DNS on 2000/2003 AD

  • Thread starter Thread starter IAmAmer1can
  • Start date Start date
I

IAmAmer1can

Hi,

I am able to set up and route traffic using DNS server on
a 2000/2003 Domain Controller but can someone tell me the
correct option and also the steps I should be taking to
install DNS in AD on a 2000/2003 server?

The problem I have.. Lets say I have x.x.x.x and y.y.y.y
for my DNS servers from the ISP. If I set it up as This
server maintains a copy of the DNS and the ISP maintains
the mater and try to forward the traffic it does not
work. If I set the server up to be the master it works
and routes traffic but I get errors on the server that
says exchange could not locate a DNS server (which is odd
because we can brows the web just fine.

IF there's screen shots that would be great. Can someone
help me maybe in a chat session or something? This one is
really killing me.
 
In (e-mail address removed) <[email protected]> posted a
question
Then Kevin replied below:
Hi,

I am able to set up and route traffic using DNS server on
a 2000/2003 Domain Controller but can someone tell me the
correct option and also the steps I should be taking to
install DNS in AD on a 2000/2003 server?

The problem I have.. Lets say I have x.x.x.x and y.y.y.y
for my DNS servers from the ISP. If I set it up as This
server maintains a copy of the DNS and the ISP maintains
the mater and try to forward the traffic it does not
work. If I set the server up to be the master it works
and routes traffic but I get errors on the server that
says exchange could not locate a DNS server (which is odd
because we can brows the web just fine.

IF there's screen shots that would be great. Can someone
help me maybe in a chat session or something? This one is
really killing me.
Click to expand...

Can you please post your specific problem?
From this I kind of think you have the same public domain name as your AD
domain name and your internal AD DNS server cannot resolve hosts in the
public zone.
Is that the problem?
If it is you will need to create the hosts in the public domain that are
missing from the AD domain. (www, mail, or etc)
 
Hi Kevin,

Thanks that does help. And yes you were right on the
money. By the way where would I go exactly to add that.
Are we taking in the Administrative Tools > DNS > Reverse
Lookup. And then add my entry there? What type of a
record am I adding.

Since we are talking about this section in the DNS... I
am also missing _msds folder/entries. Any thoughts on how
to rebuild/re-add that back? I'm guessing that some of my
DNS problems has to do with that but not related to the
above problem.

Can you help Kevin?
-----Original Message-----
In (e-mail address removed)
Click to expand...
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
Hi Kevin,

Thanks that does help. And yes you were right on the
money. By the way where would I go exactly to add that.
Are we taking in the Administrative Tools > DNS > Reverse
Lookup. And then add my entry there? What type of a
record am I adding.
Click to expand...

Use the DNS managment console to open Forward Lookup Zones, then open the
zone for the name of your AD Domain. In the Action menu select new host, in
the name field type in www, then give it the IP address for your public
website, do the same for a host named mail if that is the name you use to
access your mail server.
Access to your website is not possible by its domain name without the www,
the only workaround is to configure a local website in IIS on your DCs, then
on the Web site tab select redirection to a URl and type in
http://www.<yourdomainname>. The reson for this is locally your domainname
record must resolve to the
IP address(es) on your DCs that have File sharing enabled, this is for the
domain DFS share at \\ said:
Since we are talking about this section in the DNS... I
am also missing _msds folder/entries. Any thoughts on how
to rebuild/re-add that back? I'm guessing that some of my
DNS problems has to do with that but not related to the
above problem.
Click to expand...

If the records are not already dynamically created you probably have your
ISP's DNS in TCP/IP properties. Do _not_ use your ISP's DNS in any position
on any member of an AD domain. You must use the private IP of the local DNS
server, which is usually your Domain Controller. IF you do have your local
DNS on the DCs TCP/IP properties make sure you have "Allow dynamic updates"
set to "Yes" or "Only secure updates"
If you already have your DC and DNS configured as above you could possibly
have a disjointed namespace or a single-label domain name. To check that I
will need to see these three things:
Unedited ipconfig /all from the DC
Domain name from ADU&C
List of Forward Lookup Zones in DNS (not the records just the zones)
 
Hi,

Thank you for your help Kevin.

That makes sense. I took the ISP's DNS servers out of
the TCP/IP properties. The other problem I had when I
created my DNS zone was that I wasn't sure which option
to choose when creating. I choose the this server
maintains the copy and forwards look up.

I thought it should be, this server maintains a read only
copy and forwards lookups?

When I tried the This server maintains a read only copy
it said it was a invalid zone.

........

When I added the PTR record in my forward lookup zone
that didn't resolve the lookup problem. I still can't go
to mail.domain.org. But that's not a show stopper. What
is a show stopper is that it's not updating the client A
records correctly and every morning they have to re-
authinticate to the Domain. And some times periodically
they have to re-authinticate to the domain during the
day. What am I doing wrong?


I have to get this resolved. My clients are starting to
loose patience ; /



-----Original Message-----
In (e-mail address removed)
Click to expand...
 
In
Free Beck said:
Hi,

Thank you for your help Kevin.

That makes sense. I took the ISP's DNS servers out of
the TCP/IP properties. The other problem I had when I
created my DNS zone was that I wasn't sure which option
to choose when creating. I choose the this server
maintains the copy and forwards look up.

I thought it should be, this server maintains a read only
copy and forwards lookups?

When I tried the This server maintains a read only copy
it said it was a invalid zone.
Click to expand...

Your AD Forward Lookup zone should be a Primary writable zone with dynamic
updates allowed, read only zones are secondary copies and cannot allow
dynamic updates.
.......

When I added the PTR record in my forward lookup zone
that didn't resolve the lookup problem. I still can't go
to mail.domain.org.
Click to expand...

Do not use a PTR record, you need a host record named "mail" with the IP of
the mail server.

But that's not a show stopper. What
is a show stopper is that it's not updating the client A
records correctly and every morning they have to re-
authinticate to the Domain. And some times periodically
they have to re-authinticate to the domain during the
day. What am I doing wrong?
Click to expand...

What address are your clients using for DNS? They must also use the DC only
for DNS.


Please post the following:
ipconfig /all from your DC
AD domain name from AD Users & Computers
List of forward lookup zones in DNS (zones not records)

If you are uncomfortable posting that info in the public forum send it using
direct email using the instructions in my signature line.
 
Hi Kevin,

Is your Email listed below correct? I sent you an Email
to take this offline. I could really use your help to get
through this problem. I have built other 2003 AD Domain
Controllers but hav not ran in to this problem so I'm not
quite sure how to resolve it. My clients are not very
happy right now so I need to figure something out. Can't
be too difficut... I must have over looked something
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
Hi Kevin,

Is your Email listed below correct? I sent you an Email
to take this offline. I could really use your help to get
through this problem. I have built other 2003 AD Domain
Controllers but hav not ran in to this problem so I'm not
quite sure how to resolve it. My clients are not very
happy right now so I need to figure something out. Can't
be too difficut... I must have over looked something
Click to expand...

Did you remove the nospam from my email address?
 
Back
Top