Link to home
Start Free TrialLog in
Avatar of compasspc
compasspc

asked on

Windows 2000 Server / Configuring Windows DNS without Active Directory

I am new to the server world and am quickly becoming frustrated with DNS. Here is the deal: I'd like to setup Windows DNS, but I'm using a workgroup (called "WORKGROUP") and the server name is "GENESIS". I've tried to setup DNS with those settings, but with no luck. I get the following error message:

------------------------------

Event Type:     Warning
Event Source:     DNS
Event Category:     None
Event ID:     414
Date:          2/22/2003
Time:          12:07:03 AM
User:          N/A
Computer:     GENESIS
Description:
The DNS server machine currently has no DNS domain name.  Its DNS name is a single label hostname with no domain (example:  "host" rather than "host.microsoft.com").
 
You might have forgotten to configure a primary DNS domain for the server computer. For more information, see either "DNS server log reference" or "To configure the primary DNS suffix for a client computer" in the online Help.
 
While the DNS server has only a single label name, all zones created will have default records (SOA and NS) created using only this single label name for the server's hostname.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.
 
To correct this problem:
  1) open ControlPanel
  2) open System applet
  3) select NetworkIdentification tab
  4) click the "Properties" button and enter a domain name or workgroup name;  this name will be used as your DNS domain name
  5) reboot to initialize with new domain name
 
After reboot, the DNS server will attempt to fix up default records, substituting new DNS name of this server, for old single label name.  However, you should review to make sure zone's SOA and NS records now properly use correct domain name of this server.

------------------------------

So, then I tried renaming the workgroup to "WEBSTRIKER.NET" which is a domain I own. I'm under the impression that I can't create a domain named "WEBSTRIKER.NET" until the name servers listed in WHOIS refer to my ISPs servers. Anyway, could somebody please tell me how to configure DNS without setting up a domain. Can it be done? I have it working right now that if I ping a domain that I setup from the server it replies with the IP address I'd like. However, with my Windows XP Pro laptop configured with my server's IP address as the only DNS server, when I ping the same domain name I get the old server.

Please help! I have 100% confidence in you guys (and gals).
Avatar of fletcherandrew
fletcherandrew

You impression is correct about using a domain name you already own.  

You may be able to add a child domain name and have it work:  xxx.webstriker.net.  Or maybe use something like webstriker.local.  The .local extension is not routable on the internet so you won't have to contact your ip's dns server.  

You may also want to configure your DHCP server (if you're using one) to hand out the domain suffix you plan to use to the clients.  If that's not an option I think you can right click (clients machine) my computer-->properties-->identification tab-->more-->change the dns suffix here.    

Check out this link: (although it doesn't look very helpful)

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301197&sd=tech
You actually have several problems, lets tackle them 1 at a time:

1. Win 2k Server can be set up in several different ways, 1 configuration is as a domain controller or backup DC. This is the configuration you want since you want to host a domain. In order to set the server as a DC, you will need to use the 'dcpromo' command from start>run, or choose add active directory from the 'configure server applet on the 2k server cd. This will start a wizard which will help you configure your server to act as a domain controller. Pay special attention to the requirements for your dc. One requirement is that you have a seperate NTFS partition for active directory's use.

2. You CAN NOT use host DNS from a server machine on a workgroup as opposed to a domain. It must be on a domain whether it is the DC, the Backup dc, or just a member server.

3. You CAN use your properly resistered domain name as the domain. DNS is setup to check the 'name' servers .com,.net,.edu, etc to find registered FQDN's.

Are you asking about DNS setup w/o a domain because of the problems your having? If you follow the Active Directory wizard you

Sorry ascension1014, you are very wrong because Win2K server does have backup DC's. ALL Win2K servers are peers!!! You can have DC's and member servers only. With Win2K DNS you can have Primary, Secondary, or Active Directory integrated.

You need to know how to config DNS in Win2K server. It would take too long to explain so I suggest you go to tech.net and download the Win2K server help file and learn how to config DNS and create your DNS zones, etc.
Avatar of compasspc

ASKER

It sounds like from what I've read in the article above and what you have been posting about, that I must setup my server as a domain controller in order for it to process DNS requests on the internet. Is that correct?

From what I've read at technet, creating a workgroup DNS server will only process DNS requests for the local workgroup. Anyway, I'll promote it to a DC and see what happens! Thanks for your help. I'll be back to reward points once I get this figured out.
compasspc,
If you want to resolve addresses on the internet you have to be careful. I'm not exactly sure what you're wanting to do but consider this:

If you want resolve addresses on the internet set-up a caching-only DNS server external from your router and an internal DNS server (try a primary or AD integrated) for your network. This will keep your security up since a caching-only DNS server holds no primary or even secondary zone file.

If I knew more of what you want to do maybe I can help you.
JDFWIZARD,

I'll try to explain my situation as best I can.

I'm colocating my server at a local ISP. I only have one server. On it, I'm going to do everything: DNS, Email, WWW, FTP, and SSL. I know this is risky, but it's all I can afford (who set the price for W2K Server anyway!?).

So, basically, I have vanilla internet access. I'm behind a gateway, but not a firewall. I don't have an internal network right now. I log in to the server via Terminal Services.

The server will host several web sites (none of which will have enormous amounts of traffic). I'd like to be able to setup DNS on the server without contacting the ISP or anything. I'll also use DNS.SECONDARY.ORG as a backup DNS, but I'll cross that bridge when I get to it. My ISP will also provide backup DNS.

Hopefully that will help you help me! I'm willing to raise the points if you feel that my current offering is too low. Now, I want to explain/ask two more things:

1) I did a reverse lookup on my IP address: 66.59.109.156 and it came up with WEBSTRIKER.PA.NET. I didn't set that up and PA.net is my ISP, so could they have something set up that would block my DNS from working?

2) I registered NS1.WEBSTRIKER.NET as a name server on Dotster and pointed it to my primary IP. Will I have to name my computer "NS1" and create a domain "WEBSTRIKER.NET"? Or, can I leave my server name as "GENESIS" and just create a Host/A record called NS1?

The funny thing was that I had this working (at least for computers on my local network) before I took it to the ISP. I thought I had DNS all figured out until then, but now I realize how complicated it can be. I still haven't promoted my server to a DC, but I don't think I'll be able to until the DNS records in my domain refer to my ISP's servers. I guess I could give it a shot anyway.

I believe that's all I'll say for now. Thank you for your help!
Compasspc iam not sure what u want to do?U want to get this  thing started or show off how u are able to setup
public DNS.If u want to host two public web site and ur
ftp and whatever else on ur server it is very easy.
install win2k on ur server run DCPROMO and install active
directory.u can choose any any domain name u like.If u like
u can choose the same domain name as ur public domain.Durring this proccess u will be asked if u want to
install ur DNS say no i will install later(IF u choose yes
u usually end up with a root DNS).when active directory
instalation is finish manually install ur dns and enable
forwarders to ur ISP DNS server.Buy a cheap linsycs router
switch which performs NAT and port forwarding.Install one
nic for each public domains that u want to host and one
nic to connect to ur internal network.Most ISP,s usually
provide u with up to 5 public addresses for as little as
$100 box.Now u dont have to worry about DNS or its security
ur ISP will take care of everything for u.DNS stands for
DOMAIN NAME servicees.Work group is not a domain.One more
thing to remember is that ur DNS server will not have any
public function except forward all quarries to ur ISP.
VaroujB,

Thanks for your input on the matter, but that's exactly what I want to avoid. Setting up a DNS server just to forward queries isn't at all what I want to do. I want control over setting up DNS entries instead of waiting for my ISP to take care of them.

At any rate, it's still not working. I've set up a domain, but I don't think that has anything to do with enabling DNS. Instead it has complicated various other functions for my one-server network. Granted, it will allow for growth in the future.

So, in the most recent development in this case I have discovered that my ISP didn't delegate authority for me to handle DNS for the IP addresses they assigned me. I have 9 IP addresses to which I have authority to handle DNS queries. I've registered 66.59.109.156 at Dotster to the name server NS1.WEBSTRIKER.NET. It shows up in Verisign's GRS and yet when I try to ping it I get no response.

Finally, because I don't want to stop receiving email for any period of time I've transferred DNS to afraid.org. Is this not going to work until I transfer my domain's name servers to NS1.WEBSTRIKER.NET and NS2.WEBSTRIKER.NET? I'm thoroughly confused at this point. I don't understand the purpose of registering a name server at Dotster if I can't use it. It doesn't seem to do anything. Incidentally, I registered NS2.WEBSTRIKER.NET to my ISPs primary name server and I can't even ping that!

Help! Someone!
First of you NEED this site

http://www.microsoft.com/serviceproviders/

You are after all acting as a service provider.  There are lots of articles there on how to set up your win2k box as an Internet Service Provider would need to.

Although win2k greatly simplifies DNS management it is still a pain, especially if you dont have a good foundation knowledge of how it works (ive only scraped the surface myself).

Now, registering a domain name and hosting DNS are completely separate endeavors.  I think if you separate them in your mind you will retain your sanity.  Think of DNS hosting the same as you would web hosting.  The DNS host is where computers on the internet go to get your DNS info the same as a web host is where they go to get your website. Domain names on the internet are special because there are root servers which hold all the dns info for the world. The root servers have to be updated with the current info in order for anyone to find you.  When you register a domain name or modify a record it gets changed on the public root servers so you can be found.  You need to modify your domain record to point to your IP not your ISP.  Yes your DNS can be hosted at afraid.org as long as they reply to DNS querries for any of your domains with your servs IP.  When I ask the "internet" where webstriker.net is the root servers will check thier database and find that afraid.org holds the info and send me to them. then afraid.org is going to check its dns records and send me to the IP of webstriker.net.

To host your own you need to change your domain registration to show your servers names and IP's as the DNS servers (primary, secondary, etc).  Then you need to create forward and reverse records for each domain.  You only need two IP's to host an infinant number of websites. By using host headers you can 'virtual host' all your sites.  Look it up on the ms service provider link i gave you.

sorry to be long winded but i hope this helps get you on track.  now when you figure that out you can help me host external dns with a fake internal domain name.

SentiensX
SentiensX,

Your post appears to be very helpful from what I've read. I am familiar that registering a domain name is separate from DNS. Although, I think registering a name server is required in order for it to work publicly. What registering my name server did was got me listed in some sort of WHOIS (http://www.verisign-grs.com). If you go to that address and search for the name server NS1.WEBSTRIKER.NET you'll see it come up with my IP address.

Anyway, thank you for your long-windedness. The link to Microsoft's page for service providers will hopefully be helpful as well.

Now, in regard to afraid.org, I'd like to do my own DNS hosting instead. I was curiously wondering whether I could use them as a way to make my DNS server changes more instant. I don't want to go without email at webstriker.net! Anyway, I think I will just give up on the email and suffer until I get this working.

I'll check out the site you gave me and will be back when this issue is resolved to award points. Thanks again for your input and I hope it will be of some help. It sure sounds good. I'm still just curious why if my name server appears in the Verisign GRS registry why I can't ping it. Maybe I just need to switch the name servers on my domain to NS1.WEBSTRIKER.NET and something else (since I need two). Unfortunately, since I'm using Dotster I can't specify IP addresses along with a name server name.

Anyway, I'll be back to let you know how this turns out!
Hmmm, well this is a first. On my own machine which is on an entirely different network I set my primary and secondary DNS server addresses to those of my web/DNS server. Now I'm finally getting a response from my server with the expected results. I'm still unable to query the DNS server by its name at http://www.network-tools.com, but I think that could be pending the DNS changes to take effect for my domain. I've scrapped the afraid.org DNS server entries for my own and will see what happens. This is definately a step ahead of where I was before.
ASKER CERTIFIED SOLUTION
Avatar of sentiensx
sentiensx

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
At last! Thank you to everyone who participated in this discussion. Special thanks to SentiensX who provided the most useful information for getting my DNS working!

So, I'd like to provide a little bit of information on my discoveries throughout this whole thing to explain a few misconceptions.

First and foremost, I'd like to clarify some confusion about domains. I'm speaking of domains as opposed to workgroups, not domain names. In order to successfully host DNS one must not setup a server as a domain controller, or a member of a domain! I demoted my server to a being on a workgroup and all is well. Here's the key: the computer must have a FQDN or FQHN (fully qualified domain name or fully qualified host name). This looks like computername.domainname.tld. In order to establish this in a workgroup setting:
 1) Go to the Network Identification tab under the System Properties.
 2) Click Properties
 3) Click More
 4) Enter the domainname.tld part of your server (in my case webstriker.net)
 5) Click OK, OK, OK.
 6) Restart your computer

From there one must properly setup DNS as is instructed several places on the internet. The SOA record should indicate your FQHN and you can establish Host records to point to NS1, NS2, etc.

Now, I'm nowhere near a DNS expert (yet!) but it is now working for me. Perhaps I'll be back later to post more information about my discoveries. I'm glad to have uncovered the complicated mystery of DNS, but I fear I have much more to learn.

Again, thanks to everyone who contributed to this discussion. Now I'm off to award points to SentiensX who deserves them!
See SentienSX previous comment for additional information. Also, take a look at my discoveries to understand more of what went on!