internal DNS question

[Brian]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello all. Hoping someone can assist me.

For our domain, we have the root and our domain name zone
setup. Certain users need to have internet access but
cannot gain it via the main dns server due to . zone. I
installed another win2k server, setup dns on it and
configured it as a secondary. I am transferring the
internal zone over to the secondary and setup forwarding
to my ISP's dns server. This solution works, only
partially. When users have the secondary dns server and
the primary in their ipconfig, no internet. When only the
secondary is included, internet works fine but local
resolution does not. When internal is only setup, no
internet.

Any suggestions?

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

You need to delete the "." zone. Then add forwarders to your ISP's DNS
server. All your clients need to point to your internal DNS server for DNS.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"brian" <anonymous@discussions.microsoft.com> wrote in message
news:176c01c48c4d$2fa43e80$a301280a@phx.gbl...
> Hello all. Hoping someone can assist me.
>
> For our domain, we have the root and our domain name zone
> setup. Certain users need to have internet access but
> cannot gain it via the main dns server due to . zone. I
> installed another win2k server, setup dns on it and
> configured it as a secondary. I am transferring the
> internal zone over to the secondary and setup forwarding
> to my ISP's dns server. This solution works, only
> partially. When users have the secondary dns server and
> the primary in their ipconfig, no internet. When only the
> secondary is included, internet works fine but local
> resolution does not. When internal is only setup, no
> internet.
>
> Any suggestions?

 

[Brian]

Archived from groups: microsoft.public.win2000.dns (More info?)

Yes, I could do that but only 'select' people are to have
internet access. Deleting the . zone would give everyone
access.

>-----Original Message-----
>You need to delete the "." zone. Then add forwarders to
your ISP's DNS
>server. All your clients need to point to your internal
DNS server for DNS.
>
>--
>Scott Harding
>MCSE, MCSA, A+, Network+
>Microsoft MVP - Windows NT Server
>
>"brian" <anonymous@discussions.microsoft.com> wrote in
message
>news:176c01c48c4d$2fa43e80$a301280a@phx.gbl...
>> Hello all. Hoping someone can assist me.
>>
>> For our domain, we have the root and our domain name
zone
>> setup. Certain users need to have internet access but
>> cannot gain it via the main dns server due to . zone. I
>> installed another win2k server, setup dns on it and
>> configured it as a secondary. I am transferring the
>> internal zone over to the secondary and setup
forwarding
>> to my ISP's dns server. This solution works, only
>> partially. When users have the secondary dns server and
>> the primary in their ipconfig, no internet. When only
the
>> secondary is included, internet works fine but local
>> resolution does not. When internal is only setup, no
>> internet.
>>
>> Any suggestions?
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

How are you setting up forwarders with "." there??? You should not DNS to
restrict Interenet access. You should be using your firewall. An easy way is
just to not give those computers a default gateway and then they won't get
to the internet.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"brian" <anonymous@discussions.microsoft.com> wrote in message
news:007b01c48c58$bde83920$a401280a@phx.gbl...
>
> Yes, I could do that but only 'select' people are to have
> internet access. Deleting the . zone would give everyone
> access.
>
> >-----Original Message-----
> >You need to delete the "." zone. Then add forwarders to
> your ISP's DNS
> >server. All your clients need to point to your internal
> DNS server for DNS.
> >
> >--
> >Scott Harding
> >MCSE, MCSA, A+, Network+
> >Microsoft MVP - Windows NT Server
> >
> >"brian" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:176c01c48c4d$2fa43e80$a301280a@phx.gbl...
> >> Hello all. Hoping someone can assist me.
> >>
> >> For our domain, we have the root and our domain name
> zone
> >> setup. Certain users need to have internet access but
> >> cannot gain it via the main dns server due to . zone. I
> >> installed another win2k server, setup dns on it and
> >> configured it as a secondary. I am transferring the
> >> internal zone over to the secondary and setup
> forwarding
> >> to my ISP's dns server. This solution works, only
> >> partially. When users have the secondary dns server and
> >> the primary in their ipconfig, no internet. When only
> the
> >> secondary is included, internet works fine but local
> >> resolution does not. When internal is only setup, no
> >> internet.
> >>
> >> Any suggestions?
> >
> >
> >.
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:O6FBWfGjEHA.3524@TK2MSFTNGP10.phx.gbl,
Scott Harding - MS MVP <scrockel@**NO_SPAM**hotmail.com> made a post then I
commented below
> How are you setting up forwarders with "." there??? You should not
> DNS to restrict Interenet access. You should be using your firewall.
> An easy way is just to not give those computers a default gateway and
> then they won't get to the internet.


Or just to add, some sort of Proxy (ISA, Wingate, Sygate, SurfControl, etc).

Or even by using a fake proxy address for IE in a GPO just for those user
accounts.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:007b01c48c58$bde83920$a401280a@phx.gbl,
brian <anonymous@discussions.microsoft.com> wrote their comments
Then Kevin replied below:
> Yes, I could do that but only 'select' people are to have
> internet access. Deleting the . zone would give everyone
> access.

Set up a Group Policy Object for users you want to restrict from having
internet access in the user configuration, Windows Settings, in Internet
Explorer Maintenance, Connection settings put in a fake proxy address, you
can even allow the users to use Windows updates by adding
*.windowsupdate.microsoft.com and *.windowsupdate.com to the bypass proxy
list.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================
--
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
================================================
http://www.lonestaramerica.com/
================================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
================================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
================================================