Solved

DNS, root servers,the Internet and a home network

Posted on 2004-08-03
2
224 Views
Last Modified: 2010-04-13
Hello,

I have a combined 4 port fast ethernet switch and ADSL Router and have recently started using the WAN port on it, with NAT enabled. I have configured the router to point to my ISP (and it’s DNS servers). I am also running a small LAN at home (actually it's a W2K domain with 1 DC and DNS - AD integrated).

I wanted all PC's at home (servers or other) to be able to connect to the internet so I thought I needed to point them to the ISP DNS to get out name resolution on the internet but then I thought -  if I change the DNS servers for the network adapters this will prevent name resolution and registration on my LAN won't it...? And similarly, if I point them to use my local DNS, then I lose name resolution for the internet?

I know the answer is most likely quite simple (without having to resort to hosts files)...but I am getting myself confused...I thought I could do the following but need some expert advice before attempting anything...:

1. Leave DNS on the DC serving my LAN and point it's DNS settings on it's own NIC to itself (best practice)
2. Configure all clients on my LAN to point to the local DNS (my DC)
3. Remove the root zone on the DC to allow forwarders to be configured
4. Configure 2 DNS forwarders on my DC - the primary and secondary DNS's of my ISP

From my way of thinking - if my clients need name resolution on the local LAN then my DNS will be able to help, otherwise it will forward the query to the DNS of the ISP?

would this work?
is it wise?

Regards and thanks,
Alsace.
0
Comment
Question by:alsace
2 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 300 total points
ID: 11704236
Hi

Correct by the looks of it:

Yes - remove the root zone in dns - configure forwarders to point to you isp's name servers - the only place these nameservers should be listed is here. Point your tcp/ip settings for primary dns server on your nics on pc's and server at the ip address of your dc.

Your pc's then look to resolve dns queries to your dc. If your dc doesn't think it's the root server (which it can't be for internet name resolution) it then forwards the queries to your isp's nameservers. All should be well, - just ensure dynamic updates on your forward look up zone - mydomain.com,

Deb :))
0
 

Author Comment

by:alsace
ID: 11722748
Thanks Debsyl99 - I thought as much, just needed confirmation!! This is my accepted answer.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now