DNS configuration on AD with server.org

[Julio]

I have a server gmmtp.org (192.168.254.234) and I need to
setup the DNS server with an AD. The problem happens when
I try to setup the TCP/IP Properties under the option use
the following DNS server addresses: I add my primary DNS
server: 192.168.254.234 ans Alternate DNS servers: SBC DNS
SERVERS 206.141.192.60, 206.141.193.55. Users on the
network try to go to the internet and they can go to any
page except mail.gmmtp.org and gmmtp.org these two
addresses are hosted on a external server not locally. Is
there a way to grant access to all the users on my network
to these two addresses and still have the primary DNS
server 192.168.254.234. When I use SBC DNS addresses I
have access two both mail.gmmtp.org and gmmtp.org but to
login to the computers becomes a really long and slow
proccess due to the fact that the users will have to be
authenticated by first going to SBC DNS serfers and then
to ours.
Thank You
JULIO

 

[Mark Scott]

I had a similar issue. you need to add A records to the 2 external servers
under your DNS zone. also, if you are using ISA server, remove your domain
from the LDT.

CHeers

Mark

 

[Danny Sanders]

Two problems.


I add my primary DNS

server: 192.168.254.234 ans Alternate DNS servers: SBC DNS
SERVERS 206.141.192.60, 206.141.193.55.

Don't add your ISP's DNS server to this list. It should ONLY be a forwarder
listed on your DNS server.
ALL AD clients (servers, DCs, member servers, and clients MUST point to the
DNS server set up for AD ONLY.)
See:
How to: Configure DNS for Internet Access In Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202





Users on the

network try to go to the internet and they can go to any
page except mail.gmmtp.org and gmmtp.org these two
addresses are hosted on a external server not locally.

Let me guess your AD domain name is gmmtp.org?

In your DNS server, forward lookup zone, create a host called www and assign
it the public IP address of your website.



hth

DDS W 2k MVP MCSE

 

[Ace Fekay [MVP]]

In

I had a similar issue. you need to add A records to the 2 external
servers under your DNS zone. also, if you are using ISA server,
remove your domain from the LDT.

CHeers

Mark

HI Mark,

In any AD scenario, the ISP's DNS cannot be used for any AD members (DCs or
clients), which is what's causing the long log on times for the poster. As
Danny pointed out, only use the internal DNS.

If he has a split horizon zone, which apparently it is, (same name internal
and external), I would follow your suggestions to create records for:
mail.gmmtp.org

But I would not mess with the domain entry below, nor alter it on the
internal DNS server.
"gmmtp.org"

It can be changed and forced with a registry entry to change it to the
external website IP, but its not recommended.

Why, you ask?
Because this is called the LdapIpAddress that all DCs register into the zone
with the IPs of each and every DC in the domain. It is used for when the
client side extensions run the GetDcList function to apply GPOs,
specifically it queries for:
\\gmmtp.org\sysvol\gmmtp.org\policies\{GUID#ofThePolicy}

DFS also uses it.

Split horizon zones are problematic with this when the client needs to get
to their domain by http://gmmtp.org. May live without it and just use
www.gmmtp.org. Both the www and the mail records need to be created, as you
indicated, with the external IP addresses on the internal DNS.



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.