ampapa
asked on
the (.) root zone and forwarders & root hints
I run a Windows 2000 Web server with 2 clients (both Windows 2000) and have some questions about the (.) root zone and forwarders & root hints. 1st off what is the difference and which should I be running?
I notice in the logs on my Clients that they are logging a lot of errors with regard to no Domain Controller found? My guess is that I do not have my DNS set up correctly. My clients DNS point to my ISP's DNS because if I point to my Servers internal IP I can't get out to the internet but it appears to eliminate the errors in the client logs. When I change my clients back to my ISP's DNS I can get back out to the internet but my logs start to fill up agin.
So, I'm "assuming" that my DNS is not set up correctly. Can someone give me some advice and some pointers.
T.I.A
ampapa
I notice in the logs on my Clients that they are logging a lot of errors with regard to no Domain Controller found? My guess is that I do not have my DNS set up correctly. My clients DNS point to my ISP's DNS because if I point to my Servers internal IP I can't get out to the internet but it appears to eliminate the errors in the client logs. When I change my clients back to my ISP's DNS I can get back out to the internet but my logs start to fill up agin.
So, I'm "assuming" that my DNS is not set up correctly. Can someone give me some advice and some pointers.
T.I.A
ampapa
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Using Windows 2000 Active Directory DNS, you would already have a forward lookup zone called microsoft.com. This would have Active Directory records in it.
You would then create a zone under microsoft.com called dns1 and put your A records in that.
"Put in some forwarders (your isp dns, not neccesary"
-I'm not sure about this comment, but what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers.
I hope this helps
You would then create a zone under microsoft.com called dns1 and put your A records in that.
"Put in some forwarders (your isp dns, not neccesary"
-I'm not sure about this comment, but what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers.
I hope this helps
You don't need forwarders, that's what to root servers are for. Only if you are unable to contact the root server you need forwarders, but you can always use your isp dns, it doesn't do any harm (I think).
At our company we have that situation that our zone name matches that of our website host.
www.jaarsma-deboer.nl is hosted by a isp. So the zone jaarsma-deboer.nl is hosted (on the internet by our isp).
I created a zone jaarsma-deboer.nl for our (internal) network. When I wanted to browse to www.jaarsma-deboer.nl it didn't work, obviously, because www.jaarsma-deboer.nl is hosted by our isp.
I created a delegation www and for this delegation I added the name servers of our ISP, so when a client on our network asks for www.jaarsma-deboer.nl our dns server knows it has to look for www at our isp.
Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records should do the trick.
At our company we have that situation that our zone name matches that of our website host.
www.jaarsma-deboer.nl is hosted by a isp. So the zone jaarsma-deboer.nl is hosted (on the internet by our isp).
I created a zone jaarsma-deboer.nl for our (internal) network. When I wanted to browse to www.jaarsma-deboer.nl it didn't work, obviously, because www.jaarsma-deboer.nl is hosted by our isp.
I created a delegation www and for this delegation I added the name servers of our ISP, so when a client on our network asks for www.jaarsma-deboer.nl our dns server knows it has to look for www at our isp.
Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records should do the trick.
ASKER
I deleted the .zone and followed through with wboevink's solution and the errors "no Domain Controller found" have stopped on my clients and I am able to get out to the internet. I will accept your answer.
But, I'm still confused about .zone (root) and forwarders? I understand the concept about not finding resolution at my DNS would then forward onto the next DNS but does deleting the "root" zone then enable my server to fulfill requests from other DNS servers on the web or is it mainly used for my LAN? I don't wan't to use the resources of my server to fulfill DNS requests from the web unless necessary.
As a side note why would anybody use .root that would assume that they would never have to go beyond their own DNS for resolution?
jmiller47 said, "what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers."
This makes sense, any DNS requests from my LAN not resolved would then be forwarded to my ISP's DNS servers.
If this is the case then what are the "Root hints" for? I think this is where wboevink was saying, "Put in some forwarders (your isp dns, not neccesary)" If you left the forwarders blank would it then default to the "root hints"?
"Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records
should do the trick. "
- My server showed my zone ajm.webajm.com before deleting the .root and below it are the folders _msdcs, _sites, etc. After deleting .root my zone ajm.webam.com still exists. I host the site webajm.com can I add the A records and MX records in the ajm.webajm.com domain or do I need to create a new zone webajm.com for these records?
But, I'm still confused about .zone (root) and forwarders? I understand the concept about not finding resolution at my DNS would then forward onto the next DNS but does deleting the "root" zone then enable my server to fulfill requests from other DNS servers on the web or is it mainly used for my LAN? I don't wan't to use the resources of my server to fulfill DNS requests from the web unless necessary.
As a side note why would anybody use .root that would assume that they would never have to go beyond their own DNS for resolution?
jmiller47 said, "what I would do is put the forwards of your server set to your ISP's DNS servers. This way, if a client of yours cannot find a name on your DNS server, it will forward the request to your ISP's DNS servers."
This makes sense, any DNS requests from my LAN not resolved would then be forwarded to my ISP's DNS servers.
If this is the case then what are the "Root hints" for? I think this is where wboevink was saying, "Put in some forwarders (your isp dns, not neccesary)" If you left the forwarders blank would it then default to the "root hints"?
"Concerning your other question, I'm not quite sure what you mean. I guess putting in the A and MX records
should do the trick. "
- My server showed my zone ajm.webajm.com before deleting the .root and below it are the folders _msdcs, _sites, etc. After deleting .root my zone ajm.webam.com still exists. I host the site webajm.com can I add the A records and MX records in the ajm.webajm.com domain or do I need to create a new zone webajm.com for these records?
Your DNS server is only used for your lan. Because you're only hosting your own zone and no other DNS knows about it.
Take for example our company. When someone on the internet browses to www.jaarsma-deboer.nl first their browser is going to ask their DNS (providing they have one) their DNS is only hosting their zone so it askes one of the root server 'who hosts domain jaarsma-deboer.nl' the 'main' dns then forwards it's question to de .nl dns and the .nl dns knows www.jaarsma-deboer.nl is hosted at Introweb (our isp) then the request is forwarded to dns.introweb.nl and it gives the ip number of www.jaarsma-deboer.nl.
So your dns is only for your own 'private zone' unless you are registered to serve 'internet' zones.
Take for example our company. When someone on the internet browses to www.jaarsma-deboer.nl first their browser is going to ask their DNS (providing they have one) their DNS is only hosting their zone so it askes one of the root server 'who hosts domain jaarsma-deboer.nl' the 'main' dns then forwards it's question to de .nl dns and the .nl dns knows www.jaarsma-deboer.nl is hosted at Introweb (our isp) then the request is forwarded to dns.introweb.nl and it gives the ip number of www.jaarsma-deboer.nl.
So your dns is only for your own 'private zone' unless you are registered to serve 'internet' zones.
ASKER