Solved

the (.) root zone and forwarders & root hints

Posted on 2002-06-09
6
350 Views
Last Modified: 2010-05-18
I run a Windows 2000 Web server with 2 clients (both Windows 2000) and have some questions about the (.) root zone and forwarders & root hints. 1st off what is the difference and which should I be running?

I notice in the logs on my Clients that they are logging a lot of errors with regard to no Domain Controller found? My guess is that I do not have my DNS set up correctly. My clients DNS point to my ISP's DNS because if I point to my Servers internal IP I can't get out to the internet but it appears to eliminate the errors in the client logs. When I change my clients back to my ISP's DNS I can get back out to the internet but my logs start to fill up agin.

So, I'm "assuming" that my DNS is not set up correctly. Can someone give me some advice and some pointers.

T.I.A

ampapa
0
Comment
Question by:ampapa
  • 3
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Wouter Boevink earned 200 total points
ID: 7065315
WHen a have a . zone your dns is acting as root dns, this means it's the last station.

You can safely delete the . zone so your dns isn't a root server anymore. This means that all dns calls that can't be resoleved on the server will be asked at other dns servers. The root hints are main dns server names so you dns server knows where to start looking, if this fails your server will try any of the forwarders.

Delete the . root zone
Create your own zone (if not already there)
Put in some forwarders (your isp dns, not neccesary)
Point your clients to your dns server.
If your dns server can access the internet everything should work now.
0
 
LVL 8

Author Comment

by:ampapa
ID: 7065338
Question on setting up my new zone, assume my DNS already has a zone DNS1.microsoft.com and my website name is microsoft.com. Do I need to add a zone called microsoft.com or only add the A records MX records to the existing zone DNS1.microsoft.com?
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7067118
Using Windows 2000 Active Directory DNS, you would already have a forward lookup zone called microsoft.com. This would have Active Directory records in it.

You would then create a zone under microsoft.com called dns1 and put your A records in that.

"Put in some forwarders (your isp dns, not neccesary"
-I'm not sure about this comment, but what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers.

I hope this helps

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 12

Expert Comment

by:Wouter Boevink
ID: 7067653
You don't need forwarders, that's what to root servers are for. Only if you are unable to contact the root server you need forwarders, but you can always use your isp dns, it doesn't do any harm (I think).

At our company we have that situation that our zone name matches that of our website host.

www.jaarsma-deboer.nl is hosted by a isp. So the zone jaarsma-deboer.nl is hosted (on the internet by our isp).

I created a zone jaarsma-deboer.nl for our (internal) network. When I wanted to browse to www.jaarsma-deboer.nl it didn't work, obviously, because www.jaarsma-deboer.nl is hosted by our isp.

I created a delegation www and for this delegation I added the name servers of our ISP, so when a client on our network asks for www.jaarsma-deboer.nl our dns server knows it has to look for www at our isp.

Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records should do the trick.
0
 
LVL 8

Author Comment

by:ampapa
ID: 7067865
I deleted the .zone and followed through with wboevink's solution and the errors "no Domain Controller found" have stopped on my clients and I am able to get out to the internet. I will accept your answer.

But, I'm still confused about .zone (root) and forwarders? I understand the concept about not finding resolution at my DNS would then forward onto the next DNS but does deleting the "root" zone then enable my server to fulfill requests from other DNS servers on the web or is it mainly used for my LAN? I don't wan't to use the resources of my server to fulfill DNS requests from the web unless necessary.

As a side note why would anybody use .root that would assume that they would never have to go beyond their own DNS for resolution?

jmiller47 said, "what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers."

This makes sense, any DNS requests from my LAN not resolved would then be forwarded to my ISP's DNS servers.

If this is the case then what are the "Root hints" for? I think this is where wboevink was saying, "Put in some forwarders (your isp dns, not neccesary)" If you left the forwarders blank would it then default to the "root hints"?


"Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records
should do the trick. "

- My server showed my zone ajm.webajm.com before deleting the .root and below it are the folders _msdcs, _sites, etc. After deleting .root my zone ajm.webam.com still exists. I host the site webajm.com can I add the A records and MX records in the ajm.webajm.com domain or do I need to create a new zone webajm.com for these records?

0
 
LVL 12

Expert Comment

by:Wouter Boevink
ID: 7067998
Your DNS server is only used for your lan. Because you're only hosting your own zone and no other DNS knows about it.

Take for example our company. When someone on the internet browses to www.jaarsma-deboer.nl first their browser is going to ask their DNS (providing they have one) their DNS is only hosting their zone so it askes one of the root server 'who hosts domain jaarsma-deboer.nl' the 'main' dns then forwards it's question to de .nl dns and the .nl dns knows www.jaarsma-deboer.nl is hosted at Introweb (our isp) then the request is forwarded to dns.introweb.nl and it gives the ip number of www.jaarsma-deboer.nl.

So your dns is only for your own 'private zone' unless you are registered to serve 'internet' zones.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now