DNS under win2k

Posted on 2001-08-31
Last Modified: 2010-04-13
Here is the situation: I got 2 NIC. each one of them is on a different subnet connected at the same time. Each subnet has it's own DNS server. Now when I try to resolve intranet sites of domainA, when DNSB is the one used, it doesn't work unless I change the DNS for DNSA each time which is a pain in the @ss.
1)I wanted to set up a DNS server that would forward the request to the correct DNS server (DomainA to DNSA and DomainB to DNSB). I am using Win2k Server and the DNS that came with it. Btw I have no problem resolving internet sites using either of the DNSs.
2) Is there a way to make my DNS server "silent"? I don't want it to go and "screw" or "talk" to other DNS servers on our network...only to serve my machine and no others.
3)is there a way to install DNS from the win2k Server cd on a win2k professional workstation?

Thx for helping
Question by:paricitoi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 13

Expert Comment

ID: 6445938
Is there any reason why you have 2 separate DNS'.  Maybe I'm reading you wrong, is one of the servers promary and the other a secondary, or are they both primary to their segments?  
If they are both primary, why don't you consolidate them to a primary - secondary relationship. This way they will have the same database.  
If you need to maintain the two primary DNS' then create secondary zones on each for the other's domain.  Something like:
SVR1   DNSA - primary  DNSB - secondary
SVR2   DNSB - primary  DNSA - secondary

For your second question, I'm not sure what "it" is.  Are you talking about your workstation or the DNS server(s).  OK, i read it again for the 3rd time.  Pardon me, I'm kind of thick-headed - Irish descent you know!!  :-)  As long as you are the only client pointing to the server, it will only serve you.  However, if someone else points to it, then it will also server them.  Don't know of any other way to keep a DNS server down.  But don't take my word on it, there are lots of people here who come up with great ideas/solutions.
Don't know the answer to #3.  I wouldn't think that DNS would ever be loaded on a workstation due to its 10 connection limit, which is probably why Microsoft doesn't offer it on the workstation CD.

Author Comment

ID: 6446200
Hi and thank you for replying.
1) The problem is that each domain has 3 DNS servers (DNSA1 2 and 3) so whenever DNSA1 is not able to resolve, DNSA2 is gonna answer the query. When I tried the Primary-secondary approach, there were some site that couldn't be resolved. Regarding what you proposed, I know that there is just one DNS seting no matter on which NIC you set it for Win98. Is win2k different regarding that specific matter?

2)it= My DNS server. When I set up a MS DNS server at an office where there already was another DNS server running on FreeBSD, my dns server started trying to update the other DNS server on FreeBSD. I don't want that to happen here...I want to keep a low profile :)

3) Still pending :)

Accepted Solution

matt023 earned 300 total points
ID: 6447038
just set up the forwarder for each DNS server.  for each DNS server, have it forward unknown queries to the other one -- ie> dnsa1 forwards to dnsb1 and vice versa.  go into your dns mmc, right click on the server name, click the forwarder tab and enter in the ip address of the DNS server you want to forward unknown queries to.
a better way is to have all your DNS servers slave each other's zones.
your DNS server will not try to update the FreeBSD/BIND server if there is no slave (secondary) zone of a master zone of the win2k DNS server on it.  
the FreeBSD/BIND server will also not accept dynamic update from a specific hosts in your network if allow-update {}; is not configured for that zone.  in this case, the win2k DNS server is not the one that's updating the FreeBSD/BIND zone.  it's either the DHCP server or the win2k clients.
either cases, modify the zones setup on the FreeBSD/BIND server.  DNS servers don't just update each other without being specified to.

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  


Expert Comment

ID: 6447044
in addition, you can prevent zone transfer from your Win2k DNS servers.  on each zone, just right click > properties > zone transfers.  uncheck Allow Zone Transfers:

Author Comment

ID: 6448315
Hey Matt thank you for replying.
I am trying to adapt your answer to the specific case where I have 3 DNS server for each zone. DNSA1,2 and 3 and also DNSB1, 2 and should I do it in this case?

What about that third question? Any hint about it?
LVL 12

Expert Comment

ID: 6448957
-Unless I missed some details, I think Matt is correct.
DNS1=forwarders= IP's of DNS2 & DNS3 (no zone transfers)
DNS2=forwarders= IP's of DNS1 & DNS3 (no zone transfers)
DNS3=forwarders= IP's of DNS1 & DNS2 (no zone transfers)

-One critical factor is... If you do not delete the default root domain (.)<-looks like this... The forwarders option does not work & the forwarders option is disabled.
-After deleting the root zone on each server, you have to close DNS admin & re-open it to use the forwarders option.

Expert Comment

ID: 6449617
do the forwarding assignment as Housenet has specified for each of the 2 DNS groups (A and B).  Notice, this way, there'll be more hops for getting a query answered.  As I had mentioned, slaving is much more efficient -- faster resolution. -- unless you have the need to forward everything.  As for installing DNS on a workstation, I don't think it can be done.  Win2k has to be one of the server family.


Author Comment

ID: 6450813
Thx you all. You've been great

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2003 Terminal Server licenses 3 380
Block EXEs from running on shared NTFS folder 3 438
Outlook 2013 Certicate error 1 305
VBScript not processed at Windows 8.1 logon 2 8,060
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A big percent of today’s marketing activity is performed through the online environment. The marketing strategies that have existed a decade ago no longer relate to what’s happening today. We’re currently facing a revolutionary era, called the digit…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question