Re: upgrade to win2000 adv server and DNS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 06/19/04 

Date: Sat, 19 Jun 2004 00:48:52 -0400

In news:Bq6dnePJ9Mil-k7dRVn-jw@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
> Hi all!
> Dear Kevin and Ace,
>
> I have three questions.
> I have a Win NT 4.0 PDC and BDC.
>
> I am going to ugrade to Win2kadv server but I am aprehensive about a
> couple things.
> I'm having trouble defining the right questions.
>
> You and Ace mentioned that the Win2kadv server uses the tcpip DNS
> tab Host and domain
> fields as the basis for its DNS name. Mine are currently not the same
> as the internal names.
> they are "made up" and I want it the same way as I have it, is this
> possible?
>
> You and/or Ace said that I need a fully qualified domain name with
> a suffix such as .net or .org or I will have trouble with DNS
> hierarchy.
> I do not run this way now, it works great as is, I never had a
> problem in 5 years
> using WinNT DNS, I would prefer to keep what I have, can I do it?
>
> I want to upgrade WinNT to Win2kadv, totally replacing the old os
> on the same box and have no difference. will my clients still be able
> to be domain authenticateded with thier same accounts to the new
> installation?
> This wont change anything (about logging in or thier accounts) on the
> clients will it?
> For instance...one time, I converted one of my clients to a workgroup
> membership from
> a domain memership. This got it a totally different desktop and
> account where nothing was installed. I hope I dont have to go thru
> that do I ?
>
>
> here is my setup:
>
> PDC
> Win NT 4.0 Server
> name jewelntserver
> domain jewelconsulting
> (jewelntserver.jewelconsulting)
>
> has 2 nics
>
> inside nic:
> static Private IP address in 10.0.0.x range
>
> outside nic:
> dynamic ip - get from ISP via DHCP . Is not "public" or associated
> with
> a public internet name. changes.
>
> tcpip dns hostname tab: dynamic
> tcpip dns domain name tab: ip
>
> protocols:
> tcpip, netbios and file and printer sharing run on the inside nic
> and only tcpip runs on the outside nic.
>
> BDC
> Win NT 4.0 Server
> name: littlehal
> domain jewelconsulting
> (littlehal.jewelconsulting)
> 2 nics
>
> inside nic: static Private IP 10.0.0.x range
> outside nic: dhcp dynamic IP
> tcpip dns hostname tab: dynamic2
> tcpip dns domain tab: ip
>
> protocols: same way as jewelntserver.
>
> All my clients are win2000 the same way, 2 nics.
> same way with protocols.
>
> They authenticate to the PDC.
>
> All inside nics goto a shared hub
> All outside nics goto a different shared hub.
> The outside hub is connected to the internet.
>
> I have extensive file rights specified (acl's) on all
> drives/folders/files in my systems.
> services such as runas, remote registry, remote desktop etc are
> permanently disabled.
>
>
> from any machine in the domain I can ping the following:
> jewelntserver
> jewelntserver.jewelconsulting
> jewelconsulting
> (these all result in the same internal private ip for jewelntserver at
> 10.0.0.x)
>
> on jewelntserver If I ping dynamic.ip I get ITS outside dynamically
> assigned address (today).
> on littlehal if I ping dynamic2.ip I get ITS outside dynamic ip
> address (today).
>
> There is no web server, no public ip, no need to vpn, no other
> location etc. This is simply
> a multihomed domain runing PDC/BDC and DNS only on the inside and
> that is all.
>
> I have the DNS files if you need them.
>
> Thank you,

HI John,

I remember something about the binding order in your mutlihomed machines.
But I'll tell you this much. DO NOT USE A SINGLE LABEL NAME. If you do, go
right ahead, and we;ll definitely be hearing from you again with all the
problems that you WILL be getting from choosing that name.

Now, let;s sit back and have a beer and discuss this.

NT4 is a different animal. Now we're talking W2k and W2k3, which uses AD for
it;s directory services which is TOTALLY based on DNS. DNS is a hierarchal
structure. A single label name does not follow any sort of hierarchy,
therefore, DNS will fail, therefore AD will fail. With me so far?

Here's some reading on it:
Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?kbid=826743

251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option {more than likely due to single label name]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

DNS Domain Name System and Domain Name Service Protocol (RFC 1034 2535):
http://www.javvin.com/protocolDNS.html

Also, with all due respect, please do not mutlihome all your machines. You
are creating an administrative nightmare when it comes to AD, if you don't
already have one. All you need is one machine mutlihomed (preferably NOT a
DC or a server running a service such as Exchange, SQL, etc). Or better yet,
get yourself a $50.00 Linksys router that will work like a charm. They have
one with a firewall version for about $70.00. Otherwise, with your current
config, I;m putting my paycheck on this that you will definitely have
serious problems.

Please, take my word of advise and strip the extra NICs. I'm no trying to be
facetious, just pointing out the facts, and I've seen config issues that
will blow your mind. This seems like it may turn into one if you keep this
config due to DNS registration with your AD data. Removing the extra NICs
will eliminate these config issues and also security issues since they are
directly on the Internet.

And don't forget, with AD you must only use your own internal DNS ONLY. YOu
cannot use your ISP's address, no matter what your ISP will tell you or
expect addition administrative issues, complaints and generally
malfunctioning AD services. My paycheck is on this too.

Hope that helps. If you need any AD design links and upgrade or migration
links, let me know. 

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. -- 
=================================

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... NIC, you need to specify an external DNS server for DNS, instead of the ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ...
    (microsoft.public.windows.server.sbs)
  • Re: Multi-homed WINS Server does not let me administer it.
    ... Being a VPN Server and even simply running RRAS makes it multi-homed. ... Domain Controllers with the PDF Role are automatically Domain Master Browser. ... Multihomed DCs, DNS, RRAS servers. ... Insure that all the NICS only point to your internal DNS serveronly and none others, ...
    (microsoft.public.windows.server.dns)
  • Re: RRAS - required as Internet Gateway
    ... My server is not a DC just a standalone server... ... Multihomed DCs, DNS, RRAS servers. ... When there are multiple NICs, ... there are some registry changes to eliminate the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem with internet connection
    ... Depending on the hardware/NIC you maybe can use a teaming software to combine both physical NICs to a virtual, which then can be used for automatic failover or loadbalanced. ... Multihoming a server, using more then one ip address, can result in problems you don't wan't. ... Multihomed DCs, DNS, RRAS servers. ... there are some registry changes to eliminate the registration of the external NIC. ...
    (microsoft.public.windows.server.networking)
  • Re: No Internet thru Dual Nics
    ... Windows 2000 Server fully patched. ... DNS server 192.168.254.1 ... I have uninstalled and reinstalled the NICs. ... there are some registry changes to eliminate the ...
    (microsoft.public.windows.server.networking)