creating domains in Lab environment

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi!
I want to create 6 domains in a laboratory for class purposes.
Those machines have masked fixed Ip addresses via DHCP.
My DNS server is a linux with BIND on it.
When I create a domain, the dns records aren't created. I suppose it's because
of the DNS. Curiously, one of those machines, with exactly the same setup,
created those records, but when I tried to demote the server, I got a DNS
lookup failure. I don't want to allow dynamic updates into and from the linux
server. I just want to be able to join workstations in the same network that
the windows servers, to show the advantages of using AD.
Do I have to add an entry to my linux DNS servers so that they can redirect
that subdomain into the mask network ?
Any ideas ?
thanks
David
 
I'm not sure what you mean by "masked fixed Ip addresses via DHCP"? You mean
they are getting their IP addresses as a subnet of the main network's mask?
More importantly, for AD to function properly, all of the domain services
must be accessible as SRV records in DNS. The simplest way by far is to use
AD integrated DNS. If you need information from the BIND server's zone at
those workstations, you can add it as a forwarder. AD DNS is simple to set
up (indeed, Windows sets it up for you). The best time to set it up is
during the promotion to a DC, because it also creates the service records at
the time. If you seriously want to have a 6 domain setup, opt for Windows AD
Integrated DNS. Life will be much easier.

....kurt
 
Hi!
I mean that each workstations gets the same IP address (10.0.1.xxx) from the
DHCP
server. Of course my DNS servers have real IP address. I know that the SRV
and DNS records are supposed to be created when I setup AD. But as I wrote
before, only one machine(with exactly the same setup) did that, and when I've
tried do demote it, I got a DNS lookup ...
That's why I think that I'll have to create subdomain records in my DNS top
servers.
Am I right or is there any other way?
 
Subdomains should host their own AD DNS zones. Top domains should have a
zone created for the downlevel domains and then delegated to them. This sets
up a local DNS heirarchy like the Internet root server scenario. Subdomains
will need to forward to the root to be able to resolve names in other peer
subdomains. Google for "Microsoft Delegated DNS Zones" or something. I think
that'll get what you're looking for.

....kurt
 
that's what I was expecting.
I was trying to avoid to insert some new entries on my top level dns
servers, since they will be just for testing purposes, but I guess there's no
other way.
Thanks !
 
david said:
Hi!
I want to create 6 domains in a laboratory for class purposes.
Those machines have masked fixed Ip addresses via DHCP.
My DNS server is a linux with BIND on it.
When I create a domain, the dns records aren't created. I suppose
it's because of the DNS. Curiously, one of those machines, with
exactly the same setup, created those records, but when I tried to
demote the server, I got a DNS lookup failure. I don't want to allow
dynamic updates into and from the linux server. I just want to be
able to join workstations in the same network that the windows
servers, to show the advantages of using AD.
Do I have to add an entry to my linux DNS servers so that they can
redirect that subdomain into the mask network ?
Any ideas ?
Click to expand...

This link should help you with this. With the absence of the delegated AD
Sub domains, you can add the contents of the
%systemroot%\system32\config\netlogon.dns file and create A records for the
Domain controllers' FQDN. The netlogon.dns file contains the DNS records
that would be registered by the Netlogon Service, which is why the file
doesn't contain the A record for the DCs name, but it does contain the A
records for the AD Domain name and the Global Catalog as they are netlogon
registrations.
You must keep in mind, for group policies and start up scripts to be applied
properly, whatever the active Directory domain name is, that name must only
resolve to the IP address of domain controllers that file sharing is enabled
on (For the DFS share ( \\ADDomainName\sysvol and \\ADDomainName\netlogon )
.. Altering this behavior so that the AD domain name resolves to a website
that is not on a Domain controller, member clients will try to get group
policies from the web server. You can set up web site redirection on your
DCs to redirect for example http://example.com to http://www.example.com


255913 - Integrating Windows 2000 DNS into an Existing BIND or Windows NT
4.0-Based DNS Namespace
http://support.microsoft.com/default.aspx?scid=kb;en-us;255913&sd=RMVP
 
Hi !
I'll try something simpler.
I won't even need to create a zone. I just redirect requests for that zone
to the DC in the NAMED .hosts file:
;_____________________________________________
;subdomain bancada1
bancada1 IN NS dc1.bancada1.mydomain.pt.

dc1.bancada1 IN A 10.0.1.xxx ; ip of my lab DC
;_____________________________________________
I already have this setup for an existing 2003 domain.
I'll try the same, now with a private network Ip address.
I don't think it won't work just because I'm not using a valid internet IP
address.
thanks anyway!
David
 
Back
Top