Solved

Configuring domain controller, DNS, IIS in Windows 2003

Posted on 2004-08-30
7
621 Views
Last Modified: 2008-02-01
This is a question about my specific setup and a general question to help me learn about networking.  Here is my setup.

I have a cable modem with a static IP (IP 24.75.148.138, Subnet 255.255.255.252, Gateway 24.75.148.137, DNS 24.52.223.219 and 24.52.223.218)

I have a Linksys wireless router (WRT54G) behind the cable modem (192.168.1.1).

I have four computers connected to the router and my VOIP box.  1 desktop (XP Pro, cabled, 192.168.1.20), 1 server(2003, cabled, 192.168.1.10), two laptops (both XP Pro, both wireless, 192.168.1.30 and 192.168.1.31) and the VOIP box (192.168.1.40).

On the server I need to setup a website that is visible internally and externally.  The desktop and two laptops also have IIS installed for development and need to be visible internally only and addressable by name (not just IP).

I have setup the internet side of the router with the settings in the second paragraph above.  I have setup the router, computers and VOIP box on my side of the router with the static IP addresses listed above.  I have installed the domain controller, DNS and IIS on my server.  The firewall is on on the router  I have opend port 80 to my server (192.168.1.10).  When I installed the domain controller/DNS it changed the preferred DNS on the server to 127.0.0.1.

My questions are, what are the correct TCP/IP settings for my 4 computers and why can't I see my website externally?  I'm confused mainly about which IP to use for the DNS for the four computers and why I can't see my website externally but I can see it internally.  And what is the 127.0.0.1 in the preferred DNS field on the server?
0
Comment
Question by:Todd_Anderson
  • 3
  • 2
  • 2
7 Comments
 
LVL 4

Assisted Solution

by:jonnietexas
jonnietexas earned 62 total points
ID: 11938472
Keep you IP's for the internal boxes
Subnet mask is most likely 255.255.255.0
Default Gateway is 192.168.1.1
DNS Server  for VOIP and two laptops will be 192.168.1.10
Server DNS should be set up with forward lookup of either 192.168.1.1 or better would be actual ISP DNS (24.52.223.219 and 24.52.223.218).
An "A" record for www.domainname.com should be created on server for 192.168.1.10
The firewall should have port forwarding for port 80 to 80 TCP and UDP to forward to 192.168.1.10
You need to purchase a domain name from someplace like dotster with an external DNS and create "A" records for domainname.com and www.domainname.com pointing to 24.75.148.138
127.0.0.1 is set for the server because you installed DNS on it and it thinks it is the authoritative server. When you configure a forward lookup DNS it will refer queries for external requests to the forwarding IPs.
Hope that helps,
Jon
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 63 total points
ID: 11943529
yes, I agree with everything.  The first thing to do is configure the clients with a DNS server of 192.168.1.10, a gateway of 192.168.1.1, and a subnet mask of 255.255.255.0.  The you need to enable forwarding on your DNS server and put your ISP's DNS servers as the forwarding addresses.  This should give all of your computers internet access.

Then you need to create a zone on your DNS server and add an "A" record for your webserver.  This should allow internal clients to access the website.

Now you'll need to add a record to a public DNS server that points a URL to the public IP address of the router.  Now configure your router to forward port 80 to the IP address of your webserver


There is only one problem with all of this.  If you are a home user, you are probably not allowed to operate a website on port 80.  It goes against the ISPs contract to open a public website, and potentially make money.  They will not allow traffic on port 80 for this reason.  You will have to configure your IIS to operate on a port other than 80.  Since most browsers default to requesting webtraffic over port 80, they will have to specifically add the port number into the web address.  For example.. if you changed the port to 12080, people will have to type in "http://24.75.148.138:12080" or "http://www.mydomain.com:12080.  otherwise they will not be able to get to your website
0
 

Author Comment

by:Todd_Anderson
ID: 11944308
After reading Adam's comment about port 80 it all started making sense so I called Adelphia and they do have port 80 blocked!  They confirmed that it goes against my contract to host my own domain and have a web server.  This is a serious problem for me but it also clears a lot up for me.  I've been going in circles for two days trying to figure out why this wasn't working.  We are paying $125 a month for their service.  I can't believe they are doing this.  They never mentioned this when we signed up and I explained exactly what we would be doing.  I absolutely can not require my customers to have to type in an extra :#### after our domain name when they want to come to our site.  This is a full scale business and that isn't acceptable.  I called my local contact that sold me the service and he is looking into it.  This is really annoying.  

While I wait on that I can try to understand a couple of other things.

So I setup ONLY a primary DNS for my three computers and it is the server (192.168.1.10), right?  That makes sense now that I have setup forwarding.  I had the router's IP as the secondary DNS on my three computers thinking that they would go there if they couldn't get what they neede from the server.

The TCP/IP settings for the server still confuse me a bit.  Right now the primary DNS is 127.0.0.1 and the secondary is the router (192.168.1.1).  Is that correct?  It seems like the primary should be itself (the server) and no secondary, like all the rest of the computers.

Thanks for the help guys, its been very helpful.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Expert Comment

by:jonnietexas
ID: 11944896
Yes, you got it.  The idea of having a secondary is in case the primary goes down.  Of course if your primary goes down then you have other problems.  If internal DNS fails this will not keep external customers from reaching your website only internal name resolution.

Good call on the port 80.
Jon
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11944901
yes.  any reference to your router's IP for DNS(except as a forwarder) will not be able to resolve any internal network names.  only internet ones.  Therefore you should keep it out of any DNS settings.

you can get a commercial website account with your own name at earthlink or similar company for $20, and just ftp the webpages back and forth.  Is there a reason you would like to host it onsite?

you may also want to look at http://www.dyndns.org

127.0.0.1 is the universal IP address for "my local network card".  The DNS server should also be pointing to itself, so 127.0.0.1 is just fine.

0
 

Author Comment

by:Todd_Anderson
ID: 11945044
Ahhhh, thanks Adam, that clears up the 127.0.0.1 mystery.

We have been doing what you suggested, Adam, using a commercial account and using FrontPage for our website but that was just our startup phase.  Our company does market research and our product is information that our customers access through our website.  Our front end software is called ProClarity Analytics Server.  It is Business Intelligence software (like Cognos or Crystal) and it uses SQL Server and Analysis Services behind it.  We have a failry complex database sytem along with a very complex ETL process for bringing the 300 diverse data files that come in every month into our data warehouse.  Anyway, that's why we are hosting the system ourselves.

Thanks for the help, both of you.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11945076
hahaha, Business Intelligence software.  I love that term.  Yes I agree then, that you need to host in-house.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now