Am I making DNS harder than it really is?

[Dwayne]

I have been an NT4 Administrator for roughly five years and everything has
been relatively smooth. We are a smaller company with roughly 75 pc's on
our local lan. I have always relied on 3rd parties to host DNS and my boss
does not want that to change. I have set up 2000 servers but so far only as
stand alone to run web servers. They work but I have ignored all the dns
errors in event viewer as I keep saying I will get back to work on it.
Well, we will be migrating to new servers in the next few months running
Server 2003 and Exchange 2003. The only problems I have continuously run up
against in my test environments is the damn DNS. I seem to always get to
the point where it asks whether you want to use isp dns and if yes just
leave it to local. I don't know if I have a mental block on this DNS stuff
or not it just doesn't seem to make any sense to me. A perfect example is a
stand alone server that I set up for sales people to come into using Citrix
and terminal services. The terminal server kept coming back as no licensing
server could be found in DNS. I set the single nic to the dns servers on
the internet. I found a workaround to edit a registry setting and the
terminal server now works but all the errors are still in the event viewer.
I am going to have to figure all this out soon as I know 2003 really depends
on this. Can anyone point me to a place where I may be able to get some
examples of how to set up new servers to use dns for internal and isp dns
for external? Am I making all this too difficult? I have felt very
confident of my Administrator's skills until all this DNS stuff. I guess
now I am paying for never using it in the past. Thanks for any help that
anyone can give this poor fool.

Dwayne

 

[Deji Akomolafe]

Can anyone point me to a place where I may be able to get some
It's simple, really. Your main problem is:that to change.

IF your boss changes his/her mind and agrees to let you host the INTERNAL
part of the your Domain Record on your own INTERNAL DNS servers, then it's
simple. Otherwise, it's not.

IF you succeed in getting him/her to agree to this, then here's how simple
it is.
You install your own DNS server.
Since all your records are currently on an 3rd-party DNS server, you call
the 3rd-party up and tell them to allow zone transfer for your Domain name
to you. You give them the routable IP address of your new DNS Server. They
will tell you the IP of their DNS server
You then create a new Secondary zone for your domain name and specify the IP
address of the 3rd-party's DNS server as the "Primary"
Wait for a while for the Transfer to happen.
As soon as you see that the records are now on your new server, you then
need to start telling ALL your clients (and Servers) that they should use
your new DNS server for resolution.
How do you do that?
If you use DHCP server to allocate IP addresses, then you just need to
change the "DNS server" IP address in your Scope configuration.
If you manually assign IP addresses, then you will have to manually change
the DNS IP Address for all your computers in TCP/IP. If you know how to
script, it's easy to do the manual reconfiguration. If you want to go the
script route, I can send you a sample script.

You MUST make sure that ALL your computers use ONLY this new DNS server for
resolution in TCP/IP. This includes clients and servers as well as the DNS
server itself.

Now, if your current DNS host says "no, we don't allow zone transfer", then
tell them to just send you the zone file. How you use the file will depend
on the file format. But post back on email me offline if they give you a
file instead of allowing zone transfer.

Yeah, I know I said it's "easy". It's easy when you really get down to do
it, don't let the various steps I've listed above confuse you.
--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Dwayne]

Thanks for the reply. Our main corporate web servers with our domain name
are and will be off site. We have been and will be using a different
domain name for our local lan. The web servers we have up at our site are
for Citrix, EDI and OWA. AT&T hosts our dns but I have a control panel that
allows me to go in and change IP addresses, add mx records, etc. I guess
what I am mainly asking is how to set up the 2003 server to only do DNS for
our local lan and all external goes to our DNS provider. Does that clear
things up? I am so confused about DNS that I feel much more comfortable at
this point to only have internal dns on my new server. Thanks for any
additional help you can give to me.

 

[Lanwench [MVP - Exchange]]

<pardon my jumping in>

No problems doing what you want. You don't have to change anything in your
public DNS for this. Just set up forwarders in your AD-integrated DNS server
to your ISP's public DNS servers, and specify *only* the AD-integrated DNS
server(s) in the server and workstation IP configs. If you're using W2000
you'll need to delete the root zone (".") first.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.

 

[Dwayne]

Thanks a ton, I have been looking for a straight forward explanation and
this provided it for me. It's really nice to see there are people out there
who are willing to help out strangers. Thanks again.

Dwayne


"Lanwench [MVP - Exchange]"

 

[Herb Martin]

You really must host you INTERNAL DNS in support of Active Directory
domains.

Many of the experts here will tell you that you should NOT host you external
DNS even if you boss will "let you."
I certainly emphasize this choice for external DNS.

(You could host both, but having the Registrar or other professional hosting
company handle the external DNS is easier and more reliable.)

You must use DYNAMIC DNS for the each Internal zone that supports a Win2000+
domain, and that would be a terrific security issue were you to configure
that server (set) externally (even with secure updates only enabled.)

It would also be inefficient and fault intolerant whenever the WAN or ISP
experienced and outage.

Host the internal zone internally. The externally zone at a Registrar etc.

 

[Lanwench [MVP - Exchange]]

You're most welcome - the groups can be a great resource.

Thanks a ton, I have been looking for a straight forward explanation
and this provided it for me. It's really nice to see there are
people out there who are willing to help out strangers. Thanks
again.

Dwayne


"Lanwench [MVP - Exchange]"

<pardon my jumping in>

No problems doing what you want. You don't have to change anything
in your public DNS for this. Just set up forwarders in your
AD-integrated DNS server to your ISP's public DNS servers, and
specify *only* the AD-integrated DNS server(s) in the server and
workstation IP configs. If you're using W2000 you'll need to delete
the root zone (".") first.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
for more info.