New bee

  • Thread starter Thread starter Elie Grouchko
  • Start date Start date
E

Elie Grouchko

Hi All

I'm planning a small office network and as I'm aware that properly setting
up a DNS is critical I would like to get some hints how to proceed so that I
don't make too many mistakes.

I'm planning to setup a small domain consisting of 3-5 PCs all running Win2k
and WinXP, the server is Win2k.
Currently connected to the internet through a DSL modem with no static IP
(static IP possible if required).
2-3 Additional PCs running Win98SE and Win2k need access to the internet and
to some of the domain resources but will not be part of the domain.
No web site exposed to the internet, only for internal use.
Need possibility to access the network from the internet using a VPN.

Any help will be greatly appreciated!

Thanks

Elie Grouchko
 
In
Elie Grouchko said:
Hi All

I'm planning a small office network and as I'm aware that properly
setting up a DNS is critical I would like to get some hints how to
proceed so that I don't make too many mistakes.

I'm planning to setup a small domain consisting of 3-5 PCs all
running Win2k and WinXP, the server is Win2k.
Currently connected to the internet through a DSL modem with no
static IP (static IP possible if required).
2-3 Additional PCs running Win98SE and Win2k need access to the
internet and to some of the domain resources but will not be part of
the domain.
No web site exposed to the internet, only for internal use.
Need possibility to access the network from the internet using a VPN.

Any help will be greatly appreciated!

Thanks

Elie Grouchko
Click to expand...

This is a very BROAD question, since it pretty much involves the
understanding of AD and not just AD's requirements of DNS.

Basically follow these guidelines:
1. Only use your internal DNS.

2. DO NOT USE your ISP's DNS or your router as a DNS address in any of your
machines' IP properties, no matter what your ISP tells you. They're tech
people in most cases just don't know enough about AD. If you do, NUMEROUS
errors *WILL* occur.

3. For efficient Internet resolution, it's suggested to use a Forwarder. If
the option is grayed out, delete the Root zone and try again. This article
will explain these two steps:
http://support.microsoft.com/?id=300202

4. When naming your domain, make absolutely sure it is NOT a single label
name, such as "DOMAIN" rather than the REQUIRED format of "domain.com" or
"domain.net", etc.

5. Make sure you set the Primary DNS Suffix on the machine you are promoting
to a DC prior to running dcpromo. THis name must be the same name as your
planned AD DNS domain name (mentioned in step 4 above) and spelled the same
as the zone name in DNS.

Here's a couple links that may help you (hope they are not overwhelming, as
the topic of AD and DNS can be to the layman):

AD and DNS FAQs
http://support.microsoft.com/?id=300202

Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/tr...prodtechnol/AD/windows2000/deploy/default.asp

237675 Setting Up the Domain Name System for Active Directory :
http://suport.microsoft.com/?id=237675

AD and DNS Planning Guide:
http://www.microsoft.com/technet/tr...windows2000/deploy/adguide/adplan/default.asp

Configure DNS for AD:
http://www.microsoft.com/windows2000/en/server/help/sag_DNS_pro_ConfigServerForDS.htm

DNS Requirements for Deploying Active Directory:
http://www.microsoft.com/technet/tr...prodtechnol/windows2000serv/deploy/dnsreq.asp

Active Directory - All about it [For Design see section on Planning &
Deployment Guides]:
http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp

Chapter 4 - Active Directory Design:
http://www.microsoft.com/technet/tr...change/exchange2000/reskit/part2/c04names.asp

Designing the Windows® 2000 Active Directory Service:
http://www.microsoft.com/technet/itsolutions/education/deploy/febdesad.asp





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi Ace

Thanks a lot for all the links, I had an inkling after doing some
preliminary reading that it wasn't going to be an easy one...

I have however another question regarding the domain name I choose for my
internal network. When setting up a primary domain controller I am asked for
a domain name and as you mentioned in your response it shouldn't be a simple
name like "DOMAIN" but rather a qualified name like "DOMAIN.COM". My
question is - do I need to register a domain name on the internet or can I
choose whatever name I want? I currently own a domain name on the internet,
can I use it for my own private network? i.e. if for example I registered
"something.com" and I have a web site "www.something.com" hosted by a third
party on the internet, can I use the domain name "intranet.something.com"
for my private network ? And if it is possible what is then the relationship
between my internal DNS an the DNS of the server which is hosting my web
site?

Many thanks

Elie Grouchko


"Ace Fekay [MVP]"
In Elie Grouchko <[email protected]> posted their thoughts, then I offered mine
Hi All

I'm planning a small office network and as I'm aware that properly
setting up a DNS is critical I would like to get some hints how to
proceed so that I don't make too many mistakes.

I'm planning to setup a small domain consisting of 3-5 PCs all
running Win2k and WinXP, the server is Win2k.
Currently connected to the internet through a DSL modem with no
static IP (static IP possible if required).
2-3 Additional PCs running Win98SE and Win2k need access to the
internet and to some of the domain resources but will not be part of
the domain.
No web site exposed to the internet, only for internal use.
Need possibility to access the network from the internet using a VPN.

Any help will be greatly appreciated!

Thanks

Elie Grouchko
Click to expand...

This is a very BROAD question, since it pretty much involves the
understanding of AD and not just AD's requirements of DNS.

Basically follow these guidelines:
1. Only use your internal DNS.

2. DO NOT USE your ISP's DNS or your router as a DNS address in any of your
machines' IP properties, no matter what your ISP tells you. They're tech
people in most cases just don't know enough about AD. If you do, NUMEROUS
errors *WILL* occur.

3. For efficient Internet resolution, it's suggested to use a Forwarder. If
the option is grayed out, delete the Root zone and try again. This article
will explain these two steps:
http://support.microsoft.com/?id=300202

4. When naming your domain, make absolutely sure it is NOT a single label
name, such as "DOMAIN" rather than the REQUIRED format of "domain.com" or
"domain.net", etc.

5. Make sure you set the Primary DNS Suffix on the machine you are promoting
to a DC prior to running dcpromo. THis name must be the same name as your
planned AD DNS domain name (mentioned in step 4 above) and spelled the same
as the zone name in DNS.

Here's a couple links that may help you (hope they are not overwhelming, as
the topic of AD and DNS can be to the layman):

AD and DNS FAQs
http://support.microsoft.com/?id=300202

Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/tr...prodtechnol/AD/windows2000/deploy/default.asp

237675 Setting Up the Domain Name System for Active Directory :
http://suport.microsoft.com/?id=237675

AD and DNS Planning Guide:
http://www.microsoft.com/technet/tr...windows2000/deploy/adguide/adplan/default.asp

Configure DNS for AD:
http://www.microsoft.com/windows2000/en/server/help/sag_DNS_pro_ConfigServerForDS.htm

DNS Requirements for Deploying Active Directory:
http://www.microsoft.com/technet/tr...prodtechnol/windows2000serv/deploy/dnsreq.asp

Active Directory - All about it [For Design see section on Planning &
Deployment Guides]:
http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp

Chapter 4 - Active Directory Design:
http://www.microsoft.com/technet/tr...change/exchange2000/reskit/part2/c04names.asp

Designing the Windows® 2000 Active Directory Service:
http://www.microsoft.com/technet/itsolutions/education/deploy/febdesad.asp





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...
 
Hi Elie, responses inline...

In
Elie Grouchko said:
Hi Ace

Thanks a lot for all the links, I had an inkling after doing some
preliminary reading that it wasn't going to be an easy one...
Click to expand...

No prob for the links. And yes, preparation is the key.
I have however another question regarding the domain name I choose
for my
internal network. When setting up a primary domain controller I am
asked for
a domain name and as you mentioned in your response it shouldn't be a
simple
name like "DOMAIN" but rather a qualified name like "DOMAIN.COM". My
question is - do I need to register a domain name on the internet or
can I
choose whatever name I want?
Click to expand...

Choose whatever you want, no need to register it since it's your internal
private name. But don't choose something that already exists on the
Internet. It's not that it's illegal, but more of a technical issue since a
DNS server will not forward out queries to what it is SOA for so you'll have
problems emailing them or seeing their website and other resources they
have, unless you make the manual entries inyour own DNS. Choose something
private. "domain.elie", or "domain.local", or "domain.corp", "domain.net",
etc, for example.
I currently own a domain name on the
internet,
can I use it for my own private network? i.e. if for example I
registered "something.com" and I have a web site "www.something.com"
hosted by a third
party on the internet, can I use the domain name
"intranet.something.com"
for my private network ?
Click to expand...

Yes you can.

I would rather recommend (as I do for many folks) to use maybe
"something.net" since it's closer. You could choose something.com too, (what
we call Split Horizon when the external and internal names are the smae),
but this requires additional administrative tasks/reg changes that is more
than you really want to do to make it work.
And if it is possible what is then the
relationship
between my internal DNS an the DNS of the server which is hosting my
web
site?
Click to expand...

None at all. Your internal machines ONLY use your internal DNS. You forward
out to the ISP's DNS. That's it.
Many thanks
Click to expand...

No problem!
Elie Grouchko
Click to expand...


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top