Win2k Adv. Server and DNS not working properly

[guidovalduchi]

I'm new to this whole Windows DNS thing, but our corporate office wants to settle on one platform. Thus I have to setup DNS on Win 2k Adv. Server. I believe everything is setup properly, but I cannot validate requests from it. Whenever I go in the properties of my DNS server and hit the Monitoring Tab and run the tests, it comes back on both counts as: Failed on Name Resolution.

I have setup NS with Network Solutions, and have the DNS records pointed my new box, luckily I still have a linux server in the back handling it while I figure this out!

I'm totally lost, any tips, ideas, help, whatever would be greatly appreciated! Thanks

 

[ShaithisDanoveur]

Unless your server is a root server, it gets its DNS information from up-the-line. Simply having a HOST record with the NSI folks puts you ahead of most folks. However, you've also got to set up your server to query multiple DNS servers upstream from you. Your network provider can give you this information. 3 servers is usually considered sufficient. Once your server can query other servers, install the DNS service. Remember, you'll need to get current root cache information from the NIC as well - this tells your server where to fall back to when it's time to punt. And punt it will from time to time, particularly when it attempts to find malformed url's

A properly configured DNS server will function and begin answering queries with upstream and zone cache information. You will also see memory usage begin to increase slowly as it caches more frequent requests and can answer those out of its cache rather than doing lookups affects traffic, which will decrease slightly. Speeds will increase as a whole for local users who will now have vital milliseconds shaved off their lookup times (like seek times). This of course requires you to point them at your DNS server rather than the one up the line.

If your DNS server is also going to be authoritative for your domain, you will have to provide all primary records, with your secondary nameserver upline handling all IN-ADDR records. These aren't quite as important as they're simply inverse mapping records, but a properly maintained DNS system has both types. Your domain name would also have to have its record modified reflecting your DNS server as its primary.

This opens up all new considerations for security - you never want public DNS servers doing much of anything else, particularly storing sensitive data. That's a role better served by puny machines in the DMZ, while your big file storage sits safely behind multiple protective layers.

Hope this helps - I've been up for way too many hours now.