How do I know its working???

[Rich]

Hello,

I am trying to gain a better, detailed understanding of AD/DNS, file
replication and other core network services, how they work, and testing and
troubleshooting strategies.

I have a simple home network:

1. DSL to internet. A "2WIRE Home Portal" DSL modem/router from SBC/Yahoo.
It "can" provide DHCP and DNS services. I want it to provide DNS for
everything outside of my intranet.

2. 1 Cisco 2514 router having 2 subnets, LAN-1 and LAN-1. These are
192.168.1.0/24 and w.x.2.0/24 respectively.
Vverything on LAN-1, DSL Modem, Server01, and an XP client all connected to
8-port mini-switch. Sometimes run Server02 on LAN-1.

2. Server01: WIN2K Server: AD/DNS, DHCP, DFS, File&Print. Always on
LAN-1.
I want it to (it does) provide DHCP for everything on internal net.work.
Servers:static IP config. ClientsHCP config. For everything on the
"entire intranet", I want it to answer/resolve any queries; For anything
outside of my intranet, I want it to forward queries to the DSL modem/router
for resolution.

3. Server02: A 2nd AD/DNS on the 2nd subnet. (192.168.1.0/24). Also a
multi-role appl. server (can/will be any of the following: Virtual, SMS-2K,
SQL-2K, Exchange-2K, IIS, ISA, RAS).

I know this is pretty generic, bu any tips on correct configuration and
testing of DNS, AD, FRS, etc. are greatly.



Questions:
1. How do I view everything in my DNS server cache?
2. How do I test/verify this: I want my DNS to be a forwarder to my
DSL/internet modem. My DNS should only resolve names on my intranet.
Anything else gets forwarded to the DSL router/modem.
3. Does DNS replicate if I have 1 DNS server on each subnet? What is the
optimal config for a 2-subnet home network?
4. Any tips on the reskit tools such as FRSDiag, Sonar, etc. are
appreciated.
5. How do I, and what tools should I use for verifying and troubleshooting
my group policies.
6. Any tips, pointers on creating a secure VPN connection from internet to
my home network.

TIA,

Rich

 

[Ace Fekay [MVP]]

Please see responses inline below for each item.

In

Hello,

I am trying to gain a better, detailed understanding of AD/DNS, file
replication and other core network services, how they work, and
testing and troubleshooting strategies.

That is a huge subject. There are plenty of books written, technical
articles, and especially the Win2000 or Win2003 Resource Kits, that explain
this in detail.

You can start here, if you like:

MS DNS How-Tos:
http://www.microsoft.com/windows200...n/server/help/sag_DNS_pro_Topnode.htm?id=1848

Understanding zones, secondary zones and zone transfer:
http://www.microsoft.com/windows2000/en/server/help/sag_DNS_und_ZoneTransfers.htm

Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?id=826743

291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036

828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/?id=828263

I have a simple home network:

1. DSL to internet. A "2WIRE Home Portal" DSL modem/router from
SBC/Yahoo. It "can" provide DHCP and DNS services. I want it to
provide DNS for everything outside of my intranet.

You want to host your zone on the Internet? Usually we recommend not to. Too
much overhead, hardware and software to deal with, along with the fact you
only have a DSL line. Hosting it at the Registrar's (where you registered
your domain name) is the best bet. Their line is up 24/7, totally redundant,
along with their servers. Besides, you are required by the Registrar to have
two nameservers for domain names. And you can't use the internal DNS server
that is being used by Active Directory to host external data, especially if
one of your domain names is the same name as your AD DNS domain name. You
just can't mix pblic and private IPs. Another problem is if you have a
private network and trying to support the two nameserver requirements, you
can only port-remap one port remapped to only one internal IP address.

2. 1 Cisco 2514 router having 2 subnets, LAN-1 and LAN-1. These are
192.168.1.0/24 and w.x.2.0/24 respectively.
Vverything on LAN-1, DSL Modem, Server01, and an XP client all
connected to 8-port mini-switch. Sometimes run Server02 on LAN-1.
ok.


2. Server01: WIN2K Server: AD/DNS, DHCP, DFS, File&Print. Always
on LAN-1.
I want it to (it does) provide DHCP for everything on internal
net.work. Servers:static IP config. ClientsHCP config. For
everything on the "entire intranet", I want it to answer/resolve any
queries; For anything outside of my intranet, I want it to forward
queries to the DSL modem/router for resolution.

You are better off forwarding to your ISP. It eliminates the additional
query hop goung to the router, that is if the router even supports proxying
DNS queries.

3. Server02: A 2nd AD/DNS on the 2nd subnet. (192.168.1.0/24). Also a
multi-role appl. server (can/will be any of the following: Virtual,
SMS-2K, SQL-2K, Exchange-2K, IIS, ISA, RAS).

I know this is pretty generic, bu any tips on correct configuration
and testing of DNS, AD, FRS, etc. are greatly.

You may have problems with LDAP, RPC and Kerberos traffic going between the
two subnets, depending on how it's configured. If the two subnets are truly
routed, then you shouldn't have a problem.

Questions:
1. How do I view everything in my DNS server cache?

DNS COnsole, Select View, Advanced View.

2. How do I test/verify this: I want my DNS to be a forwarder to my
DSL/internet modem. My DNS should only resolve names on my intranet.
Anything else gets forwarded to the DSL router/modem.

Remember, forward directly to the ISP's DNS is the recommendation.

Just set it up as per this article for Win2000 and everything just works. A
true test would require watching network traffic with a packet sniffer to
actually "see" the query getting forwarded. You can also use nslookup -d2
option to see which servers it hits.

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202

3. Does DNS replicate if I have 1 DNS server on each subnet? What
is the optimal config for a 2-subnet home network?

That depends on the configuration as mentioned above. See #4 for links on AD
operations. That explains replication and how it works.

4. Any tips on the reskit tools such as FRSDiag, Sonar, etc. are
appreciated.

There are numerous articles at Microsoft's site:

Download details Sonar.exe File Replication Service (FRS) Status Viewer:
http://www.microsoft.com/downloads/...fb-fe09-477c-8148-25ae02cf15d8&DisplayLang=en

Overview of Active Directory 2000 Operations:
http://www.microsoft.com/technet/prodtechnol/ad/windows2000/maintain/opsguide/part1/adogd01.asp

And here is an all encompassing link:
Appendix B - AD Procedures Reference:
http://www.microsoft.com/technet/pr...rectory/maintain/opsguide/part2/adogdapb.mspx

and more

260371 - Troubleshooting Common Active Directory Setup Issues in Windows
2000:
http://support.microsoft.com/default.aspx?kbid=260371

Active Directory Diagnostics, Troubleshooting, and Recovery:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsbi/dsbi_add_vost.asp

Chapter 10 - Active Directory Diagnostics, Troubleshooting, and Recovery
[Including LDAP]:
http://www.microsoft.com/resources/...erver/reskit/en-us/distsys/part1/dsgch10.mspx

314980 - HOW TO Configure Active Directory Diagnostic Event Logging in
Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314980

5. How do I, and what tools should I use for verifying and
troubleshooting my group policies.

250842 - Troubleshooting Group Policy Application Problems:
http://support.microsoft.com/?id=250842

221833 - How to Enable User Environment Debug Logging in Retail Builds of
Windows:
http://support.microsoft.com/?id=221833


Troublshooting GPOs also includes troubleshooting AD, see #4 above.

6. Any tips, pointers on creating a secure VPN connection from
internet to my home network.

308208 - HOW TO Install and Configure a Virtual Private Network Server in
Windows 2000:
http://support.microsoft.com/?id=308208

You can also do it with your router. See the docs on it.

TIA,

Rich

Have fun.

Sounds like, with all due respect, attending some courses may be extermely
beneficial for you with all the basic questions you have. You have a
curiousity that can only be satisfied with a hands-on course and an
instructor you can utilize as a resource to call when you have problems.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello,

I am trying to gain a better, detailed understanding of AD/DNS, file
replication and other core network services, how they work, and
testing and troubleshooting strategies.

I have a simple home network:

1. DSL to internet. A "2WIRE Home Portal" DSL modem/router from
SBC/Yahoo. It "can" provide DHCP and DNS services. I want it to
provide DNS for everything outside of my intranet.

2. 1 Cisco 2514 router having 2 subnets, LAN-1 and LAN-1. These are
192.168.1.0/24 and w.x.2.0/24 respectively.
Vverything on LAN-1, DSL Modem, Server01, and an XP client all
connected to 8-port mini-switch. Sometimes run Server02 on LAN-1.

2. Server01: WIN2K Server: AD/DNS, DHCP, DFS, File&Print. Always
on LAN-1.
I want it to (it does) provide DHCP for everything on internal
net.work. Servers:static IP config. ClientsHCP config. For
everything on the "entire intranet", I want it to answer/resolve any
queries; For anything outside of my intranet, I want it to forward
queries to the DSL modem/router for resolution.

3. Server02: A 2nd AD/DNS on the 2nd subnet. (192.168.1.0/24).
Also a multi-role appl. server (can/will be any of the following:
Virtual, SMS-2K, SQL-2K, Exchange-2K, IIS, ISA, RAS).

I know this is pretty generic, bu any tips on correct configuration
and testing of DNS, AD, FRS, etc. are greatly.



Questions:
1. How do I view everything in my DNS server cache?

In View menu, select 'Advanced'

2. How do I test/verify this: I want my DNS to be a forwarder to my
DSL/internet modem. My DNS should only resolve names on my intranet.
Anything else gets forwarded to the DSL router/modem.

DNS management console, server properties, Forwarders tab, Enter the IP of
the router and check "Do not use recursion"
Frequently asked questions about Windows 2000 DNS and Windows Server 2003
DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&sd=RMVP

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP

3. Does DNS replicate if I have 1 DNS server on each subnet?

If both servers are in the same domain and there is no firewall between the
subnets, Yes.

What is the optimal config for a 2-subnet home network?

With two subnets, you will also need WINS, on at least one server.
Recommended Practices for WINS
http://support.microsoft.com/default.aspx?scid=kb;en-us;185786

4. Any tips on the reskit tools such as FRSDiag, Sonar, etc. are
appreciated.

Check the help file that comes with the Windows 2000 Server resource kit and
the Server Support Tools that are on the server CD.

5. How do I, and what tools should I use for verifying and
troubleshooting my group policies.

Windows XP has a graphic Group Policy tool in Help and Support, Tools,
Advanced System Information.

6. Any tips, pointers on creating a secure VPN connection from
internet to my home network.

How To Install and Configure a Virtual Private Network Server in Windows
2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208