Re: One Post to Sum It All Up
From: Herb Martin (news_at_LearnQuick.com)
Date: 12/20/04
- Previous message: Art: "Re: Dns for Advanced Server 2000 running IIS in workgroup"
- In reply to: Bryan: "Re: One Post to Sum It All Up"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Dec 2004 15:24:09 -0600
> > Also run DCDiag on all DCs and send the output (DCDiad /?)
> > to a text file -- don't bother with any other switches -- search
> > the text file for FAIL, WARN, IGNORE.
> >
> > Fix those or report specific errors and problems.
> My clients/servers and AD Controller (which is the internal DNS) is
pointing
> to the internal DNS server. I do not have any references to the DNS
server
> from my provider on any of my servers. All clients and servers are
looking
> at my DNS servers for name resolution.
Then all is well with DNS?
Some people try to put both internal and external DNS
server entries on the internal clients. (That's wrong of course.)
> I have no problems with name
> resolution for external sources such as www.yahoo.com,
Then you are likely using FORWARDING (tab in the DNS
MMC) to forward from the Internal DNS servers to your own
or the ISP DNS server on the net -- that's the best way.
> but really I guess
> what I am looking for is clarification on how to configure my
authoratative
> DNS and internal DNS correctly.
If they are exposed on the Internet you delegate to them
from the parent -- by merely registrering them when/where
you bought the public DNS name.
You will be better served [intended] if you move the public
DNS back to the registrar however (or find one that does this.)
GoDaddy and Register.com do this, and you still maintain your
own records (through a web interface.)
> I know I should not have any internal IP
> references in my external DNS and I have removed those. I just want to
know
> that I have a good working and correct setup.
Just MANUALLY duplicate (almost) all external records
on the internal DNS servers if you use the same internal and
external DNS name -- this is split DNS -- so that internal
machines can resolve external names.
The reason for the two Primary/Master DNS servers is so
that INTERNAL names will NOT replicate to the outside,
since as you say we don't want those exposed.
> > > 3)OWA / Email -- Biggest Problem, want to try and get it working!!!
> > > As the network is configured right now, I can send and receive email
from
> > > Outlook 2003 on my laptop. I am trying to
> >
> >
> > > get Outlook Web Access (OWA) configured correctly, and believe that my
DNS
> > > settings may be causing problems, but am
> > >
> > > not 100% sure on that. I can access OWA from my AD server using the
web
> > > address https://consolsrv01.conseptsolutions.com/exchange I am
prompted
> > with
> > > the certificate warning and a credentials box is displayed. I type in
my
> > > credentials for the domain and I am brought right into OWA. I am not
sure
> > if
> > > this is how it is suposed to work from inside the domain, or if that
is
> > the
> > > correct address (a simple CNAME or A record might fix that for
internal
> > > requests).
> >
> > Generally you would prefer to reach OWA by a simple name
> > or from a link on another web page, e.g., www.conceptsolutions.com
> > with link, or mail.conceptsolutions.com, or webmail.....
> >
> > CNAMEs can help. Or A records.
> >
> What I was saying above is that I can access the OWA from internal by
typing
> in that address, but I'm not sure if that is exactly how it should work.
I
> could make a CNAME or A record for owa to make it easier, that way the
> address would be https://owa.conseptsolutions.com
Sure, or anything else you and your users can easily remember
and understand.
> Is the way I have
> described it above the correct way it should be working, at least for
clients
> accessing it from the internal network? I will post a question regarding
> this in the Exchange section. Thanks for the reply and information.
Sounds like it all works.
-- Herb Martin "Bryan" <Bryan@discussions.microsoft.com> wrote in message news:F191211A-9AFD-4F70-BD4F-0FB9F0038779@microsoft.com... > "Herb Martin" wrote: > > > > > More important would be to know if you have > > all your INTERNAL DNS clients pointing SOLELY > > to your internal DNS server set -- this includes DCs > > and the internal DNS server which are DNS clients > > too. > > > > DNS for AD > > 1) Dynamic for the zone supporting AD > > 2) All internal DNS clients NIC\IP properties must specify SOLELY > > that internal, dynamic DNS server (set.) > > 3) DCs and even DNS servers are DNS clients too -- see #2 > > > > Restart NetLogon on any DC if you change any of the above that > > affects a DC and/or use: > > > > nltest /dsregdns /server:DC-ServerNameGoesHere > > > > Ensure that DNS zones/domains are fully replicated to all DNS > > servers for that (internal) zone/domain. > > > > > I would really appreciate any help in getting my DNS settings correct. > > > Bryan
- Previous message: Art: "Re: Dns for Advanced Server 2000 running IIS in workgroup"
- In reply to: Bryan: "Re: One Post to Sum It All Up"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
