Simple DNS Setup - Single 2K server

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I have an environment with a Single Windows 2000 server. (192.168.0.2)

Linksys Router Provides DHCP. (192.168.0.1)

The DHCP settings in the router are currently setup like this:
DNS1 - ISP DNS SERVER
DNS2 - Internal 2K Server
DNS3 - ANOTHER ISP DNS SERVER

I believed that the Internal 2K server should be first in the list.
HOWEVER, when I set it like that, the workstations can log into the Domain,
but they CANNOT access the Internet. The above configuration works, but I
know it is wrong.

I heard about the Server providing DNS forwarding. I looked at it in the
server, but I remember it saying something about root servers not being able
to do this.

My question - What is the proper DNS setup in this scenario.

Thanks
P

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:656580D6-D18F-4CD5-9AE2-3BD7E6391AC4@microsoft.com,
PJM <PJM@discussions.microsoft.com> made a post then I commented below
> I have an environment with a Single Windows 2000 server. (192.168.0.2)
>
> Linksys Router Provides DHCP. (192.168.0.1)
>
> The DHCP settings in the router are currently setup like this:
> DNS1 - ISP DNS SERVER
> DNS2 - Internal 2K Server
> DNS3 - ANOTHER ISP DNS SERVER
>
> I believed that the Internal 2K server should be first in the list.
> HOWEVER, when I set it like that, the workstations can log into the
> Domain, but they CANNOT access the Internet. The above configuration
> works, but I know it is wrong.
>
> I heard about the Server providing DNS forwarding. I looked at it in
> the server, but I remember it saying something about root servers not
> being able to do this.
>
> My question - What is the proper DNS setup in this scenario.
>
> Thanks
> P

The recommended 'best practice' with ANY Active Directory environment is to
ONLY use the DNS servers that are authorative for the AD zone. AD DCs and
clients query DNS to "find" the domain, so to speak. If it were to ask your
ISP's DNS, will it 'know' where your domain is? No.

ONLY use the internal DNS. On the internal DNS, configure a forwarder to
your ISP's for efficient Internet resolution. If the forwarding option is
grayed out, delete the Root zone, and try again. If not sure how to delete
the root zone, if one does exist, or not sure how to configure a forwarder,
see this article:
http://support.microsoft.com/?id=300202

Also, it is *highly* recommended NOT to use your Linksys router for DHCP in
an AD environment. MS DHCP APIs work hand in hand with MS DNS APIs to offer
dynamic updates using Option 081, which these Linksys (and other routers) do
not offer. Disable that service and use your server's DHCP service.

All of this should give you a clean working headache-free functioning AD
system, provided there are no other errors associated with AD (single label
name, NTFRS errors, Netlogon errors, etc), which would require further
investigation.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================