Three Server - How to configure DNS

  • Thread starter Thread starter Jamal Mubarik
  • Start date Start date
J

Jamal Mubarik

We have three servers. A B C

B was WINNT 4.0 Exch 5.5 PDC and has been upgraded to WIN2k SP4 Exch 5.5 DC.
It was the first WIN2k Server. It is running in mixed mode. It has two Nics
one pointing to ISP and One 10.x.x.x internal address. I configured
forwaders to point to ISP's DNS Servers.

C is new server with win2kSP4 Exch 2000SP3 (and post). It is a DC. It is not
running DNS Service. C has two nics . One is pointing (64.x.x.x) at isp and
one is 10.x.x.x.
C & B have a connector to communicate with two versions of exchange.
A is a file server.A is also a DC. on win2ksp4. A only has one NIC 10.x.x.x.
I may activate the other NIC in it.

B will be retired soon.

I would like both A & C to be DNS Servers. I tried to use DNS wizard on A. I
had several choices AD integrated or Standard. Which one should I choose. I
do not know what version was installed on 'B" the first Win2k DC.


Last but not least please point to good article or book on MS DNS.

I thank you for your time. These forums are a good example of generosity.

JM
(e-mail address removed)
 
If all the machines are DCs, simply install the DNS service on each. Since B is the first server is should already be running DNS and should have a zone
configured for the AD domain. This zone should be active directory integrated. If it is, this zone will automatically replicate to the other DCs and no addtional
configuration will be needed. I would change a few other things though. The DCs should ONLY point at AD DNS server for DNS. Do not point them to the ISP.
The DNS service though should be configured with forwarders to the ISP for Internet name resolution. Next, if you are not hosting your own DNS domain name,
then you will need to configure the DNS server on the multihomed machines to only listen on the internal adapter. Otherwise, the external addresses of these
server will register in DNS which could cause clients authentication or connectivity problems to the server. The other reason would be that your internal name
space would be externally available. This exposes you to unecessary risk. If you are hosting your own internet name, this should be handled by a machine
that isn't a DC and preferably not a member of your domain.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Hi Michael:

Your message is ver timely helpful and perhaps god send. I wish I can buy
you dinnner. You sure deserve. I have done mostly what you have asked for.
Please kindly explain few questions I have.

I have few questions that will clarify things immensly and help me get the
comapny on the road.
I do have DNS on Server B & A and it is AD integrated. I will install it on
C (the exchange 2k server also) tommorow. I have forwarders configured on
the first server with isp's dns addresses. Should I configuerd forwarders on
A & C also since they are multihomed also. Since all servers will be AD DNS
DC's should they point at themselves. Eventually we would retire B.

Q2. Internal NIC Configuration.

The internal NIC 10.x.x.1 has subent mask of 255.255.255.0 . Should I put in
a Gateway (all internal pc's go through small Linksys becausse our proxy
died) 10.0.0.254. My first DNS for internal NIC is 10.x.x.1. Should I add
addition DNS entries of other AD DNS Servers (A & C). Should I have DNS's
servers of ISP listed also.

Q3. External NIC
Address is 64.30.xxx.xxx subnet mask is 255.255.255.0
GW=64.30.xxx.1 DNS points to 10.0.0.1 (its own address. The next two dns
entries point to the ISP.

I will configure the DNS servers to listen only to internal servers. I am
pretty sure you do this by listing DNS properties. Please confirm.

Eventually I would like to confiure an isa server.

I have another I believe DNS problem. When I try to add a user in AD to a
memebership group I get a message sayimg to the effect that message class
could not be located. This is not a exact message. I tried on many users.

Should I apply service pak 4 to DC 'C' after I install dns service on it. I
think I should. Is there any other service you recommend. Please recommend a
good book.

Last but not leaset I thank you very much..

Jamal
(e-mail address removed)
909-489-5557



Michael Johnston said:
If all the machines are DCs, simply install the DNS service on each.
Click to expand...
Since B is the first server is should already be running DNS and should have
a zone
configured for the AD domain. This zone should be active directory
Click to expand...
integrated. If it is, this zone will automatically replicate to the other
DCs and no addtional
configuration will be needed. I would change a few other things though.
Click to expand...
The DCs should ONLY point at AD DNS server for DNS. Do not point them to
the ISP.
The DNS service though should be configured with forwarders to the ISP for
Click to expand...
Internet name resolution. Next, if you are not hosting your own DNS domain
name,
then you will need to configure the DNS server on the multihomed machines
Click to expand...
to only listen on the internal adapter. Otherwise, the external addresses
of these
server will register in DNS which could cause clients authentication or
Click to expand...
connectivity problems to the server. The other reason would be that your
internal name
space would be externally available. This exposes you to unecessary risk.
Click to expand...
If you are hosting your own internet name, this should be handled by a
machine
that isn't a DC and preferably not a member of your domain.

Thank you,
Mike Johnston
Microsoft Network Support
Click to expand...
rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
Click to expand...
message are best directed to the newsgroup/thread from which they
originated.
 
Michael:

Should I also configure the first DC as WIN Server. I am in mixed mode. By
tommorow I will have moved all mail boxes from B (first DC with exch 5.5)
to C win2k Exch2000. Should I then go to native mode. Should I stay mixed.
Please advice.

Thanks
 
Back
Top