Simple DNS Setup Suggestions

[Jameseee]

We have a simple network and I'm looking for some help.

We have a new 2K3 Server (the only server); 25 computers; one firewall with
access to the Internet.

The server is 192.168.254.250. This server is providing DHCP services for
this network. The firewall is 192.168.254.254.

The question is: What settings should I be using for DNS Server setup on
the Server and what is the proper information to push out to clients via
DHCP for DNS Server(s) and Default Gateway? Since the 192.168.254.254
firewall is the only equipment with direct Internet access, it seems like
this should be the Default Gateway. Is this correct? And, since this
firewall already knows of the external DNS Servers provided by our ISP,
should the clients be given the new server address as the only DNS Server
(or should I be running DNS Server services on the new server at all?) or
should the clients also be given the Firewall address as a DNS Server?

Should I also be running a WINS Server? Can that be done on the same
server?

This was thrown into my lap and the new server is functioning, so everything
may be setup OK. I'm just not sure.

Thanks.

James

 

[Kevin D. Goodknecht Sr. [MVP]]

We have a simple network and I'm looking for some help.

We have a new 2K3 Server (the only server); 25 computers; one
firewall with access to the Internet.

The server is 192.168.254.250. This server is providing DHCP
services for this network. The firewall is 192.168.254.254.

The question is: What settings should I be using for DNS Server
setup on the Server and what is the proper information to push out to
clients via DHCP for DNS Server(s) and Default Gateway? Since the
192.168.254.254 firewall is the only equipment with direct Internet
access, it seems like this should be the Default Gateway. Is this
correct?

The router should be the default gateway, the server should be the only DNS
address used on any client. DNS on the server should forward to the ISP, or
to the router if it supports being a DNS proxy.


And, since this firewall already knows of the external DNS

Servers provided by our ISP, should the clients be given the new
server address as the only DNS Server (or should I be running DNS
Server services on the new server at all?

You have not mentioned Active Directory, but if AD is in use or is planned,
use the server as the DNS server.

or should the clients also
be given the Firewall address as a DNS Server?

Not in TCP/IP properties, only as a forwarder.

Should I also be running a WINS Server? Can that be done on the same
server?

WINS would be required if you have more than one subnet and you use Network
places browsing.

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;323380&sd=RMVP

DNS query responses do not travel through a firewall in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP

 

[Herb Martin]

Kevin's answer (this thread) pretty much covers your question.

Below is my general recommendations for DNS to support AD
as that might help you to keep the principles straight as you follow
Kevin's specific answers.

You need WINS Server IF you wish to support legacy (NetBIOS)
applications on multiple subnets -- and, as Kevin mentioned ,
Browsing is a legacy NetBIOS application as are external trusts
and variety of odd things (including some Cluster Server, Exchange
Server requirements.)

If you needed WINS Server under NT4, you almost certainly need it
under Win2000+.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]