Setting up DNS 2

[markdeserio]

I have a NT 4.0 domain and I will upgrading it to a 2000 domain. I have a primary DNS server for internal and external use that resolves Internet names for our clients. Also, this server hosts a MX record and host records for external use. Should I install DNS for active dir on a separate server? I think I should for security reasons, since it is a public DNS server too. Also, which DNS server should I point the clients to for Internet access?

Thanks for your help.

 

[butchrecon]

I suggest keeping the lone DNS server. Dont let security scare you. Is DNS resolutions all this server does? Where is you IIS or proxy server located? As long as they are separate then you should be fine and just use the 1 DNS with Active Directory. James Collins
Field Service Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[markdeserio]

Yes, all this server does is DNS resolutions and my ISP is listed for fowarding. However, when I make active dir I would have to point to this server for DNS. Would this server be the root server for my domain? Also, if I setup dynamic dns users from outside my network would see all of my host records for my internal computers. The IIS server is not seperate, it is in my domain.

 

[ekinike]

I would put DNS on another server for internal resolution and enter the IP address of that server as your primary DNS and the ISP IP address as the secondary DNS. You will have to set up a forward zone and also allow dynamic DNS updates. This way you can provide internal host name resolution for your own lan and also a means to access the internet. If you have the resources why not put DNS on another server.

However, if you do decide to install DNS on the PDC, you can always configure the member server as a secondary DNS as a backup.

 

[markdeserio]

When I setup DNS for AD should I name my domain local.mydomain.com or mydomain.com? My primary DNS server right now has records for mydomain.com. I read some articals about how your internal domain name should be different than your registered Internet domain name. Also, would I have to setup communication between the AD dns and the external dns?

 

[Guest_imported]

Hi...

I have a PDC and that uses 2000 server, everything was working fine until I found out that I can't log into my domain through an 2000 professional machine.

I can log into the domain through 98, nt4.0 but I cannot from 2000 professional. I put all my effort to solve it but I am not able to...can anyone please let me know that what should i do to solve that problem.


Thanx
Nick

 

[peterve]

2 things you'll have to check:
1. is DNS working properly on your server ? and is it configured on your Win2K prof. ?
2. make sure Netbios over TCP/IP is enabled on your Win2K box ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[peterve]

Mark,

actually there are a few scenario's possible in your case
1. keep your existing DNS server for domain mydomain.com,
create your Win2K in sub.mydomain.com (a subdomain)
Delegate the subdomain DNS to your WIN2K server
Your NT4 DNS server has a forwarder to your ISP right ?
You could add a forwarder in your WIn2K DNS server as well (to your NT4 DNS server, or straight to the ISP, but then you would have to add a secondary zone for your locally hosted mydomain.com on your Win2K server... (for speed))

2. configure your Win2K domain in mydomain.com,
host mydomain.com on a Win2K server,
do not enable the Dynamic DNS function,
(or at least do not allow zone transfers, so hackers won't be able to get information from your network unless they do a nslookup on all your hosts)

3. configure your Win2K domain in sub.mydomain.com,
upgrade your NT4 DNS server to Win2K (standalone) for mydomain.com (because Win2K DNS runs better than NT4) and keep the forwarding functionality in place...

PS : do not forget : if you want to enable DNS forwarders in Win2K, on your primary Win2K DC, you will have to delete the . root zone first, reboot, and then you will be able to enable forwarders...

Good luck
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[markdeserio]

Peter, my NT dns does have a fowarder to my ISP. If I go with your third option, configure my win2k domain in sub.mydomain.com and upgrade my NT dns to win2k. When I setup my clients should I put the IP address of sub.mydomain.com for the primary dns server and the mydomain.com for the secondary dns server?

If I delete the root zone on a win2k DC, does it cause any other problems by deleting that zone? What is the reason for having a root zone?

Thanks for your help

 

[peterve]

no, just set up a forwarder on your sub.mydomain.com DNS server to your mydomain.com DNS server,
and that server has a forwarder to your ISP...

That means that your clients only need the sub.mydomain.com DNS server...


WHen you install a Win2K domain, the first server (hosting DNS) will assume that it is the highest server in the forest so it will create a . root zone
Deleting the zone will not change the functionalities of your server, it will only allow you to do more.... ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[markdeserio]

Peter,

Thank you, for your help...