[From your other message]
Thanks for the reply, ( I eventually got it
So as I only have 1 internal server running DNS, I only use the primary DNS
field and leave the secondary blank?
Right -- and you have already done that and seen it works.
How do I have the Internal DNS server forward to the ISP DNS address (or
perform actual recursions from the root down, using root hints) ?
Paul (McGuire) answered: In the DNS Server Properties\Forwarding
tab there is an entry box for "Forwarders" - you MAY put the ISP
DNS servers here if you wish to let them do your actual Internet
recursion. (There is a "Do Not Use recursion" checkbox there -- if
you check this and the ISP DNS doesn't work, you won't resolve the
Internet but then if they aren't available it probably doesn't matter.)
"I even override my "gateway's" DNS Server so that it can resolve internal
names (this is harder if the gateway is ICS based.)"
Do you need your Gateway to resolve Internal names? (If not, this
doesn't matter -- I do, since I terminal serve there and move things
around using internal DNS names.) If so (it's a choice) you also set
the Gateway's NIC\IP\DNS Server properties to the INTERNAL
DNS.
Note: you cannot do this (usually) with "ICS" (not NAT, ISA, or
more other gateways), since ICS uses it's "client DNS" to resolve
external names for internal clients -- but then ICS shouldn't be used
with an Internal DNS server anyway.
I set the gateway on the clients to point at the router 192.168.0.1
That makes sense -- Default Gateway is about ROUTING -- DNS setting
is about Name Resolution.
Are you saying have the gateway point at the DNS box and have that redirect
this to the router?
Not for routing, only for DNS -- All DNS "clients" point to the INTERNAL
DNS server; even the gateway can RESOLVE NAMES for itself this way.
all Default Gateway settings (from a single segment LAN) point
to the Gateway (except the Gateway, which of course picks it's setting up to
point to the ISP.)
[Your Last message]
Just a quick update, I modified the DHCP settings on the router so now only
the IP address of the DNS box is sent to the clients and the secondary IP
address is left blank. This seems to have immediately resolved my SID
problems and domain issues.
Right -- now the clients are pointing to the INTERNAL DNS only and if
it cannot resolve the names we need "it" (the Internal DNS) to go out to
the Internet for resolution.
All I need to do now is correctly set up DNS itself (It is just as it was
when auto configured by the AD install)
I need to ensure it points correctly to the router and/or the internet.
Two ways (not totally mutually exclusive):
Root Hints point to the Internet root (usual default)
Forwarding tab entries set to an Internet DNS server (e.g., ISP)
(if you leave the "do not use recursion" clear, then the root
hints will be used if the ISP DNS is not available.)
Suggestion (since both work): Use the Forwarder to the ISP -- the
ISP's DNS becomes your forwarder and does the actual recursion
on the Internet from the "root down" -- your internal DNS server does
not even really need much access to the Internet then (safer).
Consider even checking the "Do not use Recursion" box on the Forwarder
tab (DO NOT check the other entry about "disabling recursion" in the
"Advanced" tab -- it disables Forwarding too.)
Internet access from the client PC's seems to still work fine,
This is probably due to the Internal DNS server doing the actual
recursion using it's own Root Hints (instead of forwarding.)
It's probably a bit faster and a little safer to forward to the ISP.
