2 Nics And DNS COnfig

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

Thanks in Advanceâ€

Here is my Issue… I have 2 Win2k Adv. Servers…One is the DC with IP address 192.168.0.101 . and this one is our DNS server with AD installed. Our Domain Name is MAI

The second server is our proxy server.. I want to make this one a member server . this server got 2 NIC’s.. one with the IP 192.168.0.102.. and connected to the our CISCO 2950 switch. Our workstations are connected to this switch. The NIC is with IP 165.215.xxx.250 this one is connected to the ADSL Router with public IP. I have installed Wingate to meet our Proxy requirements

I want make this proxy server a additional Domain controller for my Domain. Its messing up with My DNS Config

Any suggestions ?
 
Here is my Issue. I have 2 Win2k Adv. Servers.One is the DC with IP
address 192.168.0.101 . and this one is our DNS server with AD installed.
Our Domain Name is MAIN

Then they are both DCs. (Keep it simple.)
The second server is our proxy server.. I want to make this one a member
Click to expand...
server .

Perfectly normal. (Not required but that's what I do.)
this server got 2 NIC's.. one with the IP 192.168.0.102..
and connected to the our CISCO 2950 switch.
Our workstations are connected to this switch.
The NIC is with IP 165.215.xxx.250 this one is connected to the
ADSL Router with public IP. I have installed Wingate to meet our Proxy
Click to expand...
requirements .
I want make this proxy server a additional Domain controller for my
Click to expand...
Domain.

Bad idea since this is serving as (part of) your firewall. Leave it a
member server ONLY.
Its messing up with My DNS Config.
Click to expand...

Common problem (if I understand). Many people assume that the
firewall/router/proxy
must use the external DNS (of the ISP or Internet root) when it, itself, is
being a client.

This is compounded by the default behavior if this machine is an external
DHCP client;
it gets the external DNS from the DHCP.

It is further confused if the router/firewall/proxy is itself a DNS server
(typically the
forwarder for the internal DNS servers.)

Here's what I do, it's a little complicated but it solves all of the common
problems:

1) Initially obtain the DHCP assigned setting if the external interface
requires this
OR get the external DNS server from the manual settings provided by
the ISP
2) Use this external DNS in all external reference, especially in the
FORWARDER
setting of the internal DNS servers.
3) OVERRIDE and/or manually set the proxy/router/firewall NIC properties
to the
SAME internal DNS server set as the other machines (since as a
CLIENT it is
first and formost an internal machine as a CLIENT.)
A MANUAL DNS setting overrides this value from the DHCP server.
4) If you run DNS on this machine, set it as the forwarder for the other
internal DNS servers
5) Set all internal clients (including DCs, DNS server, even this proxy)
with ONLY the
internal DNS server (set) -- don't try to mix external/internal, if
it works at all it's unreliable.
6) Generally only make this machine a DNS server on the INTERNAL NIC
(disable on the external address/NIC.)

What will happen:

All machines, including this "member server" DNS/proxy, will get THEIR
DNS resolution from the internal DNS server (set.)

Internal DNS servers can forward to this server (if it runs DNS) or to
the ISP for external name resolution.

Authentication and name resolution will work, first internally and only
if
that fails, externally.

No DC is exposed on the Internet (bad idea)

No DNS is offered to the Internet at large from this crucial machine.

BTW, put your public DNS at the "registrar" (or ISP if you must).
 
In
Herb Martin said:
address 192.168.0.101 . and this one is our DNS server with AD
installed. Our Domain Name is MAIN

Then they are both DCs. (Keep it simple.)


Perfectly normal. (Not required but that's what I do.)



Bad idea since this is serving as (part of) your firewall. Leave it a
member server ONLY.


Common problem (if I understand). Many people assume that the
firewall/router/proxy
must use the external DNS (of the ISP or Internet root) when it,
itself, is being a client.

This is compounded by the default behavior if this machine is an
external DHCP client;
it gets the external DNS from the DHCP.

It is further confused if the router/firewall/proxy is itself a DNS
server (typically the
forwarder for the internal DNS servers.)

Here's what I do, it's a little complicated but it solves all of the
common problems:

1) Initially obtain the DHCP assigned setting if the external
interface requires this
OR get the external DNS server from the manual settings
provided by the ISP
2) Use this external DNS in all external reference, especially in
the FORWARDER
setting of the internal DNS servers.
3) OVERRIDE and/or manually set the proxy/router/firewall NIC
properties to the
SAME internal DNS server set as the other machines (since as a
CLIENT it is
first and formost an internal machine as a CLIENT.)
A MANUAL DNS setting overrides this value from the DHCP
server. 4) If you run DNS on this machine, set it as the
forwarder for the other internal DNS servers
5) Set all internal clients (including DCs, DNS server, even this
proxy) with ONLY the
internal DNS server (set) -- don't try to mix
external/internal, if it works at all it's unreliable.
6) Generally only make this machine a DNS server on the INTERNAL
NIC (disable on the external address/NIC.)

What will happen:

All machines, including this "member server" DNS/proxy, will get
THEIR DNS resolution from the internal DNS server (set.)

Internal DNS servers can forward to this server (if it runs DNS)
or to the ISP for external name resolution.

Authentication and name resolution will work, first internally
and only if
that fails, externally.

No DC is exposed on the Internet (bad idea)

No DNS is offered to the Internet at large from this crucial
machine.

BTW, put your public DNS at the "registrar" (or ISP if you must).
Click to expand...



Also to just add, move the internal NIC to the top of the binding order.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In John <[email protected]> posted their thoughts, then I
offered mine
Here is my Issue. I have 2 Win2k Adv. Servers.One is the DC with IP
address 192.168.0.101 . and this one is our DNS server with AD
installed. Our Domain Name is MAIN
Click to expand...
<snip>

Your AD domain name is just "MAIN" and not the required format of "main.com"
or "main.local", etc?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thank you Ace

Acually I mistyped it . My Domain name is MAIN.COM ..

----- Ace Fekay [MVP] wrote: ----

In John <[email protected]> posted their thoughts, then
offered min
address 192.168.0.101 . and this one is our DNS server with A
installed. Our Domain Name is MAI
<snip
Click to expand...

Your AD domain name is just "MAIN" and not the required format of "main.com
or "main.local", etc

--
Regards
Ac

Please direct all replies to the newsgroup so all can benefit
This posting is provided "AS IS" with no warranties

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MV
Microsoft Windows MVP - Active Director
 
Thank You Herb.

Thank you Herb.


That was really good suggestions…..i want to clarify one more thing. Whether I have to setup the ISP’s DNS on the Outbound NIC? I tried after removing it bit Internet is not working

When I restart the system it s logging into the domain.. But in the Event viewer Still I can see some Net logon Failure Loges

When I run the nslookup command its failing to find out the DNS server.

Please Help me…
 
In
John said:
Thank you Ace

Acually I mistyped it . My Domain name is MAIN.COM ...

----- Ace Fekay [MVP] wrote: -----
Click to expand...

Ok just wanted to make sure for your own sake!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
John said:
Thank You Herb..


Thank you Herb..



That was really good suggestions...i want to clarify one more thing.
Whether I have to setup the ISP's DNS on the Outbound NIC? I tried
after removing it bit Internet is not working.

When I restart the system it s logging into the domain.. But in the
Event viewer Still I can see some Net logon Failure Loges.

When I run the nslookup command its failing to find out the DNS
server..


Please Help me.
Click to expand...


Use the internal DNS on both NICs. Not the ISP's. Setup a forwarder to your
ISP from your own DNS. THis article shows how:
http://support.microsoft.com/?id=300202

What Netlogon errors are they?
You can try the binding order adjustment as I suggested to eliminate those
Netlogon errors.

As for nslookup, upon intialization, it's just looking for the name of your
server in your reverse zone. If you don;t have one, or if you do and there
is no PTR entry for your DNS server, then it will give you that message -
not really an error, since nslookup still works. Read this...

242906 - DNS Request Timed Out Error Message When You Start Nslookup From a
Command Line: http://support.microsoft.com/?id=242906



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top