Archived from groups: microsoft.public.windowsnt.domain (
More info?)
Yes, I understand. I have configured my DNS to be authoritative for my zone
only, and enabled forwarding for unresolved addresses. I understand now that
I Can use root hints also in the event that the FORWARDERS I use (my ISP's
DNS servers) go down so I won't be out of business. I will implement this
tonight.
Everything is running as smooth as silk. As it turns out, my router was
unable to provide my own specific DNS address (it would only pass clients
the DNS servers it got from the ISP) so I had to disable the routers DHCP
server and go with the windows DHCP service. That only took a few minutes to
set up. Everything is running fine. Client domain logins are as quick as
local logins now.
There is only one "small problem". I actually have a "real" domain
registered (reineri.org) and hosted by a third party. I also named my
Windows Domain "reineri.org" (not knowing better). So now when I type
www.reineri.org on my client browsers, of course my local DNS server is
authoritative for "reineri.org" , and it can't find my "real" web site out
on the internet.
I got around this by placing DNS host records in my DNS like "mail", "ftp",
"www", etc that have my "real" internet IP addresses (64.xxx something or
other). It works, but it seems like a hack. Is there a better way to do
this, short of renaming my windows domain to something other than
"reineri.org".??
Thanks
Robert
"Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
news:OKYS$s%23AFHA.1388@TK2MSFTNGP09.phx.gbl...
> Everything is BLAZING now - plus I have my own "in
> > house" DNS server for when my ISP's go down!
>
>
> Your DNS server only know about your Win 2k domain. That is to say if your
> AD domain name is mydomain.com, your DNS server assumes it knows
> *everything* about mydomain.com. It will not forward requests for
> *anything/anyone* requesting resources from mydomain.com. Requesting
> yahoo.com or *anything* other than mydomain.com (basically the entire
> Internet), with forwarders setup, your DNS server will forward requests to
> your ISP. If your ISP's DNS server goes down, you loose Internet access.
If
> you set up your AD DNS server to use root hints, your ISP's DNS server can
> go down and you will still have Internet access.
>
> For the most part forwarders work fine (ISPs are fairly stable) but if
your
> ISP has a flaky DNS server you have the option to use root hints.
>
> The procedure to use root hints should be in the DNS for Internet access
> link.
>
> hth
> DDS W 2k MVP MCSE
>
> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> news:eZ0rxi%23AFHA.3236@TK2MSFTNGP15.phx.gbl...
> > Thanks Danny - yes, there was a way to change the router to send the IP
of
> > the W2K DNS Server. Everything is BLAZING now - plus I have my own "in
> > house" DNS server for when my ISP's go down!
> >
> > I really appreciate all your help.
> >
> > Thanks
> >
> > Robert
> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> > news:OEpsER%23AFHA.1388@TK2MSFTNGP09.phx.gbl...
> >> I'm not familiar with Linksys. If Linksys's DHCP is anything like
Windows
> >> DHCP you have the ability to change all the settings it passes out to
the
> >> clients.
> >>
> >> Check to see if you can adjust the settings the linksys is handing out.
> >> If
> >> you can't, disable DHCP on it and set up DHCP on your DC. You will need
> >> to
> >> tell it what IP address range, subnet mask, DNS, WINS, gateway, entries
> >> to
> >> use. I suspect there is a way to do this with the linksys.
> >>
> >>
> >> hth
> >> DDS W 2k MVP MCSE
> >>
> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> news:%23EPpf69AFHA.3016@tk2msftngp13.phx.gbl...
> >> >I think I see... but if I let the router continue to be the DHCP
server
> >> > (which I REALLY WOULD like to do, since it works just fine as is),
> >> > won't
> >> > it
> >> > keep giving the clients my ISP's DNS Servers? If I understand
> >> > correctly,
> >> > when a client gets its IP configuration from a DHCP server, it gets
ALL
> >> > the
> >> > information - the IP address it should use, the gateway address, DNS
> >> > server
> >> > address(es), and all else from that DHCP request.
> >> >
> >> > The way I think it works is this:
> >> >
> >> > 1. The router itself uses DHCP to get an address from the cable
> >> > company,
> >> > along with all the other junk - DNS servers, etc.
> >> > 2. When internal clients use the router as the DHCP server, it
assigns
> > the
> >> > client an address from the internal pool of addresses
(192.168.1.xxx),
> >> > uses
> >> > it's own address (192.168.1.1) as the gateway for the clients, and
> > simply
> >> > passes along the ISP's DNS servers to the clients.
> >> >
> >> > I guess what I need to do is check the router documentation. It is a
> >> > Linksys
> >> > WRT54g router...
> >> >
> >> > Thanks for all your help. Please, comment on anything I've posted. I
> >> > really
> >> > appreciate the assistance in getting this set up, and more
importantly,
> >> > gaining the knowledge to understand WHY things work, instead of just
> >> > clicking buttons. Though I am a software engineer by trade, it never
> > hurts
> >> > to understand some networking basics...
> >> >
> >> > Thanks
> >> >
> >> > Robert
> >> >
> >> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> >> > news:%23GYxXx9AFHA.824@TK2MSFTNGP11.phx.gbl...
> >> >> > 1. Stop the router from being a DHCP server.
> >> >>
> >> >> It is not that big of a deal that the router is the DHCP server. The
> >> >> important thing is that the router is giving your clients the AD DNS
> >> > server
> >> >> and NOT your ISP's server.
> >> >>
> >> >> When you log onto your DNS server with the IP of the DNS server
> > pointing
> >> > to
> >> >> itself, the proper SRV records for the domain are registered in DNS,
> >> >> on
> >> > THAT
> >> >> server. Clients logging into the domain MUST find these SRV records
in
> >> > order
> >> >> to "find" the domain. You want your clients to "find" the domain
when
> >> >> they
> >> >> log on (your long log in times were because the client was looking
for
> > a
> >> > SRV
> >> >> record on your ISP's DNS server for your domain and it was not
there).
> >> >> Pointing the clients to the DNS server that houses the SRV records
for
> >> > your
> >> >> domain will result in clients "finding" the domain faster. When a
> > client
> >> >> requests www.yahoo.com you want the client to look for it on your
DNS
> >> > server
> >> >> and it will not find it, so that request gets forwarded to a DNS
> >> >> server
> >> >> listed in your forwarders tab (or root hints if you set it up that
> > way).
> >> >>
> >> >> hth
> >> >> DDS W 2k MVP MCSE
> >> >>
> >> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> >> news:%232QCdf9AFHA.3836@tk2msftngp13.phx.gbl...
> >> >> > Ahh - I see. Right now, all machines (PDC and CLIENTS) get their
IP
> >> >> > information assigned by the router through DHCP (this includes the
> > DNS
> >> >> > servers, which show up as the Cox DNS servers using ipconfig
/all).
> > So
> >> >> > I
> >> >> > think what I need to do is:
> >> >> >
> >> >> > 1. Stop the router from being a DHCP server.
> >> >> > 2. Set the DHCP Service on the PDC to serve up IP configuration to
> > the
> >> >> > clients.
> >> >> > 3. Configure DNS on the PDC as you describe.
> >> >> > Now, instead of using DHCP from the router, the client will get it
> > from
> >> >> > the
> >> >> > PDC, whose DNS is configured to forward to the Cox DNS servers for
> >> >> > internet
> >> >> > addresses (addresses not on the local subnet).
> >> >> >
> >> >> > or,
> >> >> >
> >> >> > Do everything with static IP's and configure each client.
> >> >> >
> >> >> > Am I on the right track ?
> >> >> > Thanks
> >> >> >
> >> >> > Robert
> >> >> >
> >> >> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> >> >> > news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
> >> >> >> Long log in time are a symptom of misconfigured DNS.
> >> >> >>
> >> >> >> AD MUST have a DNS server set up for the AD domain. Do Not use
your
> >> > ISP's
> >> >> >> DNS servers.
> >> >> >>
> >> >> >> Basically you need to install DNS on the DC. Point the DC to
itself
> > in
> >> >> >> the
> >> >> >> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS
> >> > server
> >> >> >> ONLY. For Internet access configure your AD DNS server to forward
> > and
> >> >> >> list
> >> >> >> your ISP's DNS server as the forwarder (this is the ONLY place
your
> >> > ISP's
> >> >> >> DNS server should be listed on your entire domain. Do NOT add it
as
> >> >> >> secondary on *any* clients) or use root hints.
> >> >> >>
> >> >> >>
> >> >> >> See:
> >> >> >> Best Practices for DNS Client settings in Windows 2000 server and
> >> >> >> in
> >> >> > Windows
> >> >> >> Server 2003
> >> >> >>
> >> >> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Setting Up the Domain Name System for Active Directory
> >> >> >>
> >> >> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> How to configure DNS for Internet access in Windows 2000
> >> >> >>
> >> >> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> hth
> >> >> >>
> >> >> >> DDS W 2k MVP MCSE
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> >> >> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
> >> >> >> >I recently installed a WIN2000 server and made it a primary
domain
> >> >> >> > controller. It is the only domain controller on my network. I
> >> >> >> > have
> >> >> >> > 20clients
> >> >> >> > that will eventually join the domain. I took two of the clients
> >> > (WinXP
> >> >> >> > Pro)
> >> >> >> > and joined them into the new domain. It seems like things take
> > MUCH
> >> >> > longer
> >> >> >> > now than before I joined the domain.
> >> >> >> >
> >> >> >> > For example, when logging into the domain, the clients sit
there
> > for
> >> > 10
> >> >> >> > seconds of so with that "Applying Computer Settings" dialog
> >> >> >> > before
> >> > the
> >> >> >> > users
> >> >> >> > desktop comes up. Right clicking on System, and selecting
> >> > "Properties"
> >> >> >> > takes
> >> >> >> > 15 seconds or so. Checking Network properties takes 15 seconds
or
> >> >> >> > so.
> >> >> >> >
> >> >> >> > When I don't log into the domain on these clients (i.e. login
> >> > locally),
> >> >> >> > these operation are instantaneous.
> >> >> >> >
> >> >> >> > As far as networking, they are all on the same subnet, matter
of
> >> > fact,
> >> >> >> > both
> >> >> >> > clients and domain controller are plugged into the same 4 port
> >> > router!
> >> >> > So
> >> >> >> > it
> >> >> >> > should not be a network communications problem. All machines
are
> > P4
> >> >> >> > machines
> >> >> >> > with 1 gig of RAM and gigabit ethernet controllers. So we have
> >> >> >> > plenty
> >> >> >> > of
> >> >> >> > hardware power, too.
> >> >> >> >
> >> >> >> > Pardon the newbie question, I plan to go out to the book store
at
> >> > lunch
> >> >> >> > and
> >> >> >> > pick myself up some reading material. But if things are going
to
> > be
> >> >> >> > this
> >> >> >> > slow by adding a domain, we might just as well go back to a
> >> > workgroup.
> >> >> > Do
> >> >> >> > the clients have to contact the domain controller for every
> >> >> >> > little
> >> >> >> > thing
> >> >> >> > that has to be done?
> >> >> >> >
> >> >> >> > Any ideas appreciated. Please respond via newsgroup.
> >> >> >> >
> >> >> >> > Thanks
> >> >> >> >
> >> >> >> > Robert
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>