When Configuring Forwarders, what IP Address do I use for DNS

[Guest]

To all:

I recently configured the DNS Server only to find out that I entered the
incorrect IP's for DNS resolution. I entered the ISP IP's for DNS, and I
realize now that was a mistake because of the error messages found in my
system logs. (Event ID 5774, amd 5775). It is my understanding that ISP's
prefer that you don't use their DNS IP's?

In any event, I recently printed out instructions from Microsoft on how to
Configure Forwarders but I have run into a wall. The instructions tell me to
enable forwarders, and then enter the IP Address of the first DNS Server,
what IP Address do I put in?
Is it the Server's personal IP Address, or is it the Static IP Address given
to me from my ISP?

FYI:
I am using a Static IP Address through my DI-624 D-Link router, but have
disabled DHCP. I am using Windows 2000 Server's DHCP to distribute the pool
of IP's out to my clients.

One last question. Once I have configured the forwarders properly, will the
folders msdcs, udp, and tcp show up in my DNS properties?

Thanks for your time, and please get back to me as soon as possible.

Sweeper.

 

[Danny Sanders]

In the properties of TCP/IP on your server, point the DNS server to itself
for DNS. In the forwarders tab point your DNS server to your ISP's DNS
server.

One last question. Once I have configured the forwarders properly, will
the
folders msdcs, udp, and tcp show up in my DNS properties?

No this is not what sets up those records. Pointing your DNS server to
itself in the properties of TCP/IP is what sets up these folders during the
logon process. You will have to reboot to get them created.

AD clients MUST find the SRV records in order to "find" the domain. You
don't want (and most ISP will not allow you to) your AD domain records
registered on your ISP's public DNS server. Pointing your DNS server to
itself for DNS will create the required SRV records AD clients MUST find
(Your AD DNS server IS an AD client). You MUST point all AD clients to your
AD DNS server ONLY. Anything they can't find (the *entire* Internet) in that
AD zone is passed to the forwarders.

hth
DDS W 2k MVP MCSE

 

[Guest]

Thank you very much Danny for clarifying this for me.

I have another question regarding settting up DHCP.

In Option (006) of the Scope Options, what IP Address do I put in for DNS
Servers?
Is it the ISP's or ..

Thanks again,

Sweeper.

 

[Enkidu]

To all:

I recently configured the DNS Server only to find out
that I entered the incorrect IP's for DNS resolution.
I entered the ISP IP's for DNS, and I realize now that
was a mistake because of the error messages found in my
system logs. (Event ID 5774, amd 5775). It is my
understanding that ISP's prefer that you don't use their
DNS IP's?

A four step guide to setting up DNS in an AD environment.

1) All your clients should use the internal DNS *only* for
name resolution.

2) The internal DNS should support SRV records and dynamic
updates.

3) The internal DNS servers should have their NICs
configured with their own addresses.

4) The internal DNS *service* on the DNS servers should be
configured to forward all requests to an Internet DNS
server, such as your ISP's DNS server.

The reason you should not use the ISP's DNS servers for your
Active Directory DNS is because they will not support SRV
records and dynamic updates. Nothing to do with ISP
preferences. Besides, having your internal DNS information
on an Internet facing DNS such as your ISP's cannot be secure.

Cheers,

Cliff

 

[Enkidu]

Thank you very much Danny for clarifying this for me.

I have another question regarding settting up DHCP.

In Option (006) of the Scope Options, what IP Address do I put in for DNS
Servers? Is it the ISP's or ..

You must configure DHCP to send out the information about
*your internal DNS*. The internal client machines do not
directly query the Internet DNS for sites out there on the
Internet.

They query the local DNS server, which then "forwards" the
query to the Internet DNS. The Internet DNS replies to the
internal server and the internal server informs the client.

The clients, need not, and should not, know anything about
the internet, DNS or otherwise. When a client wants a page
from the internet, such as the Microsoft Home page, it will
ask the internal DNS to find out the IP address, and then it
sends the request for the page to the internal gateway to
the Internet.

Cheers,

Cliff

 

[Guest]

Hello Enkidu:

[1] biggest problem right now is the missing folders in DNS. _msdcs, _sites,
_tcp, and _udp or AD Directory DNS Records.

I am a newbie "rookie" in this department, so bare with me. Is it possible
to get step by step instructions on how to re-populate these records?

[2] Also, let's say these were my server's tcp/ip settings:

From the General Tab:

* Use the following IP Address is chosen:
IP Address: 192.168.0.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1

*Use the following DNS server addresses is chosen:
Prefered DNS Server: 192.168.0.1

From the Advanced TCP/IP Settings:

IP Settings Tab:
within IP Address is: 192.168.0.100 and
Subnet Mask is: 255.255.255.0

within Default gateways: 192.168.0..1

From the DNS Tab:
within DNS Server address: 192.168.0.1
Append primary and connection specific DNS suffixes is selected
Append parent suffixes of the primary DNS Suffix is selected
Register this connection's addresses in DNS is selected

Does this look right to you, and am I in any way pointing the DNS Server
back to itself?

Please help me, and thank you for all your help.

Sweeper.

 

[Danny Sanders]

[1] biggest problem right now is the missing folders in DNS. _msdcs,

_sites,
_tcp, and _udp or AD Directory DNS Records.

These records are created automatically during logon on the DNS server *if*
the DNS server is pointed to itself for DNS in the properties of TCP/IP.

Example:

IP address of your AD DNS server is 192.168.0.100, in the properties of
TCP/IP on that *same* DNS server it should point to (use the following DNS
servers) 192.168.0.100 for DNS.

* Use the following IP Address is chosen:
IP Address: 192.168.0.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1

*Use the following DNS server addresses is chosen:
Prefered DNS Server: 192.168.0.1

If in the above example 192.168.0.100 is your AD DNS server and you use
192.168.0.1 as your preferred DNS server you are "pointing" your AD DNS
server to the default gateway NOT itself. If the above example is your AD
DNS server you would "point it to itself for DNS" by setting 192.168.0.100
as the preferred DNS server. Reboot after pointing it to itself to get the
proper records created.

Manually give the AD DNS server it's IP address of 192.168.0.100, Subnet
mask = 255.255.255.0, Default gateway = 192.168.0.1, preferred DNS server =
192.168.0.100.

Configure these settings only don't bother with the advanced settings. These
four settings will get you up and running. When I say "point all AD clients
to the AD DNS server only" it means (using the above example) Set up DHCP to
give your clients the IP address iv 192.168.0.100 for their individual DNS
settings or manually give each client the IP address of 192.168.0.100 for
their "preferred DNS server".


hth
DDS W 2k MVP MCSE
..

Hello Enkidu:

[1] biggest problem right now is the missing folders in DNS. _msdcs,
_sites,
_tcp, and _udp or AD Directory DNS Records.

I am a newbie "rookie" in this department, so bare with me. Is it possible
to get step by step instructions on how to re-populate these records?

[2] Also, let's say these were my server's tcp/ip settings:

From the General Tab:

* Use the following IP Address is chosen:
IP Address: 192.168.0.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1

*Use the following DNS server addresses is chosen:
Prefered DNS Server: 192.168.0.1

From the Advanced TCP/IP Settings:

IP Settings Tab:
within IP Address is: 192.168.0.100 and
Subnet Mask is: 255.255.255.0

within Default gateways: 192.168.0..1

From the DNS Tab:
within DNS Server address: 192.168.0.1
Append primary and connection specific DNS suffixes is selected
Append parent suffixes of the primary DNS Suffix is selected
Register this connection's addresses in DNS is selected

Does this look right to you, and am I in any way pointing the DNS Server
back to itself?

Please help me, and thank you for all your help.

Sweeper.

A four step guide to setting up DNS in an AD environment.

1) All your clients should use the internal DNS *only* for
name resolution.

2) The internal DNS should support SRV records and dynamic
updates.

3) The internal DNS servers should have their NICs
configured with their own addresses.

4) The internal DNS *service* on the DNS servers should be
configured to forward all requests to an Internet DNS
server, such as your ISP's DNS server.

The reason you should not use the ISP's DNS servers for your
Active Directory DNS is because they will not support SRV
records and dynamic updates. Nothing to do with ISP
preferences. Besides, having your internal DNS information
on an Internet facing DNS such as your ISP's cannot be secure.

Cheers,

Cliff