DNS server keeps overwriting the nameserver field!!

  • Thread starter Thread starter RCS
  • Start date Start date
R

RCS

I have two Win2K active directory DNS servers for a domain - let's say s1
and s2 for the mydomain.com domain.

I have cname records that have ns1 cname for s1, and ns2 for s2 - I'd LIKE
for the domain to list the nameservers as ns1.mydomain.com and
ns2.mydomain.com, and I can set that.

But then a few minutes later, I refresh and the DNS server has either added
or replaced my ns1 and ns2 with s1 and s2.

The reason why this is bad, is that these servers are used both internally
and externally and the s1 and s2 are their internal names. These two servers
act as many different things, they are the name servers and web servers,
etc.. I saw a couple threads from a long time ago that mention a registry
hack to make the DNS server stop doing this. Any ideas?? thanks
 
In
RCS said:
I have two Win2K active directory DNS servers for a
domain - let's say s1 and s2 for the mydomain.com domain.

I have cname records that have ns1 cname for s1, and ns2
for s2 - I'd LIKE for the domain to list the nameservers
as ns1.mydomain.com and ns2.mydomain.com, and I can set
that.

But then a few minutes later, I refresh and the DNS
server has either added or replaced my ns1 and ns2 with
s1 and s2.

The reason why this is bad, is that these servers are
used both internally and externally and the s1 and s2 are
their internal names. These two servers act as many
different things, they are the name servers and web
servers, etc.. I saw a couple threads from a long time
ago that mention a registry hack to make the DNS server
stop doing this. Any ideas?? thanks
Click to expand...

Not a good idea to host a public domain on the DNS server with your AD
domain, even worse is when the AD domain name is the same name as the public
domain name.
If you succeeded in getting the records to stick, it could break AD
replication because both DCs must be able to resolve the other with a local
IP addresses.
Win2k domains cannot be renamed so that is out, you will have to let someone
else host the public zone or demote both DCs and dcpromo with a new name.
 
In
Kevin D. Goodknecht Sr. said:
Not a good idea to host a public domain on the DNS server with your AD
domain, even worse is when the AD domain name is the same name as the
public domain name.
If you succeeded in getting the records to stick, it could break AD
replication because both DCs must be able to resolve the other with a
local IP addresses.
Win2k domains cannot be renamed so that is out, you will have to let
someone else host the public zone or demote both DCs and dcpromo with
a new name.
Click to expand...

Or just get two more stand alone servers (not part of AD) that hosts the
external data.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
If you change the zone from AD-integrated to standard primary, you should be
able to make the name stick.

As others have pointed out, you may want to rethink your DNS
desgin/configuration.

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Understood and thanks.

Yeah, DNS design is not my strongpoint anyhow. I've been trying contain it
all at this office because of my own ignorance. Like, they have a business
DSL line with like 5 usable static IPs (netmask of 255.255.255.248) - and if
I set up a reverse lookup zone for the first 3 octets of thier network, I'm
now the "authority" for that entire 255 subnet (which is invalid, I'm just
the authority for those 10 or so addresses) and that doesn't seem right - so
things like that, I figured it'd better to contain my "mess" internally
rather than having messed up domains scattered about!! :-)

Anyhow - I've been learning a lot though, thanks again!!
 
In
Deji Akomolafe said:
If you change the zone from AD-integrated to standard
primary, you should be able to make the name stick.
Click to expand...

Deji, IIRC I've tested this and it won't work on a primary zone either, if
the zone is for the AD domain. The DC will force the Primary name server to
its own FQDN.
You can add the other NS records, but then the DC will add its own and make
it the Primary on the SOA.
As others have pointed out, you may want to rethink your
DNS desgin/configuration.
Click to expand...

Ditto.
 
I think you are correct. Just tested it again. Waiting to see if it does....
will post back in a short while.

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Kevin,

It appears that the SOA is not getting overwritten in my test. Changing it
to Standard appears to make the name stick, regardless of whether it's the
AD Domai or not.

You see differently?

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Back
Top