the (.) root zone and forwarders & root hints

I run a Windows 2000 Web server with 2 clients (both Windows 2000) and have some questions about the (.) root zone and forwarders & root hints. 1st off what is the difference and which should I be running?

I notice in the logs on my Clients that they are logging a lot of errors with regard to no Domain Controller found? My guess is that I do not have my DNS set up correctly. My clients DNS point to my ISP's DNS because if I point to my Servers internal IP I can't get out to the internet but it appears to eliminate the errors in the client logs. When I change my clients back to my ISP's DNS I can get back out to the internet but my logs start to fill up agin.

So, I'm "assuming" that my DNS is not set up correctly. Can someone give me some advice and some pointers.

T.I.A

ampapa
LVL 8
ampapaAsked:
Who is Participating?
 
Wouter BoevinkConnect With a Mentor MasterCommented:
WHen a have a . zone your dns is acting as root dns, this means it's the last station.

You can safely delete the . zone so your dns isn't a root server anymore. This means that all dns calls that can't be resoleved on the server will be asked at other dns servers. The root hints are main dns server names so you dns server knows where to start looking, if this fails your server will try any of the forwarders.

Delete the . root zone
Create your own zone (if not already there)
Put in some forwarders (your isp dns, not neccesary)
Point your clients to your dns server.
If your dns server can access the internet everything should work now.
0
 
ampapaAuthor Commented:
Question on setting up my new zone, assume my DNS already has a zone DNS1.microsoft.com and my website name is microsoft.com. Do I need to add a zone called microsoft.com or only add the A records MX records to the existing zone DNS1.microsoft.com?
0
 
jmiller47Commented:
Using Windows 2000 Active Directory DNS, you would already have a forward lookup zone called microsoft.com. This would have Active Directory records in it.

You would then create a zone under microsoft.com called dns1 and put your A records in that.

"Put in some forwarders (your isp dns, not neccesary"
-I'm not sure about this comment, but what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers.

I hope this helps

0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
Wouter BoevinkMasterCommented:
You don't need forwarders, that's what to root servers are for. Only if you are unable to contact the root server you need forwarders, but you can always use your isp dns, it doesn't do any harm (I think).

At our company we have that situation that our zone name matches that of our website host.

www.jaarsma-deboer.nl is hosted by a isp. So the zone jaarsma-deboer.nl is hosted (on the internet by our isp).

I created a zone jaarsma-deboer.nl for our (internal) network. When I wanted to browse to www.jaarsma-deboer.nl it didn't work, obviously, because www.jaarsma-deboer.nl is hosted by our isp.

I created a delegation www and for this delegation I added the name servers of our ISP, so when a client on our network asks for www.jaarsma-deboer.nl our dns server knows it has to look for www at our isp.

Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records should do the trick.
0
 
ampapaAuthor Commented:
I deleted the .zone and followed through with wboevink's solution and the errors "no Domain Controller found" have stopped on my clients and I am able to get out to the internet. I will accept your answer.

But, I'm still confused about .zone (root) and forwarders? I understand the concept about not finding resolution at my DNS would then forward onto the next DNS but does deleting the "root" zone then enable my server to fulfill requests from other DNS servers on the web or is it mainly used for my LAN? I don't wan't to use the resources of my server to fulfill DNS requests from the web unless necessary.

As a side note why would anybody use .root that would assume that they would never have to go beyond their own DNS for resolution?

jmiller47 said, "what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers."

This makes sense, any DNS requests from my LAN not resolved would then be forwarded to my ISP's DNS servers.

If this is the case then what are the "Root hints" for? I think this is where wboevink was saying, "Put in some forwarders (your isp dns, not neccesary)" If you left the forwarders blank would it then default to the "root hints"?


"Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records
should do the trick. "

- My server showed my zone ajm.webajm.com before deleting the .root and below it are the folders _msdcs, _sites, etc. After deleting .root my zone ajm.webam.com still exists. I host the site webajm.com can I add the A records and MX records in the ajm.webajm.com domain or do I need to create a new zone webajm.com for these records?

0
 
Wouter BoevinkMasterCommented:
Your DNS server is only used for your lan. Because you're only hosting your own zone and no other DNS knows about it.

Take for example our company. When someone on the internet browses to www.jaarsma-deboer.nl first their browser is going to ask their DNS (providing they have one) their DNS is only hosting their zone so it askes one of the root server 'who hosts domain jaarsma-deboer.nl' the 'main' dns then forwards it's question to de .nl dns and the .nl dns knows www.jaarsma-deboer.nl is hosted at Introweb (our isp) then the request is forwarded to dns.introweb.nl and it gives the ip number of www.jaarsma-deboer.nl.

So your dns is only for your own 'private zone' unless you are registered to serve 'internet' zones.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.