Re: when connected to a domain. takes forever to login
From: lost soul (lostsoul_at_discussions.microsoft.com)
Date: 09/09/04
- Next message: G. Doughty: "monitoring network"
- Previous message: Chilla: "email addresses clean up"
- In reply to: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Next in thread: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Reply: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Sep 2004 23:57:06 -0700
Thanks,
My concern is, would this make the w2k server become public on the internet?
It was used for accounting purpose and was intended as an internal server
only. Somehow the contractor set it as domain controller and I inherited all
the mess. Will using it as DNS server make it vulnerable to hackers since it
doesn't have a firewall? Maybe I'll just buy another server as the
proxy...How to join a win2003 server to a win2k server?
(I should have have listened to mom and study medicine)
"Ron Lowe" wrote:
> "lost soul" <lostsoul@discussions.microsoft.com> wrote in message
> news:3132CA11-03D7-4534-8DCB-B2EEFF9B238A@microsoft.com...
> > pardon the intrusion, I have a simalar dilemma,
> > we used to have a w2k server with active directory while clients log in
> > with
> > win98, no problem. When we begin migrating to new pc with winxp, slow log
> > in.
> > The thing is the all clients has to set DNS to the ISP DNS IP, that is how
> > the DSL router work. If I set the DNS to the server's DNS, I lose internet
> > connection?
> > Thanks in advance,
>
> Richard is 100% correct.
>
> You *must* point the clients to the internal DNS that hosts the AD domain.
> Yes, that will break external ( Internet ) name resolution untill you go
> configure the internal DNS server to handle that too.
>
> On the Internal DNS server, configure it like this:
> 1) Delete any root (.) zone if it exists.
>
> Now, it will be able to resolve external names using the Root Nameservers
> listed in Root Hints.
> Now, your DNS server will do the full nine yards lookup from the root on
> down.
> You can leave it like this if you want, but you can also:
>
> 2) Go to the forwarders tab, and add the IP address of your ISP's DNS
> servers.
>
> This will cause it to onpass unresolved ( external ) queries to your ISP's
> DNS server, which in turn will do the full nine yards for you. The
> advantage of using your ISP as a forwarder is you get the benefit of their
> well-populated cache, and so it may be quicker. Also you reduce the load on
> the root and TLD nameservers.
>
> Here's my usual lecture on the whole topic:
>
> XP differs from previous versions of windows in that it uses
> DNS as it's primary name resolution method for finding domain
> controllers:
>
> How Domain Controllers Are Located in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;314861
>
> If DNS is misconfigured, XP will spend a lot of time waiting for it to
> timeout before it tries using legacy NT4 sytle NetBIOS.
> ( Which may or may not work. )
>
> 1) Ensure that the XP clients are all configured to point to the local
> DNS server which hosts the AD domain. That will probably be the
> win2k server itself.
> They should NOT be pointing an an ISP's DNS server.
> An 'ipconfig /all' on the XP box should reveal ONLY the domain's
> DNS server.
>
> ( you should use the DHCP server to push out the local DNS server
> address. )
>
> 2) Ensure DNS server on win2k is configured to permit dynamic updates.
>
> 3) Ensure the win2k server points to itself as a DNS server.
>
> 4) For external ( internet ) name resolution, specify your ISP's DNS server
> not on the clients, but in the 'forwarders' tab of the local win2k DNS
> server.
>
> On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
> tabs because they are greyed out, that is because there is a root zone (".")
> present on the DNS server. You MUST delete this root zone to permit the
> server to forward unresolved queries to yout ISP or the root servers:
>
> HOWTO: Remove the Root Zone (Dot Zone)
> http://support.microsoft.com/default.aspx?kbid=298148
>
> The following articles may assist you in setting up DNS correctly:
>
> Setting Up the Domain Name System for Active Directory
> http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
> HOW TO: Configure DNS for Internet Access in Windows 2000
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
>
>
> --
> Best Regards,
> Ron Lowe
> MS-MVP Windows Networking
>
>
- Next message: G. Doughty: "monitoring network"
- Previous message: Chilla: "email addresses clean up"
- In reply to: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Next in thread: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Reply: Ron Lowe: "Re: when connected to a domain. takes forever to login"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
