Just to confirm

Murray

Distinguished
Sep 30, 2003
15
0
18,510
Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Everyone,
I have been reading some posts and I just thought that I should double check
to make sure I was doing the right / wrong thing.

I should not use the secondary DNS server spot in my client workstations to
enter the ISP's DNS server as a backup.

If I had what would've happened?

Murray
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Murray" <Murray@ozsoft.com.au> wrote in message
news:OivtEK4yEHA.1392@tk2msftngp13.phx.gbl...
> Hi Everyone,
> I have been reading some posts and I just thought that I should double
> check to make sure I was doing the right / wrong thing.
>
> I should not use the secondary DNS server spot in my client workstations
> to enter the ISP's DNS server as a backup.
>
> If I had what would've happened?
>
> Murray
>
You have 2 domain controllers, that's backup enough generally. If you set
ISP as the secondary if you lose the primary the client reverts to the
secondary and will not reslove internal IP's .... ok doens't seem bad since
but here's the issue, the client (to my understanding) won't revert back to
the primary when it becomes available again without rebooting.

Matt
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Murray wrote:
> Hi Everyone,
> I have been reading some posts and I just thought that I should
> double check to make sure I was doing the right / wrong thing.
>
> I should not use the secondary DNS server spot in my client
> workstations to enter the ISP's DNS server as a backup.

Right. Nor on your servers themselves. No external/public DNS server IPs in
your IP configs.

>
> If I had what would've happened?

Your computers would eventually start looking for your domain controllers on
the Internet. And wouldn't find them.
>
> Murray
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <eQmEUX5yEHA.3336@TK2MSFTNGP11.phx.gbl>,
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
> Murray wrote:
> > Hi Everyone,
> > I have been reading some posts and I just thought that I should
> > double check to make sure I was doing the right / wrong thing.
> >
> > I should not use the secondary DNS server spot in my client
> > workstations to enter the ISP's DNS server as a backup.
>
> Right. Nor on your servers themselves. No external/public DNS server IPs in
> your IP configs.

I have the DHCP scope setup with DNS1 as the DNS server in the LAN, and
it has forwarders to the ISP. I have DNS2 and DNS3 setup for the ISP's
DNS servers. There is no problem on the network with this that I can
see, and it works quite well.

> > If I had what would've happened?
>
> Your computers would eventually start looking for your domain controllers on
> the Internet. And wouldn't find them.

Wrong, it will only look for the DNS from the public servers if it can't
find the DNS records locally on the internal DNS server. I've used
internal DNS with Forwarders and secondary DNS of the ISP in every scope
for years, and we're always able to find internal network resources by
name.

If you add your ISP's DNS it means that you can still resolve external
DNS should you take down the DNS server inside your network.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Leythos wrote:
> In article <eQmEUX5yEHA.3336@TK2MSFTNGP11.phx.gbl>,
> lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
>> Murray wrote:
>>> Hi Everyone,
>>> I have been reading some posts and I just thought that I should
>>> double check to make sure I was doing the right / wrong thing.
>>>
>>> I should not use the secondary DNS server spot in my client
>>> workstations to enter the ISP's DNS server as a backup.
>>
>> Right. Nor on your servers themselves. No external/public DNS server
>> IPs in your IP configs.
>
> I have the DHCP scope setup with DNS1 as the DNS server in the LAN,
> and it has forwarders to the ISP. I have DNS2 and DNS3 setup for the
> ISP's DNS servers. There is no problem on the network with this that
> I can see, and it works quite well.
>
>>> If I had what would've happened?
>>
>> Your computers would eventually start looking for your domain
>> controllers on the Internet. And wouldn't find them.
>
> Wrong, it will only look for the DNS from the public servers if it
> can't find the DNS records locally on the internal DNS server.

Or if for some reason it queries the public ones.

> I've
> used internal DNS with Forwarders

Good

> and secondary DNS of the ISP

Bad

>in
> every scope for years, and we're always able to find internal network
> resources by name.

You've been lucky.
>
> If you add your ISP's DNS it means that you can still resolve external
> DNS should you take down the DNS server inside your network.

And network users will usually have slow logins and other problems. This is
not the recommended setup. See http://support.microsoft.com/kb/237675/EN-US/
>
>
> --
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:MPG.1c035a415259fa25989a63@news-server.columbus.rr.com,
Leythos <void@nowhere.org> commented
Then Kevin replied below:
> In article <eQmEUX5yEHA.3336@TK2MSFTNGP11.phx.gbl>,
> lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com
> says...
>> Murray wrote:
>>> Hi Everyone,
>>> I have been reading some posts and I just thought that
>>> I should double check to make sure I was doing the
>>> right / wrong thing.
>>>
>>> I should not use the secondary DNS server spot in my
>>> client workstations to enter the ISP's DNS server as a
>>> backup.
>>
>> Right. Nor on your servers themselves. No
>> external/public DNS server IPs in your IP configs.
>
> I have the DHCP scope setup with DNS1 as the DNS server
> in the LAN, and it has forwarders to the ISP. I have DNS2
> and DNS3 setup for the ISP's DNS servers. There is no
> problem on the network with this that I can see, and it
> works quite well.
>
>>> If I had what would've happened?
>>
>> Your computers would eventually start looking for your
>> domain controllers on the Internet. And wouldn't find
>> them.
>
> Wrong, it will only look for the DNS from the public
> servers if it can't find the DNS records locally on the
> internal DNS server. I've used internal DNS with
> Forwarders and secondary DNS of the ISP in every scope
> for years, and we're always able to find internal network
> resources by name.
>
> If you add your ISP's DNS it means that you can still
> resolve external DNS should you take down the DNS server
> inside your network.

No, you're wrong. If the internal server answers with a not found the query
will not go to the external DNS, the query stops. If the Preferred
(internal) DNS responds slowly, as it would if it were busy, the query goes
to the Alternate DNS if the Alternate responds with either a positive or
negative answer, it is still considered an answer, then the system will
consider the Alternate DNS as the best DNS to use and moves it to the
Preferred position until the system resets the DNS server list (default is
15 minutes). Then when the system needs a local query it sends it to the
external DNS, when the external DNS answers negatively, and it will because
it cannot possibly know the answer, the query fails and the internal DNS
will NOT be queried, even though it holds the record.

If you want DNS servers to always use the servers in the order listed in
TCP/IP properties you will have to modify the registry to reset the server
list in less than 15 minutes.

The DNS Client Service Does Not Revert to Using the First Server in the List
in Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320760
The DNS Client Service Does Not Revert to Using the First Server in the
List:
http://support.microsoft.com/default.aspx?scid=kb;en-us;286834

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <ecxBqW#yEHA.3844@TK2MSFTNGP12.phx.gbl>,
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
> > every scope for years, and we're always able to find internal network
> > resources by name.
>
> You've been lucky.
> >
> > If you add your ISP's DNS it means that you can still resolve external
> > DNS should you take down the DNS server inside your network.
>
> And network users will usually have slow logins and other problems. This is
> not the recommended setup. See http://support.microsoft.com/kb/237675/EN-US/

No login problems, and it's performed as well as any network I've been
on, ever. Since the local name is domain.lan and since the DSN is setup
internally for domain.lan I don't have to worry about the users trying
to resolve domain.lan on the public networks.

The article you provided the link to does not indicate any problem with
creating the DNS as I did, in fact, it looks fine to me. Since I'm not
about to use a TLD in the company network, it looks fully supported just
the way that I did it.

In addition to the forward lookup zone, I also created zones for each of
the domain names that we host and then local A records that match the
public names, but they point to the internal IP of the public record.

Not only does this work, but trusts between domains works fully, all
domains are visible in the Network Places, and only public needed DNS is
sent outside the network.

Combine this with a properly scoped DHCP and you're in business.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Leythos" <void@nowhere.org> wrote in message
news:MPG.1c03e3e2334750ff989a67@news-server.columbus.rr.com...
> In article <ecxBqW#yEHA.3844@TK2MSFTNGP12.phx.gbl>,
> lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
>> > every scope for years, and we're always able to find internal network
>> > resources by name.
>>
>> You've been lucky.
>> >
>> > If you add your ISP's DNS it means that you can still resolve external
>> > DNS should you take down the DNS server inside your network.
>>
>> And network users will usually have slow logins and other problems. This
>> is
>> not the recommended setup. See
>> http://support.microsoft.com/kb/237675/EN-US/
>
> No login problems, and it's performed as well as any network I've been
> on, ever. Since the local name is domain.lan and since the DSN is setup
> internally for domain.lan I don't have to worry about the users trying
> to resolve domain.lan on the public networks.
>
Ok, I'm going to logon on, I query DNS for an SRV record for a DC. Primary
DNS (One of your DC's) is down, so I query the secondary (ISP DNS). This is
when it becomes slow and you start querying externally for internal
resources. Next problem is what happens when the internal DNS comes up?
Your clients will keep querying externally.

Matt
MCT, MCSE
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <ORA6OT$yEHA.2568@TK2MSFTNGP11.phx.gbl>, admin@nospam.WFTX.US
says...
> In news:MPG.1c035a415259fa25989a63@news-server.columbus.rr.com,
> Leythos <void@nowhere.org> commented
> Then Kevin replied below:
> > In article <eQmEUX5yEHA.3336@TK2MSFTNGP11.phx.gbl>,
> > lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com
> > says...
> >> Murray wrote:
> >>> Hi Everyone,
> >>> I have been reading some posts and I just thought that
> >>> I should double check to make sure I was doing the
> >>> right / wrong thing.
> >>>
> >>> I should not use the secondary DNS server spot in my
> >>> client workstations to enter the ISP's DNS server as a
> >>> backup.
> >>
> >> Right. Nor on your servers themselves. No
> >> external/public DNS server IPs in your IP configs.
> >
> > I have the DHCP scope setup with DNS1 as the DNS server
> > in the LAN, and it has forwarders to the ISP. I have DNS2
> > and DNS3 setup for the ISP's DNS servers. There is no
> > problem on the network with this that I can see, and it
> > works quite well.
> >
> >>> If I had what would've happened?
> >>
> >> Your computers would eventually start looking for your
> >> domain controllers on the Internet. And wouldn't find
> >> them.
> >
> > Wrong, it will only look for the DNS from the public
> > servers if it can't find the DNS records locally on the
> > internal DNS server. I've used internal DNS with
> > Forwarders and secondary DNS of the ISP in every scope
> > for years, and we're always able to find internal network
> > resources by name.
> >
> > If you add your ISP's DNS it means that you can still
> > resolve external DNS should you take down the DNS server
> > inside your network.
>
> No, you're wrong. If the internal server answers with a not found the query
> will not go to the external DNS, the query stops. If the Preferred
> (internal) DNS responds slowly, as it would if it were busy, the query goes
> to the Alternate DNS if the Alternate responds with either a positive or
> negative answer, it is still considered an answer, then the system will
> consider the Alternate DNS as the best DNS to use and moves it to the
> Preferred position until the system resets the DNS server list (default is
> 15 minutes). Then when the system needs a local query it sends it to the
> external DNS, when the external DNS answers negatively, and it will because
> it cannot possibly know the answer, the query fails and the internal DNS
> will NOT be queried, even though it holds the record.
>
> If you want DNS servers to always use the servers in the order listed in
> TCP/IP properties you will have to modify the registry to reset the server
> list in less than 15 minutes.

I understand what you are staying, but it's not working that way in our
networks, or anywhere else I've set it up that way.

If I query for foobar.zzz I get a not found and can see the ISP's DNS
being queried. If I query for station.mydomain.lan, I get a result and
never see it go outbound. If I take the server down, DNS server, flush
the dsn locally, and query, station.mydomain.lan, it does not go to the
ISP's DNS, it just fails. If I take the dns server down, query for
yahoo.com, it hits the ISP's DNS server just fine. If I have the DNS
server running and query yahoo.com, it hits the ISP's DNS server also.

For any of the forward zones that I've created, none of the queries
against them leave the local network - I can see that they don't go to
the ISP because there is no DNS traffic at that time.

Maybe it's because our internal DNS server never gets busy enough to no
respond? The server, DNS, in most cases, is a single server network,
doing all user auth, files, profiles, and sometimes even SQL 2000. We
have never experienced anything like you suggest.

I will setup a test server like you and one other have posted and try it
to see if there is any difference, but I'm not expecting to see any.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:MPG.1c03f1236bc57ca989a6a@news-server.columbus.rr.com,
Leythos <void@nowhere.org> commented
Then Kevin replied below:
> I understand what you are staying, but it's not working
> that way in our networks, or anywhere else I've set it up
> that way.
>
> If I query for foobar.zzz I get a not found and can see
> the ISP's DNS being queried. If I query for
> station.mydomain.lan, I get a result and never see it go
> outbound. If I take the server down, DNS server, flush
> the dsn locally, and query, station.mydomain.lan, it does
> not go to the ISP's DNS, it just fails. If I take the dns
> server down, query for yahoo.com, it hits the ISP's DNS
> server just fine. If I have the DNS server running and
> query yahoo.com, it hits the ISP's DNS server also.
>
> For any of the forward zones that I've created, none of
> the queries against them leave the local network - I can
> see that they don't go to the ISP because there is no DNS
> traffic at that time.
>
> Maybe it's because our internal DNS server never gets
> busy enough to no respond? The server, DNS, in most
> cases, is a single server network, doing all user auth,
> files, profiles, and sometimes even SQL 2000. We have
> never experienced anything like you suggest.
>
> I will setup a test server like you and one other have
> posted and try it to see if there is any difference, but
> I'm not expecting to see any.

With all due respect, it is not just me and one other that will tell you
this. One big reason why your wrong, All DCs by default and any client that
supports DDNS and is configured to do so, will attempt to register their
records in all DNS server listed in TCP/IP properties and DCs will log
Netlogon errors if they can't.

If you have your ISP's DNS listed in TCP/IP properties it means that your
machines will try to register their records in your ISP's DNS servers. I
would not be surprised if you ISP would ask you to stop this practice
because of this. It would not be the first ISP to do this, and some have
even blocked access to their DNS server because it overloaded their DNS
servers with registration requests. This is true, there was a user in
Australia that his ISP blocked his network's access to their DNS servers
until the problem was fixed. They can do this because it was prohibited in
their service agreement.

Besides all that, it would be inappropriate for you to allow this and it
causes problems for your ISP's other users. So it would be to you best
interest to properly configure any network you set up. It is not beneficial
to do otherwise, and if you lose local DNS resolution, having your ISP's DNS
won't help one bit. Your machines' will be slowed to a crawl because the DC
cannot be located in the ISP's DNS.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <#hGexU$yEHA.1452@TK2MSFTNGP11.phx.gbl>,
andersonnoapam@dynedge.com says...
>
> "Leythos" <void@nowhere.org> wrote in message
> news:MPG.1c03e3e2334750ff989a67@news-server.columbus.rr.com...
> > In article <ecxBqW#yEHA.3844@TK2MSFTNGP12.phx.gbl>,
> > lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
> >> > every scope for years, and we're always able to find internal network
> >> > resources by name.
> >>
> >> You've been lucky.
> >> >
> >> > If you add your ISP's DNS it means that you can still resolve external
> >> > DNS should you take down the DNS server inside your network.
> >>
> >> And network users will usually have slow logins and other problems. This
> >> is
> >> not the recommended setup. See
> >> http://support.microsoft.com/kb/237675/EN-US/
> >
> > No login problems, and it's performed as well as any network I've been
> > on, ever. Since the local name is domain.lan and since the DSN is setup
> > internally for domain.lan I don't have to worry about the users trying
> > to resolve domain.lan on the public networks.
> >
> Ok, I'm going to logon on, I query DNS for an SRV record for a DC. Primary
> DNS (One of your DC's) is down, so I query the secondary (ISP DNS). This is
> when it becomes slow and you start querying externally for internal
> resources.

I agree, if the internal DNS server is down and they are not caching the
DNS locally, they won't find anything via DNS for the internal network -
that's how its suppose to work. When the local DNS is down, it does not
appear to hit the public DNS server, I've watched the firewall hundreds
of times and never see it do that when our DNS is down, at least not for
local names.

> Next problem is what happens when the internal DNS comes up?
> Your clients will keep querying externally.

Nope, it comes right back up and starts working perfectly, always has. I
can't explain it, it's just been that way for me since I started using
DNS internally years ago.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

[snip]

Ok, so I've got it setup wrong, let's go over the proper method in
Window 2000/2003 server to set it up so that I can properly understand
my error.

Setup new DC, install AD, which does and auto-install of DNS.

When I open DNS, click Server, Properties, I see the following:

Interfaces: local IP of DNS server, 192.168.3.10
Forwarders: None, I add the DNS Servers from the ISP and Enable.
Root Hints: No Change, as it came out of the box.

Forward Lookup Zones
mycompany.lan
secondcompany.lan
thirdcompany.lan

Aging is set to 1 day for all zones


Setup DHCP:

003 Router - local IP of router/default GW
006 DNS Servers - 192.168.3.10, ISP1 DNS, ISP2 DNS
015 DNS Domain Name - mycompany.lan
(other options not shown here)


So, for an internal DNS server, that also uses DHCP to provide DNS info
to client workstations, what should I be doing?

Thanks, I will make the suggested changes tonight and let you know what
impact I see on Wednesday.






--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Leythos wrote:
> [snip]
>
> Ok, so I've got it setup wrong, let's go over the proper method in
> Window 2000/2003 server to set it up so that I can properly understand
> my error.
>
> Setup new DC, install AD, which does and auto-install of DNS.
>
> When I open DNS, click Server, Properties, I see the following:
>
> Interfaces: local IP of DNS server, 192.168.3.10
> Forwarders: None, I add the DNS Servers from the ISP and Enable.
> Root Hints: No Change, as it came out of the box.
>
> Forward Lookup Zones
> mycompany.lan
> secondcompany.lan
> thirdcompany.lan
>
> Aging is set to 1 day for all zones
>
>
> Setup DHCP:
>
> 003 Router - local IP of router/default GW
> 006 DNS Servers - 192.168.3.10, ISP1 DNS, ISP2 DNS

No - only 192.168.3.10, presuming that's your internal DNS server's IP.

> 015 DNS Domain Name - mycompany.lan
> (other options not shown here)
>
>
> So, for an internal DNS server, that also uses DHCP to provide DNS
> info to client workstations, what should I be doing?

Fix your DHCP so it doesn't dish out any external DNS server IPs. All
clients will use the internal DNS server for resolution, and the forwarders
will take care of external resolution.

>
> Thanks, I will make the suggested changes tonight and let you know
> what impact I see on Wednesday.
>
>
>
>
>
>
> --
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:MPG.1c042caacf32d953989a6d@news-server.columbus.rr.com,
Leythos <void@nowhere.org> commented
Then Kevin replied below:
> [snip]
>
> Ok, so I've got it setup wrong, let's go over the proper
> method in Window 2000/2003 server to set it up so that I
> can properly understand my error.
>
> Setup new DC, install AD, which does and auto-install of
> DNS.
>
> When I open DNS, click Server, Properties, I see the
> following:
>
> Interfaces: local IP of DNS server, 192.168.3.10
> Forwarders: None, I add the DNS Servers from the ISP and
> Enable.
> Root Hints: No Change, as it came out of the box.
>
> Forward Lookup Zones
> mycompany.lan
> secondcompany.lan
> thirdcompany.lan
>
> Aging is set to 1 day for all zones
>
>
> Setup DHCP:
>
> 003 Router - local IP of router/default GW
> 006 DNS Servers - 192.168.3.10, ISP1 DNS, ISP2 DNS
> 015 DNS Domain Name - mycompany.lan
> (other options not shown here)
>
>
> So, for an internal DNS server, that also uses DHCP to
> provide DNS info to client workstations, what should I be
> doing?

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;323380



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <uqtSJWFzEHA.804@TK2MSFTNGP12.phx.gbl>, admin@nospam.WFTX.US
says...
> > So, for an internal DNS server, that also uses DHCP to
> > provide DNS info to client workstations, what should I be
> > doing?
>
> 825036 - Best practices for DNS client settings in Windows 2000 Server and
> in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
>
> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;323380

So, based on what I've read, and what others have said, it appears that
as long as I have my DNS DOMAIN NAME properly configured that the DNS
traffic for the DOMAIN NAME never leaves the network.

The advantage of using DNS1 = internal dns server, DNS2/3 = ISP, is that
when the internal DNS server is down, the users can still get to the
Internet. Once the DNS server comes back on-line they all automatically
start using it again - at least that's how it's working in the real
world.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:MPG.1c0505d54737ee58989a72@news-server.Columbus.rr.com,
Leythos <void@nowhere.org> commented
Then Kevin replied below:
> In article <uqtSJWFzEHA.804@TK2MSFTNGP12.phx.gbl>,
> admin@nospam.WFTX.US says...
>>> So, for an internal DNS server, that also uses DHCP to
>>> provide DNS info to client workstations, what should I
>>> be doing?
>>
>> 825036 - Best practices for DNS client settings in
>> Windows 2000 Server and in Windows Server 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
>>
>> 323380 - HOW TO: Configure DNS for Internet Access in
>> Windows Server 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;323380
>
> So, based on what I've read, and what others have said,
> it appears that as long as I have my DNS DOMAIN NAME
> properly configured that the DNS traffic for the DOMAIN
> NAME never leaves the network.
>
> The advantage of using DNS1 = internal dns server, DNS2/3
> = ISP, is that when the internal DNS server is down, the
> users can still get to the Internet. Once the DNS server
> comes back on-line they all automatically start using it
> again - at least that's how it's working in the real
> world.

You posted here to confirm if your DNS server list is configured right, I
advised you it's wrong, so did Lanwench and Matt. Everyone that regularly
posts here will tell you the same. But it is obvious that your going to use
your ISP's DNS in TCP/IP properties incorrectly anyway. Why did you even
ask?
If you want to know the official Microsoft position on your question, here
it is. Take it anyway you want, there is no need to argue any longer. It is
your reputation you are working on anyway.
825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Leythos wrote:
> In article <uqtSJWFzEHA.804@TK2MSFTNGP12.phx.gbl>,
> admin@nospam.WFTX.US says...
>>> So, for an internal DNS server, that also uses DHCP to
>>> provide DNS info to client workstations, what should I be
>>> doing?
>>
>> 825036 - Best practices for DNS client settings in Windows 2000
>> Server and in Windows Server 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
>>
>> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server
>> 2003 http://support.microsoft.com/default.aspx?scid=kb;en-us;323380
>
> So, based on what I've read, and what others have said, it appears
> that as long as I have my DNS DOMAIN NAME properly configured that
> the DNS traffic for the DOMAIN NAME never leaves the network.
>
> The advantage of using DNS1 = internal dns server, DNS2/3 = ISP, is
> that when the internal DNS server is down, the users can still get to
> the Internet. Once the DNS server comes back on-line they all
> automatically start using it again - at least that's how it's working
> in the real world.

My internal DNS server doesn't go down unless I take it down, generally
speaking, and I don't do that during business hours. See Kevin's reply as
well - you can set up your networks as you like, but you aren't doing it
properly if you use your ISP's DNS servers on any server or client on your
network, and I assure you that this *does* cause problems.
>
>
> --
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:OBd9oiLzEHA.2572@tk2msftngp13.phx.gbl...

> My internal DNS server doesn't go down unless I take it down, generally
> speaking, and I don't do that during business hours. See Kevin's reply as
> well - you can set up your networks as you like, but you aren't doing it
> properly if you use your ISP's DNS servers on any server or client on your
> network, and I assure you that this *does* cause problems.

Leythos, feel free to configure your network as you like, but you'll be
better off in the long run if you follow teh suggestions in this thread.
Best of luck to you : ).

Matt
MCT, MCSE
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <eBo5W4KzEHA.3656@TK2MSFTNGP09.phx.gbl>, admin@nospam.WFTX.US
says...
> In news:MPG.1c0505d54737ee58989a72@news-server.Columbus.rr.com,
> Leythos <void@nowhere.org> commented
> Then Kevin replied below:
> > In article <uqtSJWFzEHA.804@TK2MSFTNGP12.phx.gbl>,
> > admin@nospam.WFTX.US says...
> >>> So, for an internal DNS server, that also uses DHCP to
> >>> provide DNS info to client workstations, what should I
> >>> be doing?
> >>
> >> 825036 - Best practices for DNS client settings in
> >> Windows 2000 Server and in Windows Server 2003
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
> >>
> >> 323380 - HOW TO: Configure DNS for Internet Access in
> >> Windows Server 2003
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;323380
> >
> > So, based on what I've read, and what others have said,
> > it appears that as long as I have my DNS DOMAIN NAME
> > properly configured that the DNS traffic for the DOMAIN
> > NAME never leaves the network.
> >
> > The advantage of using DNS1 = internal dns server, DNS2/3
> > = ISP, is that when the internal DNS server is down, the
> > users can still get to the Internet. Once the DNS server
> > comes back on-line they all automatically start using it
> > again - at least that's how it's working in the real
> > world.
>
> You posted here to confirm if your DNS server list is configured right, I
> advised you it's wrong, so did Lanwench and Matt. Everyone that regularly
> posts here will tell you the same. But it is obvious that your going to use
> your ISP's DNS in TCP/IP properties incorrectly anyway. Why did you even
> ask?

Because I wanted to see how I was being impacted by doing it like I
have. From my experience, and from the documents presented by others, it
does not appear that my settings hinder the operation of the network at
all. There is no extra traffic while the local DNS server is working,
and when the local DNS server is not working we can still get access to
external sites. When the local DNS server returns to operation so does
all local resolution.

The entire point of me posting was to say that IT DOES WORK LIKE I'M
SAYING, not to ask if it follows the Microsoft Approved Way.

From all that I can see, and use in the real world in many sites, there
does not appear to be any detriment to using the additional DNS servers
of the ISP as long as your local DNS is first and setup properly.

That's the only point - it works fine.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <#fF8LzMzEHA.4004@tk2msftngp13.phx.gbl>,
andersonnoapam@dynedge.com says...
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
> news:OBd9oiLzEHA.2572@tk2msftngp13.phx.gbl...
>
> > My internal DNS server doesn't go down unless I take it down, generally
> > speaking, and I don't do that during business hours. See Kevin's reply as
> > well - you can set up your networks as you like, but you aren't doing it
> > properly if you use your ISP's DNS servers on any server or client on your
> > network, and I assure you that this *does* cause problems.
>
> Leythos, feel free to configure your network as you like, but you'll be
> better off in the long run if you follow teh suggestions in this thread.
> Best of luck to you : ).

Matt, and others - I agree with the above. It's definitely not the MS
way, not the approved MS way, but, the entire point of the conversation
was for me to learn WHAT PROBLEMS this setup causes. I've read one post
that described a number of issues with resolution of DNS if there is an
internal problem. I duplicated the DNS problem and when recovered it did
not exhibit the described problem.

My entire interest in this thread is only to learn about the problem,
not the proper MS way of configuring it, and to learn about what impact
it can have on my network. Based on everyone's comments I should be able
to see problems, but I'm unable to see them, and the domain requests do
not leave the local network (I would see them in the firewall logs if
they did).

So, here's a question for you: Have you tried it exactly like I describe
and seen the problem on YOUR networks? I'm not talking about some text-
book lab example, I'm talking about a network with 50+ active nodes and
multiple servers.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Leythos" <void@nowhere.org> wrote in message
news:MPG.1c0564171ac264f989a76@news-server.columbus.rr.com...
> In article <#fF8LzMzEHA.4004@tk2msftngp13.phx.gbl>,
> andersonnoapam@dynedge.com says...
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
>> message
>> news:OBd9oiLzEHA.2572@tk2msftngp13.phx.gbl...
>>
>> > My internal DNS server doesn't go down unless I take it down, generally
>> > speaking, and I don't do that during business hours. See Kevin's reply
>> > as
>> > well - you can set up your networks as you like, but you aren't doing
>> > it
>> > properly if you use your ISP's DNS servers on any server or client on
>> > your
>> > network, and I assure you that this *does* cause problems.
>>
>> Leythos, feel free to configure your network as you like, but you'll be
>> better off in the long run if you follow teh suggestions in this thread.
>> Best of luck to you : ).
>
> Matt, and others - I agree with the above. It's definitely not the MS
> way, not the approved MS way, but, the entire point of the conversation
> was for me to learn WHAT PROBLEMS this setup causes. I've read one post
> that described a number of issues with resolution of DNS if there is an
> internal problem. I duplicated the DNS problem and when recovered it did
> not exhibit the described problem.
>
> My entire interest in this thread is only to learn about the problem,
> not the proper MS way of configuring it, and to learn about what impact
> it can have on my network. Based on everyone's comments I should be able
> to see problems, but I'm unable to see them, and the domain requests do
> not leave the local network (I would see them in the firewall logs if
> they did).
>
> So, here's a question for you: Have you tried it exactly like I describe
> and seen the problem on YOUR networks? I'm not talking about some text-
> book lab example, I'm talking about a network with 50+ active nodes and
> multiple servers.
>
Yes, you'll see slow logons, and if you're not allowing cached credentials
even failed logons. Take your DC down (all of them) and try to log on the
network. You may find it take a long time to build the domain list and
other issues. I understand your post now, I hope this helps.

matt
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Leythos wrote:
> In article <#fF8LzMzEHA.4004@tk2msftngp13.phx.gbl>,
> andersonnoapam@dynedge.com says...
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
>> message news:OBd9oiLzEHA.2572@tk2msftngp13.phx.gbl...
>>
>>> My internal DNS server doesn't go down unless I take it down,
>>> generally speaking, and I don't do that during business hours. See
>>> Kevin's reply as well - you can set up your networks as you like,
>>> but you aren't doing it properly if you use your ISP's DNS servers
>>> on any server or client on your network, and I assure you that this
>>> *does* cause problems.
>>
>> Leythos, feel free to configure your network as you like, but you'll
>> be better off in the long run if you follow teh suggestions in this
>> thread. Best of luck to you : ).
>
> Matt, and others - I agree with the above. It's definitely not the MS
> way, not the approved MS way, but, the entire point of the
> conversation was for me to learn WHAT PROBLEMS this setup causes.
> I've read one post that described a number of issues with resolution
> of DNS if there is an internal problem. I duplicated the DNS problem
> and when recovered it did not exhibit the described problem.

I repeat - you've been lucky.
>
> My entire interest in this thread is only to learn about the problem,
> not the proper MS way of configuring it, and to learn about what
> impact it can have on my network. Based on everyone's comments I
> should be able to see problems, but I'm unable to see them, and the
> domain requests do not leave the local network (I would see them in
> the firewall logs if they did).
>
> So, here's a question for you: Have you tried it exactly like I
> describe and seen the problem on YOUR networks? I'm not talking about
> some text- book lab example, I'm talking about a network with 50+
> active nodes and multiple servers.

I wouldn't dream of trying it. I don't see the point, when setting it up in
'textbook fashion' works as well as it does. If your internal DNS servers
are falling down going boom on their own all the time, that's another story!

But again, to each his own.
>
> --
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <#5OY66NzEHA.2572@tk2msftngp13.phx.gbl>,
andersonnoapam@dynedge.com says...
> > My entire interest in this thread is only to learn about the problem,
> > not the proper MS way of configuring it, and to learn about what impact
> > it can have on my network. Based on everyone's comments I should be able
> > to see problems, but I'm unable to see them, and the domain requests do
> > not leave the local network (I would see them in the firewall logs if
> > they did).
> >
> > So, here's a question for you: Have you tried it exactly like I describe
> > and seen the problem on YOUR networks? I'm not talking about some text-
> > book lab example, I'm talking about a network with 50+ active nodes and
> > multiple servers.
> >
> Yes, you'll see slow logons, and if you're not allowing cached credentials
> even failed logons. Take your DC down (all of them) and try to log on the
> network. You may find it take a long time to build the domain list and
> other issues. I understand your post now, I hope this helps.

Thanks Matt, that was what I was trying to determine from all of this. I
appreciate you wading through my replies.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Leythos" <void@nowhere.org> wrote in message
news:MPG.1c0590e4fc7c20c1989a79@news-server.columbus.rr.com...
> Thanks Matt, that was what I was trying to determine from all of this. I
> appreciate you wading through my replies.
>
Glad to help!

Matt
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In article <#E8TXjQzEHA.3708@TK2MSFTNGP14.phx.gbl>,
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
> > So, here's a question for you: Have you tried it exactly like I
> > describe and seen the problem on YOUR networks? I'm not talking about
> > some text- book lab example, I'm talking about a network with 50+
> > active nodes and multiple servers.
>
> I wouldn't dream of trying it. I don't see the point, when setting it up in
> 'textbook fashion' works as well as it does. If your internal DNS servers
> are falling down going boom on their own all the time, that's another story!
>
> But again, to each his own.

But this is what separates the brave, or sometimes stupid (not meaning
you) from the rest of the world. I started working with DNS on Windows
before I could find a good paper on it and before MS provided clear
papers on it. The setups have been working for many years with nothing
to report on as problems.

I've learned a couple things, and don't take this wrong, I love the
Windows platform, have many of them and make a living from them, but
there is this old saying "There is the right way, the wrong way, and the
Microsoft way". In my case, it's not the MS way, but it does not appear
to be the wrong way in actual operation, at least not in any of the
networks I've setup like this.

I'll take everything under consideration, and I've not discounted any of
it, but it's hard to see a reason to change when the current method is
not degrading performance, has been working for years, and does not
cause any unnecessary external traffic.

Thanks for your time.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)