Solved

DNS help in Windows 2000

Posted on 2004-04-19
13
142 Views
Last Modified: 2010-04-13
Hello,

I am trying to setup a DNS server on a Windows 2000 server. I have a domain name lets say example.com which is currently pointing to the server where I am hosting the DNS. What I need is that when the some body looks up for "ftp.example.com", the reuquest comes to my DNS server which returns the ip address of the ftp server.

questions
-----------
1. Am I correct host the DNS server for this purpose?
2. If I am, then I did configure the forward lookup zone and added the host (ftp) in that. But when I try to a nslookup for ftp.example.com, it does not return the ip address of the ftp server.

What am i missing???

Thanks
0
Comment
Question by:sgolecha
  • 6
  • 2
  • 2
13 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10861077
sgolecha

After installing DNS, you should remove the .ROOT zone and configure it to forward to your ISP DNS Servers.

Then, configure a primary forward lookup zone for "example.com" and create a host entry for "ftp" in this zone.

ensure your client is pointing to this DNS server and use the command NSLOOKUP.EXE ftp.example.com
to check it.


Cheers

JamesDS
0
 

Author Comment

by:sgolecha
ID: 10861396
Hello James,

I dont have a .ROOT zone in the DNS settings ( i.e when i expand the forward lookup zone). I have a webserver running on this machine right now and I dont know if it matters but in the network settings ( i.e. in the network connections) i have configured to use to the ISP DNS servers to be used.

I am not sure if the DNS queries are being forwarded back to my ISP which results in ftp.example.co not getting resolved.

I didnt understand what you meant by "ensure your client is pointing to this DNS server ".

Can you please elaborate a little in detail.

Thanks
santosh

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10861510
sgolecha
Configure the DNS Server to forward DNS requests to your ISPs dns and configure the webserver to point to itself for DNS.

Run NSLOOKUP at the webserver and check it is looking at itself then try to resolve www.microsoft.com to prove it's forwarding ok

Cheers

JamesDS
0
 
LVL 7

Expert Comment

by:PaulADavis
ID: 10861639
what does the nslookup command return?

create a reverse lookup zone as well (not neccesary, but good practice).....

if this is an internal resource then you don't neccessarily need to configure fowarding to an external source, you just need to insure that the record for the internal resource is configured properly. is ftp the actual name of the server, if you want to create an alias then create a CNAME record called ftp and have it point to the actual server name.

did you check that the dns service is running? highlight 'forward lookup zones' in the dns console, it should list the zones you have and also whether they are running or not. you might want to even stop and restart the service in the dns console, just for kicks.

also, as mentioned before, make sure that your computer is configured to use that server.....if you have another dns server that is not configured with the zone as the primary server, make sure that it can forward lookups to the dns server with the zone.....that's where the . (root) zone thing might come in (if you don't see '.' , enable advanced from the view menu) .

just to understand you better.... do you want dns redirection to the ftp service or you just want ip resolution for a computer? if you are looking for ftp service redirection, you can also use srv records to point to the server that has the ftp service running (right click the zone---select other new records----scroll to service location----create record----in service drop down list select _ftp). after this you can just have clients type ftp example.com (from  a command prompt) and they will be directed to the server that you configured in the srv record, and get a login prompt.

let us know what happens....
0
 
LVL 7

Expert Comment

by:PaulADavis
ID: 10861738
the isp dns servers wouldn't have a record of your internal resources in most situations....

also, you should have a dns server set to point to itself as the primary dns server, then set it to forward to isp dns server (which is not even entirely neccessary if you have root hints), then have your internal clients point to your internal dns server.

what is meant by "pointing to this dns server" is that the client computers should have the ip address of the dns server set as the primary dns server.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:sgolecha
ID: 10862228
Hello,

I think i am missing something which is why its not working. Well let me tell you in detail as what I have done till now.

1. I have webserver running on Windows 2000. I have started the DNS service on that.
2. In the DNS service, I have made the following changes apart from the default:
     a. Forwarders --> ISP dns server ip address
     b. In the Forward Lookup Zones:
             i. added a new lookup zone with the domain name this DNS is serving i.e example.com
            ii. in example.com ,  i have added a host with ip address of the ftp server and "NAME" as ftp
     c. I havent configured anything in the reverse lookup zones

3. To have my client pointing to this dns server.

I dont want dns redirection for ftp service. I just need ip resolution for a computer and later i will be adding a few more computers for which i will need ip resolution.

so when i do a "nslookup ftp.example.com" i get

*** Can't find server name for address "xxx.xxx.xxx.xxx" : Non-existent domain
Server:  faith.logixcom.net
Address:  216.201.128.10

the xxx.xxx.xxx.xxx is the address of the DNS server

Thanks
0
 
LVL 7

Accepted Solution

by:
PaulADavis earned 50 total points
ID: 10862343
it looks like the you are still using the isp dns server, in which case it will not have a record of your internal zones.... in the tcp/ip properties have your dns be the primary dns server on the server and on your client computer(s).....
0
 
LVL 7

Expert Comment

by:PaulADavis
ID: 10862394
also, in your forward lookup zone...is there a start of authority (soa) record for your dns server?

restart your dns server when you make changes, just to make sure....
0
 
LVL 7

Expert Comment

by:PaulADavis
ID: 10862561
also, add a ptr record for your dns server in the reverse lookup zone  on your subnet (or check 'update associated ptr record' in the properties of the A record in the forward lookup zone). there should be a soa record in both forward and reverse lookup zones for your dns server.

in the interfaces tab of the dns server properties, is it configured to 'listen on' the ip address of the server?

also on the monitoring tab, do a simple test of the dns server and see what it says....

this should be working for you....
0
 
LVL 7

Expert Comment

by:PaulADavis
ID: 10935100
another thing to try.... in the dns manager.... select the server name.... what does it say in the right plane?

if it says to configure your dns server.... right click on the server name and select configure server..... if this is the case then select not to create a foward lookup zone, since you've already created your zone.....

make sure that the name server listed in the nameserver tab has the correct address for the server
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Find out what the Office 365 disclaimer function is, why you would use it and its limited ability to create Office 365 signatures.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now