Newbie: DNS Setup in Two Locations

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Hello,
I want to setup DNS Servers in two locations A and B. These two
locations are connected via Point-Point with FULL T1. Two networks are
192.168 and 172.20 respectively.
I have setup a DC with a.abc.com (Frist Server in the network). Now
how do I create b.abc.com? To creat child domain I donot see parent
domain. Will a.abc.com will act like a parent domain?
Please help.
Thanks
Kris

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Hello,
> I want to setup DNS Servers in two locations A and B. These two
> locations are connected via Point-Point with FULL T1. Two networks are
> 192.168 and 172.20 respectively.
> I have setup a DC with a.abc.com (Frist Server in the network). Now
> how do I create b.abc.com?

You would have to DCPromo the server at location B as a "New Domain in an
existing forest."
This would not be a child domain, it would be a new domain tree in an
existing forest.

> To creat child domain I donot see parent
> domain.

To create a child domain, and be able to resolve a.abc.com you have to
forward b.a.abc.com DNS to a.abc.com, then create a delegation named b in
the a.abc.com, using the DNS at b.a.abc.com as the Name server.

> Will a.abc.com will act like a parent domain?

Only if the location B domain is named b.a.abc.com.


If you want users at site A to have access to resources at site B and
Vice-versa without having to assign explicite permissions at each site,
DCPromo the server at Site B as a replica Domain Controller. This will make
Administration much easier because you would not have to configure
permissions separately for each site.

You could still set a connection specific suffix for each site's members so
that each sites resources are kept in separate DNS zones. That would be
a.a.abc.com at site A and b.a.abc.com at site B. You would not have to
create any separate zones this way, your zone would basically look like
this: (Plus the AD folders)
a.abc.com
\a
\b


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kevin,
Thank you for the response.
But here are some questions based on your recommendations and some misread
due to my wording sorry for that.
NOTE: All I'm using Win2KAdv DNS server is only for DNS purpose nothing else
(atleast at this time).
a. In order to make b.abc.com a "NEW Domain in existing forest" I need to
provide "Network Credentials" and What domain name should be inputed?
b. Since I have created a DC with a.abc.com now my forest starts at
a.abc.com? Not abc.com? If I do want to create abc.com and a.abc.com in the
same server since its located at location A and create b.abc.com part of
abc.com would I then still create DC for b and under abc.com forest and I
would be able to see abc.com?
c. misread part: will a.abc.com will act like a parent domain? Is actually
releated to part of B question since its ONE server (thought abc.com and
a.abc.com)
Thanks
Kris

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Kevin,
> Thank you for the response.
> But here are some questions based on your recommendations and some
> misread due to my wording sorry for that.
> NOTE: All I'm using Win2KAdv DNS server is only for DNS purpose
> nothing else (atleast at this time).
> a. In order to make b.abc.com a "NEW Domain in existing forest" I
> need to provide "Network Credentials" and What domain name should be
> inputed?

You need to use the credentials for the Administrator account of the
existing forest.

> b. Since I have created a DC with a.abc.com now my forest starts at
> a.abc.com? Correct
Not abc.com? Correct

If I do want to create abc.com and a.abc.com
> in the same server since its located at location A and create
> b.abc.com part of abc.com would I then still create DC for b and
> under abc.com forest and I would be able to see abc.com?

You have already created a.abc.com, it will be your Forest Root domain, its
children will be child.a.abc.com.
Or you can create a new tree b.abc.com, but a.abc.com will still be the
forest root.

I don't think it will let you start a new tree at abc.com, but I could be
wrong. Usually abc.com would be the forest root, and its children would be
a.abc.com and b.abc.com and so on.
You could also start a new tree at abc.net for example, but a.abc.com would
still be abc.net's forest root.

> c. misread part: will a.abc.com will act like a parent domain?

Not necessarily parent, forest root. A forest root can be a parent domain,
but it does not have to be, it can also be in a different tree. For istance
you can create a new tree named b.abc.com, for which a.abc.com is its forest
root.

Is
> actually releated to part of B question since its ONE server
> (thought abc.com and a.abc.com)





--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Also please NOTE: IP networks are different

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kevin,
What domain name should I provide in Network credentials?

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Kevin,
> What domain name should I provide in Network credentials?

I already said, the Forest root Administrator account. Probably
Administrator@a.abc.com if that is your forest root, I'm not sure what your
Forest Root domain name is.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kevin,
If I had to redo the servers what is the correct procedure?
a. Create abc.com w/DC
b. Create a.abc.com domain in DNS (they are one server abc.com and
a.abc.com).
c. Create b.abc.com domain in DNS (w/DC?) in separate server located at site
b.
d. What about IP networks wouldn't that be a issue? 192 network to 172
network?

Thanks
Kris

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Kevin,
> If I had to redo the servers what is the correct procedure?
> a. Create abc.com w/DC

I would put both DCs in the same domain. you really need two DCs per domain,
anyway. Creating child domains and new domain trees don't help for failover.

> b. Create a.abc.com domain in DNS (they are one server abc.com and
> a.abc.com).

This would work, but it only gives you one DC per domain.

> c. Create b.abc.com domain in DNS (w/DC?) in separate server located
> at site b.
> d. What about IP networks wouldn't that be a issue? 192 network to 172
> network?
No issue, you would set up static Routes between the two subnets. So that
each router is aware of the other subnet and how to get to it.





--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kevin,
At network credentials:
Username: administrator@a.abc.com
password: pwd
domain: a.abc.com
when clicked next I get :
The domain "a.abc.com" is not an active directory domain or domain
controller for the domain could be contacted"
Please help.
Thanks
Kris

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Kevin,
> At network credentials:
> Username: administrator@a.abc.com
> password: pwd
> domain: a.abc.com
> when clicked next I get :
> The domain "a.abc.com" is not an active directory domain or domain
> controller for the domain could be contacted"

The machine must use the address of the first DC for DNS only.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kevin,
You are right I was trying to create failover type system but anyway can you
provide me steps please since my mind is confused I cannot catch your point
so easily.
This DNS domains and Active Directory domains are confusing me out. Please
provide step-by-step instructions.
Thanks
Kris

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

> The machine must use the address of the first DC for DNS only.
in other words ....

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris <k_mrNOSPAM@yahoo.com> wrote:
> Kevin,
> You are right I was trying to create failover type system but anyway
> can you provide me steps please since my mind is confused I cannot
> catch your point so easily.
> This DNS domains and Active Directory domains are confusing me out.
> Please provide step-by-step instructions.
> Thanks
> Kris


For best failover reliability.

First get static routes on your routers set up so you can ping IP addresses
in both subnets.
Set up your first DC using your choice of domain name, when you promote the
second DC, it must use the first DC for DNS only.
Promote it as a replica DC
After AD has fully replicated, your zone should exist on both DNS servers.
Turn off round robin, Turn on Enable Netmask Ordering (Advanced tab)



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Kris

It not really possible for you to be provided a step by step guide until you
explain clearly and precisely what you want and even then technet and the MS
support site are the best resources for specific deployment info

It is confusing and needs some careful planning, but if you have a specific
question let us know

Unfortunatly the only way this subject becomes less confusing is reading,then
reading, a wecast or two, a technet art, reading - you get the idea.
Webcasts are cool cus you can just sit there and have some one explain it to
you - better than reading

Good Luck

Simon

Kris wrote:
>Also please NOTE: IP networks are different

--
Simon Whyley
MCP XP,2Kpro
Comptia A+


Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000-active-directory/200508/1

 

[enkidu]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris wrote:
> Hello,
> I want to setup DNS Servers in two locations A and B.
> These two locations are connected via Point-Point with
> FULL T1. Two networks are 192.168 and 172.20 respectively.
>
Before you try anything else, ensure that you have network
connectivity between the two locations. Use ping and other
tools.
>
> I have setup a DC with a.abc.com (First Server in the
> network). Now how do I create b.abc.com? To creat child
> domain I donot see parent domain. Will a.abc.com will
> act like a parent domain?
>
I would set up your server as a standalone server. Setup its
NIC with the DNS of the first Domain. Check that you can
connect to the DNS on the first Domain over the network. You
don't have to login or anything - just use nslookup. If you
first Domain server is set up to query the Internet DNS,
that's good. Use the first Domain's DNS to look up, say,
www.microsoft.com.

If all is OK, run DCPROMO on the new server, tell the AD
setup that this is a new tree in an existing forest, and it
should connect to the DNS in the existing Domain and do the
upgrade.

With Domains a.abc.com as root and b.abc.com as a new tree
you have two disjoint DNS spaces - they don't overlap - so
you have to have a new tree

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com

 

[enkidu]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris wrote:
>
> Also please NOTE: IP networks are different
>
This is of no consequence.

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com

 

[enkidu]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris wrote:
>
> Also please NOTE: IP networks are different
>
Sorry, this is of no consquence if the two networks
can communicate. Test this with tools like 'ping'

Cheers,

Cliff




--

Barzoomian the Martian - http://barzoomian.blogspot.com

 

[Kris]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Simon,
As I explained in the first post that I want to have two DNS servers in two
locations and share the resources (view them in network neighbourhood).
Regards,
Kris

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Enkidu,
Thanks for the responses.

Two networks can ping each other no problems.
I will put DNS entry of Server A into Server B and see what happens.

But how would you setup/plan out with what I want to achieve;
Two DNS and share the resources (view in Network Neighbourhood).

Thanks
Kris

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Enkidu,
After applying DNS entry of Server A into Server B BINGO!!!! I was able to
pass thru' Network Credentials window.
I was wondering what type of config will this be:
In ServerA --- put DNS entry of Server B
In ServerB --- put DNS entry of Server A
Do I need forwarders (DNS Mgmt) then?

Thanks
Kris

 

[enkidu]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Kris wrote:
> Enkidu,
> After applying DNS entry of Server A into Server B BINGO!!!!
> I was able to pass thru' Network Credentials window.
> I was wondering what type of config will this be:
> In ServerA --- put DNS entry of Server B
> In ServerB --- put DNS entry of Server A
> Do I need forwarders (DNS Mgmt) then?
>
I guess you mean into the NIC DNSes. Glad it worked.

In order to decide what to define where, consider what is
going to happen a) when it is working and b) when one of the
DNS servers fails or goes down. If both servers are working
the clients can look up the necessary information and
register themselves in DNS in either of them, which then
propogate the information. It is therefore useful to have
them both defined in each client, but it doesn't matter in
which order.

A DNS server is also a DNS client, and therefore should have
both. When Server A comes up it might be beneficial if it
could do its login etc with the other DNS since its own DNS
may not be fully functional at that stage. Therefore it
might be best to put the other server *first* in the
server's NIC definitions. Same for the other server, as a
client.

As far as forwarders goes, they are used to forward request
to an external DNS for Internet access. If you want your
clients to access Internet sites, then you will need to
configure forwarders to point to some Internet DNS.
Alternatively you can let the DNS use 'root hints' to
recursively look up Internet addresses.

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Cliff,
Are you saying I never have to configure anything under forwarders as well
as reverse lookup section in DNS Console (unless Inet lookups)? It should be
blank? Everything (local) gets resolved via DNS services (nic's having dns
ip numbers)?
Thanks
Kris

"Enkidu" <enkidu.com@com.cliffp.com> wrote in message
news:430fa8c0@news2.actrix.gen.nz...
> Kris wrote:
>> Enkidu,
>> After applying DNS entry of Server A into Server B BINGO!!!!
> > I was able to pass thru' Network Credentials window.
>> I was wondering what type of config will this be:
>> In ServerA --- put DNS entry of Server B
>> In ServerB --- put DNS entry of Server A
>> Do I need forwarders (DNS Mgmt) then?
>>
> I guess you mean into the NIC DNSes. Glad it worked.
>
> In order to decide what to define where, consider what is going to happen
> a) when it is working and b) when one of the DNS servers fails or goes
> down. If both servers are working the clients can look up the necessary
> information and register themselves in DNS in either of them, which then
> propogate the information. It is therefore useful to have them both
> defined in each client, but it doesn't matter in which order.
>
> A DNS server is also a DNS client, and therefore should have both. When
> Server A comes up it might be beneficial if it could do its login etc with
> the other DNS since its own DNS may not be fully functional at that stage.
> Therefore it might be best to put the other server *first* in the server's
> NIC definitions. Same for the other server, as a client.
>
> As far as forwarders goes, they are used to forward request to an external
> DNS for Internet access. If you want your clients to access Internet
> sites, then you will need to configure forwarders to point to some
> Internet DNS. Alternatively you can let the DNS use 'root hints' to
> recursively look up Internet addresses.
>
> Cheers,
>
> Cliff
>
> --
>
> Barzoomian the Martian - http://barzoomian.blogspot.com

 

[Kris]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

Also I'm getting error Event ID: 7062
The DNS Server encountered a packet addressed to itself -- IP address
192.168.xxx.xxx(my dns server ip address).
Please help.

 

[Guest]

Archived from groups: microsoft.public.windows.server.dns,microsoft.public.windows.server.active_directory,microsoft.public.win2000.dns,microsoft.public.win2000.active_directory (More info?)

In news:uxRLQJOrFHA.1172@TK2MSFTNGP11.phx.gbl,
Kris <k_mrNOSPAM@yahoo.com> made this post, which I then commented about
below:
> Also I'm getting error Event ID: 7062
> The DNS Server encountered a packet addressed to itself -- IP address
> 192.168.xxx.xxx(my dns server ip address).
> Please help.

A forwarder will normally eliminate that error. It can also be due to a
delegation misonfiguration or the domain controller is multihomed.

Here's more info on it:
http://www.eventid.net/display.asp?eventid=7062&eventno=479&source=DNS&phase=1

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================