Nameserver Questions Windows 2003 Server

  • Thread starter Thread starter James
  • Start date Start date
J

James

Hello,

I've managed to find the answer to most things by searching on the group,
but still have some quick questions regarding adding dns functionality to
our dedicated webserver for the purpose of hostings our own DNS records:

1. If my nameserver with the registry is setup as ns1.mydomain.com does the
computer name of my dns server also have to be "ns1"? or can it be anything
provided that I have ns1 set up correctly in the dns zone ?

2. In Windows DNS manager there are three default reverse lookup zones - is
it correct to assume that I leave this area alone for our purpose and stick
with the defaults ?

3. Previously in the TCP/IP settings, our ISPs DNS servers were listed. I
have chanaged preferred DNS server to the servers own IP address and left
alternative DNS server as the ISPs DNS server - is this correct ?

4. Do I need to make any changes to the DNS tab in the Advanced part of
TCP/IP properties. Currently it lists the IP addresses as mentioned in Q3.
Has "Append primary and connection specific DNS suffixies" checked, "Append
parent suffixes of the primary DNS suffix" checked, and "Register this
connections address in DNS" checked

5. Primary DNS suffix if set to "mydomain.com" is this correct ?

6. Do I need to touch cached lookup zones, or is that another area I leave
at defaults ?

Thanks for any advice

James
 
In James <[email protected]> posted a question
Then Kevin replied inline:
: Hello,
:
: I've managed to find the answer to most things by searching on the
: group, but still have some quick questions regarding adding dns
: functionality to our dedicated webserver for the purpose of hostings
: our own DNS records:
:
: 1. If my nameserver with the registry is setup as ns1.mydomain.com
: does the computer name of my dns server also have to be "ns1"? or can
: it be anything provided that I have ns1 set up correctly in the dns
: zone ?
Yes, you can give the name server any name you want, so long as you have an
"A" record for the hostname in the domain zone for the domain the nameserver
will be listed under. The only exception is for Active Directory integrated
zones. An Active Directory Integrated zone will always create an NS record
for the machine name and make it the primary name server on the Start of
Authority record.


:
: 2. In Windows DNS manager there are three default reverse lookup
: zones - is it correct to assume that I leave this area alone for our
: purpose and stick with the defaults ?

You cannot edit these zones, and they are not visable unless you have the
console in advanced mode

:
: 3. Previously in the TCP/IP settings, our ISPs DNS servers were
: listed. I have chanaged preferred DNS server to the servers own IP
: address and left alternative DNS server as the ISPs DNS server - is
: this correct ?

No, it is not correct. You should remove the ISP's DNS, it will not help DNS
resolve names and it will only cause errors on a DC.

:
: 4. Do I need to make any changes to the DNS tab in the Advanced part
: of TCP/IP properties. Currently it lists the IP addresses as
: mentioned in Q3. Has "Append primary and connection specific DNS
: suffixies" checked, "Append parent suffixes of the primary DNS
: suffix" checked, and "Register this connections address in DNS"
: checked

This is correct

:
: 5. Primary DNS suffix if set to "mydomain.com" is this correct ?

The primary DNS suffix should match the DNS name of your AD domain, if
mydomain.com is the name of your AD domain as seen in ADU&C then it is
correct.
:
: 6. Do I need to touch cached lookup zones, or is that another area I
: leave at defaults ?

The defaults are OK the only thing you might want to change is the
MaxCacheTtl in the registry, the value does not exist by default so the
maximum cache time to live is one day. IMO, that is to low and causes the
DNS cache to be refreshed daily. Most NS records have a TTL of two days I
would suggest raising the MaxCacheTtl to 172800 seconds (two days).
 
Kevin D. Goodknecht said:
In James <[email protected]> posted a question
Then Kevin replied inline:
: Hello,
:
: I've managed to find the answer to most things by searching on the
: group, but still have some quick questions regarding adding dns
: functionality to our dedicated webserver for the purpose of hostings
: our own DNS records:
:
: 1. If my nameserver with the registry is setup as ns1.mydomain.com
: does the computer name of my dns server also have to be "ns1"? or can
: it be anything provided that I have ns1 set up correctly in the dns
: zone ?
Yes, you can give the name server any name you want, so long as you have an
"A" record for the hostname in the domain zone for the domain the nameserver
will be listed under. The only exception is for Active Directory integrated
zones. An Active Directory Integrated zone will always create an NS record
for the machine name and make it the primary name server on the Start of
Authority record.
Click to expand...

Thanks very much for you answers. I just have one more thing I need
clarified, if I have A records for both the namserver and the computer name,
which one should be listed as the primary server in the SOA.

Cheers
James
 
In James <[email protected]> posted a question
Then Kevin replied below:
: :: In :: James <[email protected]> posted a question
:: Then Kevin replied inline:
::: Hello,
:::
::: I've managed to find the answer to most things by searching on the
::: group, but still have some quick questions regarding adding dns
::: functionality to our dedicated webserver for the purpose of hostings
::: our own DNS records:
:::
::: 1. If my nameserver with the registry is setup as ns1.mydomain.com
::: does the computer name of my dns server also have to be "ns1"? or
::: can it be anything provided that I have ns1 set up correctly in the
::: dns zone ?
:: Yes, you can give the name server any name you want, so long as you
:: have an "A" record for the hostname in the domain zone for the
:: domain the nameserver will be listed under. The only exception is
:: for Active Directory integrated zones. An Active Directory
:: Integrated zone will always create an NS record for the machine name
:: and make it the primary name server on the Start of Authority record.
::
:
: Thanks very much for you answers. I just have one more thing I need
: clarified, if I have A records for both the namserver and the
: computer name, which one should be listed as the primary server in
: the SOA.
:
: Cheers
: James

Are these zones going to be public zones?
If they are public zones the Primary Name server should be one that is
listed on the public record for the public domain.
If the zone is going to only be for internal use then it does not matter, as
long as if there are any internal secondary DNS servers that the secondary
can resolve the primary name server on the SOA record. This goes the same
for All DNS servers.

For instance, if the zone is for public usage, and the public record shows n
s1.example.com and ns2.example.com, then the SOA record you show one of
these as the Primary NS and you should remove the NS record for the machine
name.
If the Zone is AD integrated you cannot change the primary NS on the SOA.
Well, you can change it, but as soon as the zone is reloaded from AD it will
change back to the machine name and add the NS record. So if you are using
an AD integrated zone for the public you will need to register the Machine
name as a public DNS server.
 
Back
Top