forwarders

  • Thread starter Thread starter Rodge
  • Start date Start date
R

Rodge

I have recently enterred a new position with a new company. The environment I
have come into has been put together by several different people, most of
which don't have the ideal tech background. I'm am slowly trying to figure
out just how everything has been setup and of course what changes will affect
what. There is a problem with DNS on my local subnet. On Friday I got around
this so that folks here could get their email(the exchange server is in
another city) by pointing the clients to a secondary DNS box. The local
domain controller runs active directory and dns, but it is a windows 2000
machine, not a windows 2000 server. Not ideal, but I have seen this before. I
also notice that they are using forwarders in the dns snapin for their local
domain. I've never had to use forwarders before, but can't say that I know
this will cause any issues. On the local AD/DNS box under nic properties,
they only have the local ip address for the box itself listed for dns. I've
seen this setup this way before, but typically there is a secondary domain
controller running dns with that ip listed in the nic properties as a backup.

This environment has 6 sites. Since each site is using 192.168 addresses, I
believe there is a vpn involved somewhere, but haven't been able to verify
that yet.

The domain controller at the main office(using 192.168.3 subnet) is running
server 2003 R2 sp2. I have used this as a temporary dns backup for local
clients. There is just one local domain(and zone) setup. There are no reverse
zones setup.

My question is simply this, is this forwarder necessary or even a good
practice?

Zone trasnfers are not setup.

My thoughts on setup would be to list the local dc's ip address as the
primary dns and list the main office dc's ip address as a secondary. Ideally,
I would like to have a second DC running dns as well, but that is in the
future. For now, I'd just like to get the local dc providing reliable dns.
Right now I see event id 5781 about every 2 hours in the event log.
 
Hello Rodge,

A not server 2000 machine can not be domain controller, "but it is a windows
2000 machine, not a windows 2000 server.", typo?

Just to get the environment more detailed:
- how many DC's in total
- is DNS installed only on DC's
- do you have AD integrated zones (mark the forward lookup zone and in the
right pane you see)

Please post an unedited ipconfig /all from the DC/DNS server's, especially
where you have problems.

It is common practise to use forwarders on the DNS server properties poiting
to the ISP's DNS server and works fine.

For the sites AD sites and services should be configured with the subnets
and a site connected with each subnet where the belonging DC is moved to,
so that it rebuilds your physical structure.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
no sir, I am looking right at the properties page of my computer and it tells
me windows 2000 5.00.2195 sp4. I could very well be wrong, but as far as I
know that is a workstation OS. Not the way I would have set it up, but that's
why I am here, to fix this type of mistake.

There are 5 DC's total, each on a different subnet and on a different site.
DNS is active directory integrated. Some DC's are set to secure, some are
not. None allow zone transfers. Functional level is windows 2000. Some DC's
are using windows server 2003.

Since the dc in the site where I am located is the primary issue this is the
only one I have looked at. Here is the ipconfig:

C:\Documents and Settings\Administrator.WVRAD>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : CMB-AD
Primary DNS Suffix . . . . . . . : WVRAD.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WVRAD.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-0D-56-B9-50-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.5.228
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.1
DNS Servers . . . . . . . . . . . : 192.168.5.228
Primary WINS Server . . . . . . . : 192.168.3.201

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
#2
Physical Address. . . . . . . . . : 00-0D-56-B9-50-E0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.5.228

Sites and services does appear to be correctly configured. The forwarders
however are dns for the isp at the main office. The isp at the site where
this dc is has a different isp.

thanks for the help!

Rodge
 
Hello Rodge,

As said before using forwarders is common practise and now problem. If you
have different ISP's in the sites i would choose the nearest one as Forwarder,
so the request doesn't use the WAN connection to the main office.

For AD sites and services you should reflect there your physical setup.
http://technet.microsoft.com/en-us/library/cc755768.aspx

Server and client OS show the same version on the system properties. If you
just click the start button it will show if it is Professional or server
also.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
Back
Top