Forwarders not Enabled?

[Jon]

I have just created a new Win2K DC for a brand new domain. I have the
static IP address of the server in as my Primary DNS. The W/S's have the
server listed as the Primary as well. However, I cannot get to the
internet. I put in my assigned external DNS address in as the Secondary but
still cannot get out. I wanted to set up the Forwarder to handle the
requests but on the Forwarding Tab Enable is greyed out and I cannot even
try setting it up. What's up with that and how do I re-enable Forwarding?

Thanks for any assistance -
Jon

 

[Per Hagstrom]

Hey Jon!

You should delete your " . " root zone, under Forward Lookup Zones in the
DNS management tool.
That will stop making your DNS Server think it is a root server and enable
you to use Forwarders.

Might need to give it a few seconds after you delete it for the Forwarders
to be available.

/ Per

 

[Per Hagstrom]

....also, you should only use the external DNS address in the Forwarders!
No where else, neither on the server or the workstations. That way you won't
make your network confused. Everybody goes to your DNS server. If your DNS
server doesn't have the record, it uses the Forwarder to look it up.
Your DNS server, which sounds to be the one and only DC/DNS server, should
have it's own IP address in the DNS settings of your IP settings. You can
leave the secondary DNS blank or add a secondary DNS server if you chose to
add another one in your network later on, which probably would be
recommended.

If you care about the details:
Reason to why you wouldn't want a workstation to have Primary DNS as your
DNS server and Secondary DNS as your ISP's DNS server is that a workstation
will first check the Primary DNS, if it's available then that's the DNS it
will communicate with. As long as it is on the Primary it will be able to
translate all the DNS in your LAN as well as the internet.
If you happen to get some "congestions" between your workstation and your
DNS server and your DNS server doesn't reply in time to your workstation,
your workstation will jump to your secondary DNS. Now it won't look back to
the Primary again, until it looses the connection to the secondary DNS,
which means as long as you now are stuck on the secondary DNS you won't be
able to look up any internal DNS at all, only internet..! (not very good!)
That's also why you should have a secondary internal DNS server...
I've seen this misconfiguration causing real head ache problems...


/ Per

 

[Jon]

Thank you very much for the reply. I will do as you have here and beat
my DNS into submission. This should help out a lot.

Again, thank you!!

 

[Jonathan de Boyne Pollard]

J> What's up with that and how do I re-enable Forwarding?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server-as-proxy.html>

 

[Herb Martin]

Delete the "." root zone. You (almost certainly) don't
need it and it prevents the use of the Forwarders --
the edit box will re-enable once the "." zone is gone.

(Really.)

--
Herb Martin

J> What's up with that and how do I re-enable Forwarding?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server
-as-proxy.html>