REALLY BIG DNS CONFIG PROBLEM. PLEASE HELP!

  • Thread starter Thread starter Maxtor, C.A.
  • Start date Start date
M

Maxtor, C.A.

Hi,

I just started as IT support in a company, and I saw that the DNS is
misconfigured very badly:
1) the domain name is DOMAIN (just that), and the DNS zone is created the
same way. Shouldn't it be TREE.DOMAIN.COM? or am I mistaken? How can I do to
set it right?
2) All the clients are set up to use the ISP DNS servers instead of the
Win2K DNS servers. I think it's because of this that the new clients can't
join the domain, and users can't change the passwords, and so on. How can I
set it right? The ISP doesn't provide valid IP numbers, though.

Please help. I don't know where to start...
 
I don't know if this information is key for solving the problem, but I
forgot to add that the domain is functioning in mixed mode (even though
there is ONLY ONE Win98 client).

****************************************
 
Sounds like you are in for a lot of fun :)

Let's take ISP DNS first. One of the most frequent mantras you will find on
this newsgroup is "don't use your ISP DNS for anything on your internal
network(except MAYBE as a forwarder in DNS)". So, get to work and start
reconfiguring your clients and servers to use your INTERNAL DNS Server(s)
only. If you use DHCP, this is easy, just change the DNS IP in the Scope. If
they are all configured with static IP/DNS entries, then you have some work
to do. This
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=25 can
help.

Now, for the "simply DOMAIN" issue, you WILL run into problem eventually
with this config WHEN you upgrade to Service Pack 4. Read this
http://support.microsoft.com/default.aspx?kbid=300684, then search through
this newsgroup for posts from Ace and Kevin regarding this subject.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Thanks a lot for your help, Deji!

Once I remove the ISP DNS servers, the clients won't be able to resolve
addresses and internet traffic will stop. How can I configure the internal
DNS so people don't have this problem?

Another thing, there are 2 DC's in the network, the first one has SP3; and
the other one, I promoted to act as backup (in case the first one has to
come offline) which has SP4 installed. I figure this is bad because your
pointed it out.

Again, thank you very much. I'll start reading the documents you refer, so I
have a more clear idea on what has to be done.

Maxtor.
 
In Maxtor, C.A. <[email protected]> posted a question
Then Kevin replied below:
: Hi,
:
: I just started as IT support in a company, and I saw that the DNS is
: misconfigured very badly:
: 1) the domain name is DOMAIN (just that), and the DNS zone is created
: the same way. Shouldn't it be TREE.DOMAIN.COM? or am I mistaken? How
: can I do to set it right?
: 2) All the clients are set up to use the ISP DNS servers instead of
: the Win2K DNS servers. I think it's because of this that the new
: clients can't join the domain, and users can't change the passwords,
: and so on. How can I set it right? The ISP doesn't provide valid IP
: numbers, though.
:
: Please help. I don't know where to start...

Add an NT4 BDC, Promote it to a PDC, upgrade the new PDC to Win2k and
DCPROMO it to a Win2kDC with a good DNS name like domain.com or
domain.whatever as long as it has a "." in the name.
Single label domain name are a real pain and will never work as they should,
GPO's won't be applied XP Pros will refuse to join unless you add a registry
hack, Win2kSP4 will refuse to register in DNS without a registry hack. I
could go on but if you really want to fix it right, that is what you need to
do.
 
In Maxtor, C.A. <[email protected]> posted a question
Then Kevin replied below:
: Thanks a lot for your help, Deji!
:
: Once I remove the ISP DNS servers, the clients won't be able to
: resolve addresses and internet traffic will stop. How can I configure
: the internal DNS so people don't have this problem?
Most likely all you need to do is delete the "." forward lookup zone, you
can optionally enable a forwarder but they are not required.
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1
:
: Another thing, there are 2 DC's in the network, the first one has
: SP3; and the other one, I promoted to act as backup (in case the
: first one has to come offline) which has SP4 installed. I figure this
: is bad because your pointed it out.
Win2kSP4 does not like Single label domain names. Neither does XP, Windows
server 2003, or for that fact the Root DNS servers for the internet does not
like them either. They see them as some unknown Top Level Domain and will
spit back illegal domain errors.
That is the reason MS had to fix Win2k in SP4.
Follow my other reply and make this a good DNS name.
 
Thank you very much for the walkthru, Kevin.

I'm curious about one thing though: once I do everything you said, what will
happen? Will the changes replicate to my 2 DC's, and everything will work
again, and I'll be able to take out the temp server? Will all the existing
AD users and computers stay the same when the changes are made? What about
the clients who joined DOMAIN? Will I have to join them all to the
NEW.DOMAIN.COM?

Basically, after I follow all the steps, what's next?

Thank you so much, Kevin.

Well, I think like Deji said, I'm in for a lot of fun.

Maxtor

***************************************************
 
In Maxtor, C.A. <[email protected]> posted a question
Then Kevin replied below:
: Thank you very much for the walkthru, Kevin.
:
: I'm curious about one thing though: once I do everything you said,
: what will happen? Will the changes replicate to my 2 DC's, and
: everything will work again, and I'll be able to take out the temp
: server? Will all the existing AD users and computers stay the same
: when the changes are made? What about the clients who joined DOMAIN?
: Will I have to join them all to the NEW.DOMAIN.COM?
:
: Basically, after I follow all the steps, what's next?
:
Demote the old DCs out of the new domain then promote them to the new
domain, the clients willl also need to be removed from the old domain and
joined to the new domain. THen you will need to migrate their profiles to
the new domain.

The alternate is to start fresh with a totally new domain the create new
user accounts or use ADMT to migrate the users to the new domain, the last
option, using ADMT would be preferable because it would migrate their user
profiles to the new domain to.
 
Thanks a lot, Kevin.

You have been an extraordinary help.

Thank you very much.

Maxtor


*****************************************
 
Back
Top