DNS questions

[Guest]

If I have a domain running DNS and computer is not connected to the domain,
still in workgroup, will this computer register in DNS since it's obtaining a
DHCP address from my server?

I've followed steps in creating the forward lookup zone. I even created the
reserve lookup zone with pointer. This seems correct from everything I've
read. I run NSLookup, I get my server name and IP address. I type my
computer's name, I get 'server' can't find 'client': Server Failed.
Any help appreciated.

After I get that fixed, I want to work on replicating DNS through all other
servers. We're (I'm) in the process of setting up DNS on all our already
existing Win2k/Win2k3 DCs. I know this should have been done before, but I
wasn't working when all this started.

Note: We have 40+ locations, all hosting their own DC (seperate forests!),
on IP scheme of 10.11.x.x/255.255.255.0. Connecting via T1 or Frame.

Thanks to anyone who tries/helps tackle this.

Mike

 

[Guest]

If I have a domain running DNS and computer is not connected to the domain,
still in workgroup, will this computer register in DNS since it's obtaining a
DHCP address from my server?

Yes, automatically its own A record if it is Win 2000 or XP.
Legacy clients can be supported if the option on a Win 200x DHCP Server
is configured to register on their behalf.

Note that the DNS Server must support dynamic updates.

Hope this helps. Do let us know. Thanks.

 

[Guest]

That was my understanding too. I have dynamic updates on. I walked through
the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
Still, I don't see any clients registering. I have DNS servers specified in
DHCP.
What else would cause this to not register?

 

[Herb Martin]

That was my understanding too. I have dynamic updates on. I walked through
the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
Still, I don't see any clients registering. I have DNS servers specified in
DHCP.
What else would cause this to not register?

DHCP must be client of the dynamic DNS (or actually, able to find
the specific server that is Primary/etc and can accept the registration.)

DCHP should specify the domain name for the clients (so it will know
where to register.

Clients should have their DNS name fully specified in SYSTEM
control panel.

IF DNS server requires secure updates DHCP server (or registering
client) must be authenticated.

All internal DNS clients (especially DCs) must specify STRICTLY
the internal, dynamic DNS server (set) so that the DC etc will find
only the correct DNS server(s) -- otherwise authentication and
replication will be erratic or fail.

 

[Guest]

Thanks for the reply. I redid DNS yesterday. This morning I came in and my
manager was confused why some of his settings were changed on his PC.
Currently, our entire network (over 1200 computers) is only a workgroup, not
a domain.
Within DNS I see that his 2 computers that are connected to the domain are
now registered in DNS, but my computer is not.
Right now, it looks like any computer currently connected to the domain
(with DNS) is registering within DNS. Other computers are not.

***Info:

DNS Dynamic Updates: Nonsecure & Secure
SOA - Correct Primary server identified (everything is running on this server)
Name Server: FQDN of server running DNS (ex. itdept)
WINS - Using forward lookup against our current WINS database

If any other information is needed for now, I'll post as I can.
I just want to have all clients of DHCP register in DNS.

Thanks again!

 

[Herb Martin]

Thanks for the reply. I redid DNS yesterday. This morning I came in and my
manager was confused why some of his settings were changed on his PC.
Currently, our entire network (over 1200 computers) is only a workgroup, not
a domain.

In general, all internal clients should still use
internal DNS (to find internal resources first).

It may not be as critical as in an AD domain
but it is still the right thing to do -- the external
DNS is NOT going to know about internal
resources, BUT the internal DNS can forward
or otherwise resolve the Internet.

Non-domain computers can still register IF you
don't use "secure only" OR if you use a domain
DHCP server which can register them.

Within DNS I see that his 2 computers that are connected to the domain are
now registered in DNS, but my computer is not.

What is the domain name? What is your computer
Name in System Control panel? (It should still have
the DNS domain name listed.)

Right now, it looks like any computer currently connected to the domain
(with DNS) is registering within DNS. Other computers are not.

Likely due to one of two reasons:

1) Secure only updates

OR

2) The non-domain computers don't have the domain name
set in the System control panel.

Non-domain computers can STILL be in the same DNS zone
with the domain.

***Info:

DNS Dynamic Updates: Nonsecure & Secure
SOA - Correct Primary server identified (everything is running on this server)
Name Server: FQDN of server running DNS (ex. itdept)
WINS - Using forward lookup against our current WINS database

If any other information is needed for now, I'll post as I can.
I just want to have all clients of DHCP register in DNS.

Thanks again!

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Thanks a lot! I appreciate your help. I didn't have 'Use this connection's
DNS suffic in DNS registration."
Once I checked that, reloaded the zone, my account appeared. I tested this
on another computer and it showed up after doing the same steps.

Forwarders-
I put in my ISP's 2 DNS Servers in DNS (IT-2003) - Properties - Forwarders.
Block Recursive is unchecked.
When I do a nslookup, it doesn't seem to forward out to the ISP DNS servers.

Any other settings need to be touched for this to work? I assume this also
would have an effect on doing recursive queries. When I get to that point,
I'll start a new post.

Server: it-2003.itdept.oldcastleglass.com
Address: 10.11.50.7

Name: mau2005.itdept.oldcastleglass.com
Address: 10.11.50.186


nslookup oldcastleglass.com
Server: it-2003.itdept.oldcastleglass.com
Address: 10.11.50.7

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to it-2003.itdept.oldcastleglass.com timed-out

Thanks for the reply. I redid DNS yesterday. This morning I came in and my
manager was confused why some of his settings were changed on his PC.
Currently, our entire network (over 1200 computers) is only a workgroup, not
a domain.

In general, all internal clients should still use
internal DNS (to find internal resources first).

It may not be as critical as in an AD domain
but it is still the right thing to do -- the external
DNS is NOT going to know about internal
resources, BUT the internal DNS can forward
or otherwise resolve the Internet.

Non-domain computers can still register IF you
don't use "secure only" OR if you use a domain
DHCP server which can register them.

Within DNS I see that his 2 computers that are connected to the domain are
now registered in DNS, but my computer is not.

What is the domain name? What is your computer
Name in System Control panel? (It should still have
the DNS domain name listed.)

Right now, it looks like any computer currently connected to the domain
(with DNS) is registering within DNS. Other computers are not.

Likely due to one of two reasons:

1) Secure only updates

OR

2) The non-domain computers don't have the domain name
set in the System control panel.

Non-domain computers can STILL be in the same DNS zone
with the domain.

***Info:

DNS Dynamic Updates: Nonsecure & Secure
SOA - Correct Primary server identified (everything is running on this server)
Name Server: FQDN of server running DNS (ex. itdept)
WINS - Using forward lookup against our current WINS database

If any other information is needed for now, I'll post as I can.
I just want to have all clients of DHCP register in DNS.

Thanks again!

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Thanks a lot! I appreciate your help. I didn't have 'Use this connection's
DNS suffic in DNS registration."
Once I checked that, reloaded the zone, my account appeared. I tested this
on another computer and it showed up after doing the same steps.

I still think it is preferable to actually put the name in
the SYSTEM control panel (then the interface name
and check box for "use this name is also unnecessary.)

It is much better to give the COMPUTER the right name,
and not just the 'interface'.

That interface feature is in there to allow for computers
with multiple NICs to have different names or when the
DNS name should be registered differently than the computers
real domain (which i rare and tough to get right.)

In any case you are welcome....

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Forwarders-
I put in my ISP's 2 DNS Servers in DNS (IT-2003) - Properties - Forwarders.
Block Recursive is unchecked.
When I do a nslookup, it doesn't seem to forward out to the ISP DNS servers.

Any other settings need to be touched for this to work? I assume this also
would have an effect on doing recursive queries. When I get to that point,
I'll start a new post.

Server: it-2003.itdept.oldcastleglass.com
Address: 10.11.50.7

Name: mau2005.itdept.oldcastleglass.com
Address: 10.11.50.186


nslookup oldcastleglass.com
Server: it-2003.itdept.oldcastleglass.com
Address: 10.11.50.7

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to it-2003.itdept.oldcastleglass.com timed-out

Thanks for the reply. I redid DNS yesterday. This morning I came in and my
manager was confused why some of his settings were changed on his PC.
Currently, our entire network (over 1200 computers) is only a

workgroup,
not

a domain.

In general, all internal clients should still use
internal DNS (to find internal resources first).

It may not be as critical as in an AD domain
but it is still the right thing to do -- the external
DNS is NOT going to know about internal
resources, BUT the internal DNS can forward
or otherwise resolve the Internet.

Non-domain computers can still register IF you
don't use "secure only" OR if you use a domain
DHCP server which can register them.

Within DNS I see that his 2 computers that are connected to the domain are
now registered in DNS, but my computer is not.

What is the domain name? What is your computer
Name in System Control panel? (It should still have
the DNS domain name listed.)

Right now, it looks like any computer currently connected to the domain
(with DNS) is registering within DNS. Other computers are not.

Likely due to one of two reasons:

1) Secure only updates

OR

2) The non-domain computers don't have the domain name
set in the System control panel.

Non-domain computers can STILL be in the same DNS zone
with the domain.

***Info:

DNS Dynamic Updates: Nonsecure & Secure
SOA - Correct Primary server identified (everything is running on this server)
Name Server: FQDN of server running DNS (ex. itdept)
WINS - Using forward lookup against our current WINS database

If any other information is needed for now, I'll post as I can.
I just want to have all clients of DHCP register in DNS.

Thanks again!

:

That was my understanding too. I have dynamic updates on. I walked through
the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
Still, I don't see any clients registering. I have DNS servers specified
in
DHCP.
What else would cause this to not register?

DHCP must be client of the dynamic DNS (or actually, able to find
the specific server that is Primary/etc and can accept the registration.)

DCHP should specify the domain name for the clients (so it will know
where to register.

Clients should have their DNS name fully specified in SYSTEM
control panel.

IF DNS server requires secure updates DHCP server (or registering
client) must be authenticated.

All internal DNS clients (especially DCs) must specify STRICTLY
the internal, dynamic DNS server (set) so that the DC etc will find
only the correct DNS server(s) -- otherwise authentication and
replication will be erratic or fail.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]