Re: Simple DNS Setup - Single 2K server
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 09/28/04
- Next message: Gary: "Re: DC has no DNS Name"
- Previous message: Ace Fekay [MVP]: "Re: Cannot telnet in range"
- In reply to: PJM: "Simple DNS Setup - Single 2K server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 00:34:14 -0400
In news:656580D6-D18F-4CD5-9AE2-3BD7E6391AC4@microsoft.com,
PJM <PJM@discussions.microsoft.com> made a post then I commented below
> I have an environment with a Single Windows 2000 server. (192.168.0.2)
>
> Linksys Router Provides DHCP. (192.168.0.1)
>
> The DHCP settings in the router are currently setup like this:
> DNS1 - ISP DNS SERVER
> DNS2 - Internal 2K Server
> DNS3 - ANOTHER ISP DNS SERVER
>
> I believed that the Internal 2K server should be first in the list.
> HOWEVER, when I set it like that, the workstations can log into the
> Domain, but they CANNOT access the Internet. The above configuration
> works, but I know it is wrong.
>
> I heard about the Server providing DNS forwarding. I looked at it in
> the server, but I remember it saying something about root servers not
> being able to do this.
>
> My question - What is the proper DNS setup in this scenario.
>
> Thanks
> P
The recommended 'best practice' with ANY Active Directory environment is to
ONLY use the DNS servers that are authorative for the AD zone. AD DCs and
clients query DNS to "find" the domain, so to speak. If it were to ask your
ISP's DNS, will it 'know' where your domain is? No.
ONLY use the internal DNS. On the internal DNS, configure a forwarder to
your ISP's for efficient Internet resolution. If the forwarding option is
grayed out, delete the Root zone, and try again. If not sure how to delete
the root zone, if one does exist, or not sure how to configure a forwarder,
see this article:
http://support.microsoft.com/?id=300202
Also, it is *highly* recommended NOT to use your Linksys router for DHCP in
an AD environment. MS DHCP APIs work hand in hand with MS DNS APIs to offer
dynamic updates using Option 081, which these Linksys (and other routers) do
not offer. Disable that service and use your server's DHCP service.
All of this should give you a clean working headache-free functioning AD
system, provided there are no other errors associated with AD (single label
name, NTFRS errors, Netlogon errors, etc), which would require further
investigation.
-- Regards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, It Has Layers HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Gary: "Re: DC has no DNS Name"
- Previous message: Ace Fekay [MVP]: "Re: Cannot telnet in range"
- In reply to: PJM: "Simple DNS Setup - Single 2K server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
