range block.

 
Upvote 0 Downvote
The block of IPs sounds good. It's a little messy because I have 4 subnets (which were poorly...choosen so a mask can't help), but that's the best idea so far.
I don't know about ISA or proxy servers. Never used them. How do they work or help in this situation?
-Karl

[red] Cursors, triggers and user-defined functions are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
The IP block sounds the easiest (and least expensive...ISA!!!). Thanks :)
-Karl

[red] Cursors, triggers and user-defined functions are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
FaiTHLeSS, would this work? Instead of having just a secondary DNS server, I could make that box a DC and a DNS server (this one with a forwarder to the internet DNS server). Then the few workstations that need internet access could authenticate and get access from the same IP. I would just hard code the DNS server at the workstations.
Or would this fail because the DNS servers would "share" info about internet name resolution? I do want them to share info about the intra-net. I obviously don't know enough about how this stuff works behind the scenes.
-Karl

[red] Cursors, triggers, user-defined functions and dynamic SQL are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
If its not the replicating with any other DC then it would work, you could just create a new domain for that small network.You would have to create a trust between the domains so you are still able to share resources.

Another way todo it could be to create an OU in the current domain you have to push out an logon script that changes the proxy settings in IE. If you change the machines you dont want to have access to the internet to some invalid proxy setting they wont be able to access the internet. I dont know the code todo it you would have to look it up.

 
Upvote 0 Downvote
I didn't understand your 1st paragraph. If the 2nd DC is in the same domain, will it work?
I have lots of W98 boxes so I don't think the OU idea will work?
-Karl

[red] Cursors, triggers, user-defined functions and dynamic SQL are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
Hello,

I've been out of the networkworking world for a while and unsure if this is the correct forum to ask for assistance, however, need help with windows 2000 server configuring as a webhost for new employer who wants to tap into my is knowledge of computers. I've followed all of microsoft's troubleshooting and configuring static ip for the host site. but am unable to pull up web page. gives error message page cannot be displayed. I can ping the static ip address, i have configured for the box. But any and all assistance is tremendously appreciated.

Elaborate
 
Upvote 0 Downvote
elaborate: i suggest you start a new post, but sounds like a misconfiguration in IIS or DNS, also give more info on your setup.

donutman: If the servers where to replicate with each other and both are running AD zones then they would copy over to each, but thinking about it im not sure if it would copy all the DNS settings for the server. Give it a try and see if it works.





 
Upvote 0 Downvote
FaiTHLeSS, it appears to work! I installed DNS on a "backup" domain controller. Removed the dot forward lookup zone and installed a forwarder to the internet DNS server. So now I can just put a static DNS entry into those workstations with access rights to the internet. Thanks again for your help.
-Karl

[red] Cursors, triggers, user-defined functions and dynamic SQL are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
Oh darn. The primary DNS learns from the other DNS. [sad]
-Karl

[red] Cursors, triggers, user-defined functions and dynamic SQL are an axis of evil![/red]
[green]Life's uncertain...eat dessert first...www.deerfieldbakery.com[/green]
 
Upvote 0 Downvote
Yeah i thought it might do that. If you cant afford something like ISA you could look at winproxy:


Or as said before try using your firewall/router to block out the port range that you dont want to have access to the internet.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
143
suncit
suncit
MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
103
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
118
Aquiles Vidal
Aquiles Vidal
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
97
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
117
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top