DNS for Active Directory Only

  • Thread starter Thread starter Dennis
  • Start date Start date
D

Dennis

I'm setting up a Windows 2000 server, it will be the only
server. We do not have an e-mail server or any other
server that can be reached via the internet. I would like
to know how to set up this servers DNS, so the
workstations can keep thier exsisting DNS IP addresses.
In other words, should I just add the IP address of the
new server to the clients DNS server address list?
 
All servers and workstations should specify *only* the internal
AD-integrated DNS server's IP address in their network settings. The
AD-integrated DNS server should be set up with forwarders to your ISP's DNS
servers for external resolution. Don't use any external/public DNS server
IPs in any server or client IP config or you will run into problems.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.

You probably want to start using DHCP to dish out the correct info
(including your DNS server) to clients, so you don't have to walk around and
manually configure all static addresses....
 
... workstations can keep thier exsisting DNS IP addresses.
Is this an NT4 or a Win2K/Win2K3 domain?
Where is the current DNS server - in your network or externally?
Any "special" reason you want to keep using the existing DNS server after
you've installed your new Win2K DNS server?

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
-----Original Message----- addresses.
Is this an NT4 or a Win2K/Win2K3 domain?
Where is the current DNS server - in your network or externally?
Any "special" reason you want to keep using the existing DNS server after
you've installed your new Win2K DNS server?

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


It's a native Win2k domain.
Click to expand...
The current DNS servers are all external, handled by the
ISP.
I think i need a forwarder, so I deleted my root server
in the DNS
 
Dennis said:
I'm setting up a Windows 2000 server, it will be the only
server. We do not have an e-mail server or any other
server that can be reached via the internet. I would like
to know how to set up this servers DNS, so the
workstations can keep thier exsisting DNS IP addresses.
Click to expand...

They cannot...if you expect them to work correctly on the domain.
In other words, should I just add the IP address of the
new server to the clients DNS server address list?
Click to expand...

This will give intermittant and unreliable at best. You will occasionally
hear tyros claim this works since it may accidently give apparently correct
results SOMETIMES. It does not work reliably.

You must have the clients resolve ONLY through the INTERNAL DNS server
(set).

You can then have the Internal DNS server (set) forward to a gateway,
firewall, or ISP DNS server for resolution of the full Internet.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
The current DNS servers are all external, handled by the
ISP.
I think i need a forwarder, so I deleted my root server
in the DNS
Click to expand...
You should not point any AD domain member to the ISP for DNS it will cause
slow logons and start ups and network errors. All AD domain members should
point to the internal DNS.
 
Good morning Dennis,

There are several ways you can configure this depending upon what you are
trying to accomplish. I'll make the assumption that you are hosting your
internal namespace on the DNS server, ie. internal.local for example. You
did not mention if the machine is also a domain controller.

If the machine is a DC running DNS:

The most common configuration is to point your clients to the internal DNS
server for registration. For external name resolution, configure forwarders
(your ISP DNS server IP address) on the DNS server (you could use just the
root hints, but that typically takes somewhat longer for name resolution to
occur, but does provide an increased level of redundancy). Your clients
will only need the internal DNS IP address in their IP properties as the
preferred DNS. A disadvantage of this is the DNS server becomes a single
point of failure. Conversely, it could also be an advantage if a problem
occurs since you would know where to look to troubleshoot the problem.

We do not recommend configuring clients with both an internal DNS server and
external DNS settings. Here's an article that discusses some of the most
common DNS questions: http://support.microsoft.com/?id=291382

If the server is not a DC, then you probably don't need DNS.

Thanks and have a great day.

Dave Baldridge MCSE 2000
MPS Protocols Support Professional
 
Hello All,

A general simple setup and deployment is outlined below.

Active Directory with DNS on the same server.

TCP/IP settings

1.)Right click "My network places" and select properties.
2.)For the LAN connection right click and select properties.
3.)On the properties page double click TCP/IP
4.)At the bottom of the protocols page select Preferred DNS Server option
and enter the IP address for the server itself.
5.)Click the advanced button. In the advanced setting make sure the
"Register this connection's address in DNS" selection is checked at the
bottom of the display.

DNS settings

1.)Open up the DNS console.
2.)Once opened, right click on the server in the right hand pane and select
properties.
3.)Once the properties page is up, select the "Forwarders" tab.
4.)Check the "Enable forwarders" selection at the top.
5.)Add the IP address of the DNS in which to forward requests. If this is
the only DNS , add the IP address for the ISP's DNS. (note- In the TCP/IP
settings, we selected the choice for DNS to point to itself. If name
resolution cannot be resolved then a request is made to the forwarders. If
resolution cannot be made via the internal DNS and there are no forwarders
listed, then resolution will be made via the root hints.
6.)Click OK.
7.)Expand the "Forward Lookup Zones"
8.)If there is a folder with a dot "." listed then delete it. (note- This
indicates to the server that it is the root server, which means do not go
beyond this server for name resolution.)
9.)Right click the domain folder and select properties. Make sure that
"Allow dynamic updates is selected."

Close out the DNS console.

Open up a command prompt and type the following:

1.)At the prompt type ipconfig /flushdns and wait for the services to
flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

If you receive an error during this process go to control panel, admin.
tools, services. Make sure the DHCP client service is started, even if
they are not using DHCP they still need the service started. Once all of
this is done. Open the DNS console again. Expand the forward lookup zones,
then expand the domain folder. You should see the underscore folders below:

_msdcs
_sites
_tcp
_udp


Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top