DNS Setup Pre-DCPROMO

  • Thread starter Thread starter no
  • Start date Start date
N

no

Hello:

I'm working to get a new win 2003 server configured. Here are the
basics:

This is a dedicated server hosted by my ISP. It's running Windows
2003 server (not the web version).

I need it to run Exchange server 2003.

To do that I need to run "forestprep"

In order to run forestprep I need to be an enterprise administrator

To be that I need to configure my box as it's own forest.

To do that I need run DCPROMO

To do that I need to first configure DNS, which brings me here....

On a single server that will NEVER have any client PC's

That has a single Internet addressable IP address & NIC

How should I configure DNS?


I know the server ultimitly needs to point at itself for DNS and I
need to setup a forwarder to my ISP's DNS

But how do I get it all setup?
Here is what I think it needs...

Select "Yes, Create Forward lookup zone Now"
Does it ask me anything else about this or does it just know what to
do?

What should I put in for Zone Name? Is it the public domain name (ie
acme.com)? Is it whatever I want?

Should accept dynamic updates? If so where do these updates come
from? Are they from my ISP's DNS servers via the forwarder?

Should I create a reverse lookup? If so what's the network ID for a
one IP box?


Thanks for any and all help..
 
In (e-mail address removed) <[email protected]> posted a question
Then Kevin replied inline:
: Hello:
:
: I'm working to get a new win 2003 server configured. Here are the
: basics:
:
: This is a dedicated server hosted by my ISP. It's running Windows
: 2003 server (not the web version).
:
: I need it to run Exchange server 2003.
:
: To do that I need to run "forestprep"
:
: In order to run forestprep I need to be an enterprise administrator
:
: To be that I need to configure my box as it's own forest.
:
: To do that I need run DCPROMO
:
: To do that I need to first configure DNS, which brings me here....
:
: On a single server that will NEVER have any client PC's
:
: That has a single Internet addressable IP address & NIC
:
: How should I configure DNS?
:
:
: I know the server ultimitly needs to point at itself for DNS and I
: need to setup a forwarder to my ISP's DNS

It won't really need a forwarder just delete the "." forward lookup zone,
it'll resolve addresses on it own, as long as it can see the root servers.

:
: But how do I get it all setup?
: Here is what I think it needs...
:
: Select "Yes, Create Forward lookup zone Now"
: Does it ask me anything else about this or does it just know what to
: do?
:
: What should I put in for Zone Name? Is it the public domain name (ie
: acme.com)? Is it whatever I want?

I'd use your public name (read below)
You can let DCPROMO configure the zone for you. It will create the correct
zone, make it AD Integrated and will set "allow dynamic updates" to "Only
secure Updates" this will keep unauthorised machines from registering in
DNS.

:
: Should accept dynamic updates? If so where do these updates come
: from? Are they from my ISP's DNS servers via the forwarder?

The updates come from the DC it must create records in the zone for Active
Directory to work.

:
: Should I create a reverse lookup? If so what's the network ID for a
: one IP box?

You'll have to with Win2k3,
Do not use the ID it might confuse you just give it a name,
an example zone name would be '1.168.192.in-addr.arpa' that would be for
192.168.1.x

:
: Thanks for any and all help..

Exchange needs Active Directory, Active Directory must have DNS, You must
DCPROMO before you can have Exchange, that makes this box a Domain
Controller.
Give the domain a good DNS name, your public Domain name would be a good
name to give it, that way users can authenticate to it with their actual
email address ([email protected]) for instance. It won't have any users
behind it so you won't have to worry about adding any records to the DNS
forward lookup zone that is in its DNS server. Just make sure the "."
forward lookup zone is deleted so the Exchange can send mail to other
domains.
 
Thanks Kevin:

You really seem to have this topic down cold.

I however am still working on it....

You have cleared up several issues for me. If I read you correctly I
don't need my hosting companies DNS for anything. My box will talk
directly to the pre-set list of DNS servers. Cool.

Also the "Dynamic Updates" do NOT in fact refer to things like new
public domain names being added to the Internet but rather to AD
objects on my network.

For the reverse lookup zone name I should select "reverse lookup zone
name" rather than "Network ID" and use the in-addr.arpa. Does the
fact that I have only a single ip address raise an issue?
For example let's say I have 66.132.100.10 then 66.132.100.9 and
66.132.100.11 are both someone elses servers. If I use a lookup zone
of 100.132.66.in-addr.arpa would that not cause problems? Can/should
I use 10.100.132.66.in-addr.arpa?

Again, much thanks.
 
In (e-mail address removed) <[email protected]> posted a question
Then Kevin replied below:
: Thanks Kevin:
:
: You really seem to have this topic down cold.
:
: I however am still working on it....
:
: You have cleared up several issues for me. If I read you correctly I
: don't need my hosting companies DNS for anything. My box will talk
: directly to the pre-set list of DNS servers. Cool.
Well, yes you do, they need to host the public zone for the public domain
name.
You don't want to allow public access to your AD zone if you can help it.


:
: Also the "Dynamic Updates" do NOT in fact refer to things like new
: public domain names being added to the Internet but rather to AD
: objects on my network.

The dynamic updates are necessary for any machine that is a member of the
domain that will have its IP address listed in the AD Domains forward lookup
zone. DCs must be able to do this members are only optional.

:
: For the reverse lookup zone name I should select "reverse lookup zone
: name" rather than "Network ID" and use the in-addr.arpa. Does the
: fact that I have only a single ip address raise an issue?
: For example let's say I have 66.132.100.10 then 66.132.100.9 and
: 66.132.100.11 are both someone elses servers. If I use a lookup zone
: of 100.132.66.in-addr.arpa would that not cause problems? Can/should
: I use 10.100.132.66.in-addr.arpa?
:

Yes, it does if the box is going to have a public IP address, You may want
to have your ISP delegate that one IP to this box for it's reverse lookup.
In that case you would create the zone for the CNAME they give you for its
address.
Example if they delegate 66.132.100.10 to this box create the zone for the
CNAME record they use for the delegation. It may be 66.132.100.10/32 for a
single IP the zone may be something like this.
10/32.100.132.66.in-addr.arpa. then you would have one PTR record like
this:
10 PTR mail.domain.com
The problem with using a delegation like that you would have to register the
DNS server as a public name server with the .com gTLD servers. Your ISP can
advise you on this I would give the server a private address and let them do
the reverse lookup.
 
Back
Top