integrated ad dns question (questions in general)

  • Thread starter Thread starter -=- jd -=-
  • Start date Start date
J

-=- jd -=-

Howdy folks...

Background:
I've been, and plan to continue using a little linux router / gateway /
mail & web server for my home network based on a little package called
'E-Smith' by Mitel networks. Its basically a 'turn key' kind of thing
that is 90% managed via web browser and is meant to run on relatively
low end hardware, headless and hidden away in some dark corner of a
house/building/etc....

Now I want to learn 2k networking, namely AD as I have aspirations of
someday getting a job again. ( I have one now, I.T. - but it is far
enough from home that I have to stay in an apt. during the week, and
only get home to see wife & kids on weekends... tough environment <work
wise> as I'm sure lots of you know who hang out in here... )

So - with that out of the way... I've installed 2k server sp3 from cd
as a dc, 1st one (and so far only one) and have cfg'd dns and dhcp so
that they talk to a pr. of client machines on the same lan. In short I
have 4 machines running @present:

e-smith box = gateway (down in basement, out of site w/cable modem
sitting next to it)
w2k srv box = pdc, dns and dhcp server
1 xp pro client
1 2k client

The e-smith box is (and in other locations where I have these things
running) quite capable of providing lan side dhcp also - but as my
principle objective here is to get familiar with the ms stuff... I have
explicitly chosen not to have it do dhcp services. It is my dns server
(to the world). Thus some weirdness... ( I'm thinking )

Long story short ( plus its getting late and I'll be getting blurry eyed
here soon... <grin> ) Somehow or another I seem to have this thing
working (the w2k server) as clients are able to ping each other by name
and thier ip's are what they should be based on the dhcp scope
definition. What is weird though is that I'm unable to ping the clients
from the 2k server... it appears that the lookup is going out to the
world and - uh... dying.

A little more info:
I'm on a broadband connection (RR in upstate N.Y.)

I use DNS2Go - a dyndns service provider. The dyndns client is
installed @the linux box. My domain is 'bikeguy.myip.org', well...
actually I guess that would be 'myip.org' as that is the DNS2Go domain.
'bikeguy' is me. ;)

I called the AD domain the same thing as my dyndns (bikeguy.myip.org) -
(everyone going "...ah ha!" right about now - thats the lookup) yes?
maybe?? I'm sure I've botched something up, hoping that I can patch it
up w/out having to re-install (you have to be kidding about that part -
can't just fix some of the AD stuff???)

Anyway - yup - getting tired... I will be happy to provide more info,
detail, etc.. if someone would be willing to assist a relative 'newbie'
here. ;)

Tia folks!

-=- jd -=-
 
Sounds like you'll need two DNS servers. One for the internal network that
hosts the private data and one for your world. If using DynDNS, then that;'s
the outer one. If trying to get to your own website, then since you have a
Split Horizon namespace (AD name is the same as the external name) you'll
need to manually create the www record on your internal DNS and givce it the
internal IP of that website.

FYI, only point your internal machines to your internal DNS only. This is an
AD requirement. Otherwise numerouse errors *will* result.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hello,

In your general scenario, try the following.

Active Directory with DNS on the same server.
TCP/IP settings

1.)Right click "My network places" and select properties.
2.)For the LAN connection right click and select properties.
3.)On the properties page double click TCP/IP
4.)At the bottom of the protocols page select Preferred DNS Server option
and enter the IP address for the server itself.
5.)Click the advanced button. In the advanced setting make sure the
"Register this connection's address in DNS" selection is checked at the
bottom of the display.

DNS settings

1.)Open up the DNS console.
2.)Once opened, right click on the server in the right hand pane and select
properties.
3.)Once the properties page is up, select the "Forwarders" tab.
4.)Check the "Enable forwarders" selection at the top.
5.)Add the IP address of the DNS in which to forward requests. If this is
the only DNS , add the IP address for the ISP's DNS. (note- In the TCP/IP
settings, we selected the choice for DNS to point to itself. If name
resolution cannot be resolved then a request is made to the forwarders. If
resolution cannot be made via the internal DNS and there are no forwarders
listed, then resolution will be made via the root hints.)
6.)Click OK.
7.)Expand the "Forward Lookup Zones"
8.)If there is a folder with a dot "." listed then delete it. (note- This
indicates to the server that it is the root server, which means do not go
beyond this server for name resolution.)
9.)Right click the domain folder and select properties. Make sure that
"Allow dynamic updates is selected."

Close out the DNS console.

Open up a command prompt and type the following:

1.)At the prompt type ipconfig /flushdns and wait for the services to
flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

If you receive an error during this process go to control panel, admin.
tools, services. Make sure the DHCP client service is started, even if
they are not using DHCP they still need the service started. Once all of
this is done. Open the DNS console again. Expand the forward lookup zones,
then expand the domain folder. You should see the underscore folders below:

_msdcs
_sites
_tcp
_udp

Your clients

Make sure that your clients are pointing to the internal DNS server for DNS
in TCP/IP. You will have to change the DHCP scope option for DNS. Once
verified via ipconfig /all, have them open up a command prompt and type the
following:

1.)At the prompt type ipconfig /flushdns and wait for the services to
flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

Try to ping the clients now.


Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
Ace and Shane - fan-friggin'-tastic! ;) Both - yes, I did do some
reading, msg posting, more reading, and followed advice on NOT letting
the W2K/AD box create a "." domain as that is (again repeated by you
guys) a 'bad thing'. <grin> (( or at least in my scenario )) Both,
yes, I do have the clients pointing to / using the W2K/AD box for DNS,
and I am fwd'ing requests to the external (linux) box which talks to the
world. Shane: I'll certainly be looking into trying most (or all) of
you're suggestions soon as I get a chance. Amazing how time flies...
it's just about the weekend again and I'll be going home ( hooray! ) so
I won't be able to dink w/this project for a few days. .... well.... I
~could~, as I can VPN into my test lan (the linux box handles that
too!)... wife wouldn't be to thrilled about that though! ;)

Thanks much for info guys! I'll post back with results / methods tried,
tested, etc...

-=- jd -=-
 
In
-=- jd -=- said:
Ace and Shane - fan-friggin'-tastic! ;) Both - yes, I did do some
reading, msg posting, more reading, and followed advice on NOT letting
the W2K/AD box create a "." domain as that is (again repeated by you
guys) a 'bad thing'. <grin> (( or at least in my scenario )) Both,
yes, I do have the clients pointing to / using the W2K/AD box for DNS,
and I am fwd'ing requests to the external (linux) box which talks to
the world. Shane: I'll certainly be looking into trying most (or
all) of
you're suggestions soon as I get a chance. Amazing how time flies...
it's just about the weekend again and I'll be going home ( hooray! )
so
I won't be able to dink w/this project for a few days. .... well....
I ~could~, as I can VPN into my test lan (the linux box handles that
too!)... wife wouldn't be to thrilled about that though! ;)

Thanks much for info guys! I'll post back with results / methods
tried, tested, etc...

-=- jd -=-
Click to expand...

I would, and I'm sure Shane as well, would be very curious of your results.
:-)

Have a great weekend!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hello,

Ace is correct (as usual) you will get numerous errors unless you point
internally for DNS when dealing with AD.

Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
Guys ( Ace and Shane ):

I followed your advice (Shane's How-to more or less... ;) ) and it is
working like a champ (presently). Appreciate the help and pointers!
I'll have to power everything down and then bring it all back up to
verify that it is in fact ~really~ working... but for the time being
anyway - cha ching! ;)

One additional question: When I first proposed this little project to a
bunch of guys in another list, one of the guys came back and told me to
be prepared to do lots of 'waiting'. Do something, wait. Do another
something, wait some more. Actually... I guess this was his take on AD
- not 2k in general. Back to present and my question / you guys
assistance: I had to 'ipconfig /flushdns' and 'ipconfig /registerdns' a
few times and then wait for the appropriate actions to occur (flush /
register) - the os mentioned to me something about checking the event
log in 15 minutes if errors occured (or something to that effect). Is
this an example of the 'waiting' that the guy in the other list
mentioned?? Just curious. Ie; could I have simply done something like so:

ipconfig /flushdns & ipconfig /registerdns

.... back to back ( or if I had to batch this out to a whole bunch of
machines ) .cmd file it via psexec / sms / <your weapon of choice>? Or
is ther really some need to 'wait' for 'X' period of time for the change
to occur? ( replication? )

FWIW, I actually did wait - not neccesarily 15 minutes either (no less).
In some cases the wait may have been a day or two (I went home), or a
few hours as I had something else to do.... but I would be curious
about just issuing the cmd's back to back.

Thanks again guys...

-=- jd -=-
 
In
-=- jd -=- said:
Guys ( Ace and Shane ):

I followed your advice (Shane's How-to more or less... ;) ) and it is
working like a champ (presently). Appreciate the help and pointers!
I'll have to power everything down and then bring it all back up to
verify that it is in fact ~really~ working... but for the time being
anyway - cha ching! ;)

One additional question: When I first proposed this little project
to a bunch of guys in another list, one of the guys came back and
told me to
be prepared to do lots of 'waiting'. Do something, wait. Do another
something, wait some more.
Click to expand...

I really never seen this waiting thing. Not sure what they mean by that.

Actually... I guess this was his take on
AD - not 2k in general. Back to present and my question / you guys
assistance: I had to 'ipconfig /flushdns' and 'ipconfig
/registerdns' a few times and then wait for the appropriate actions
to occur (flush / register) - the os mentioned to me something about
checking the event
log in 15 minutes if errors occured (or something to that effect). Is
this an example of the 'waiting' that the guy in the other list
mentioned??
Click to expand...

No, I usually see this right away if any problems, just by doing it once.
You can immediately check DNS and see the registration. That would probably
apply if you have mutliple remote locations and multiple DNS servers.
Just curious. Ie; could I have simply done something
like so:

ipconfig /flushdns & ipconfig /registerdns

... back to back
Click to expand...

That's what I usually do.

( or if I had to batch this out to a whole bunch of
machines ) .cmd file it via psexec / sms / <your weapon of choice>?
Or
is ther really some need to 'wait' for 'X' period of time for the
change to occur? ( replication? )
Click to expand...


Like I said, yes for a mutli site and mutli domain setup.
FWIW, I actually did wait - not neccesarily 15 minutes either (no
less). In some cases the wait may have been a day or two (I went
home), or a
few hours as I had something else to do.... but I would be curious
about just issuing the cmd's back to back.

Thanks again guys...

-=- jd -=-
Click to expand...

No prob!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hello,

The "waiting" suggestions are usually made in order to ensure beyond a
shadow of a doubt that AD replication has taken place. (Default replication
time is every 15 min.)

Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
In
Shane Brasher said:
Hello,

The "waiting" suggestions are usually made in order to ensure beyond a
shadow of a doubt that AD replication has taken place. (Default
replication time is every 15 min.)
Click to expand...

Min 5, max 15.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top