Configuring domain controller, DNS, IIS in Windows 2003

Posted on 2004-08-30
Medium Priority
Last Modified: 2008-02-01
This is a question about my specific setup and a general question to help me learn about networking.  Here is my setup.

I have a cable modem with a static IP (IP, Subnet, Gateway, DNS and

I have a Linksys wireless router (WRT54G) behind the cable modem (

I have four computers connected to the router and my VOIP box.  1 desktop (XP Pro, cabled,, 1 server(2003, cabled,, two laptops (both XP Pro, both wireless, and and the VOIP box (

On the server I need to setup a website that is visible internally and externally.  The desktop and two laptops also have IIS installed for development and need to be visible internally only and addressable by name (not just IP).

I have setup the internet side of the router with the settings in the second paragraph above.  I have setup the router, computers and VOIP box on my side of the router with the static IP addresses listed above.  I have installed the domain controller, DNS and IIS on my server.  The firewall is on on the router  I have opend port 80 to my server (  When I installed the domain controller/DNS it changed the preferred DNS on the server to

My questions are, what are the correct TCP/IP settings for my 4 computers and why can't I see my website externally?  I'm confused mainly about which IP to use for the DNS for the four computers and why I can't see my website externally but I can see it internally.  And what is the in the preferred DNS field on the server?
Question by:Todd_Anderson
  • 3
  • 2
  • 2

Assisted Solution

jonnietexas earned 248 total points
ID: 11938472
Keep you IP's for the internal boxes
Subnet mask is most likely
Default Gateway is
DNS Server  for VOIP and two laptops will be
Server DNS should be set up with forward lookup of either or better would be actual ISP DNS ( and
An "A" record for www.domainname.com should be created on server for
The firewall should have port forwarding for port 80 to 80 TCP and UDP to forward to
You need to purchase a domain name from someplace like dotster with an external DNS and create "A" records for domainname.com and www.domainname.com pointing to is set for the server because you installed DNS on it and it thinks it is the authoritative server. When you configure a forward lookup DNS it will refer queries for external requests to the forwarding IPs.
Hope that helps,
LVL 15

Accepted Solution

adamdrayer earned 252 total points
ID: 11943529
yes, I agree with everything.  The first thing to do is configure the clients with a DNS server of, a gateway of, and a subnet mask of  The you need to enable forwarding on your DNS server and put your ISP's DNS servers as the forwarding addresses.  This should give all of your computers internet access.

Then you need to create a zone on your DNS server and add an "A" record for your webserver.  This should allow internal clients to access the website.

Now you'll need to add a record to a public DNS server that points a URL to the public IP address of the router.  Now configure your router to forward port 80 to the IP address of your webserver

There is only one problem with all of this.  If you are a home user, you are probably not allowed to operate a website on port 80.  It goes against the ISPs contract to open a public website, and potentially make money.  They will not allow traffic on port 80 for this reason.  You will have to configure your IIS to operate on a port other than 80.  Since most browsers default to requesting webtraffic over port 80, they will have to specifically add the port number into the web address.  For example.. if you changed the port to 12080, people will have to type in "" or "http://www.mydomain.com:12080.  otherwise they will not be able to get to your website

Author Comment

ID: 11944308
After reading Adam's comment about port 80 it all started making sense so I called Adelphia and they do have port 80 blocked!  They confirmed that it goes against my contract to host my own domain and have a web server.  This is a serious problem for me but it also clears a lot up for me.  I've been going in circles for two days trying to figure out why this wasn't working.  We are paying $125 a month for their service.  I can't believe they are doing this.  They never mentioned this when we signed up and I explained exactly what we would be doing.  I absolutely can not require my customers to have to type in an extra :#### after our domain name when they want to come to our site.  This is a full scale business and that isn't acceptable.  I called my local contact that sold me the service and he is looking into it.  This is really annoying.  

While I wait on that I can try to understand a couple of other things.

So I setup ONLY a primary DNS for my three computers and it is the server (, right?  That makes sense now that I have setup forwarding.  I had the router's IP as the secondary DNS on my three computers thinking that they would go there if they couldn't get what they neede from the server.

The TCP/IP settings for the server still confuse me a bit.  Right now the primary DNS is and the secondary is the router (  Is that correct?  It seems like the primary should be itself (the server) and no secondary, like all the rest of the computers.

Thanks for the help guys, its been very helpful.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Expert Comment

ID: 11944896
Yes, you got it.  The idea of having a secondary is in case the primary goes down.  Of course if your primary goes down then you have other problems.  If internal DNS fails this will not keep external customers from reaching your website only internal name resolution.

Good call on the port 80.
LVL 15

Expert Comment

ID: 11944901
yes.  any reference to your router's IP for DNS(except as a forwarder) will not be able to resolve any internal network names.  only internet ones.  Therefore you should keep it out of any DNS settings.

you can get a commercial website account with your own name at earthlink or similar company for $20, and just ftp the webpages back and forth.  Is there a reason you would like to host it onsite?

you may also want to look at http://www.dyndns.org is the universal IP address for "my local network card".  The DNS server should also be pointing to itself, so is just fine.


Author Comment

ID: 11945044
Ahhhh, thanks Adam, that clears up the mystery.

We have been doing what you suggested, Adam, using a commercial account and using FrontPage for our website but that was just our startup phase.  Our company does market research and our product is information that our customers access through our website.  Our front end software is called ProClarity Analytics Server.  It is Business Intelligence software (like Cognos or Crystal) and it uses SQL Server and Analysis Services behind it.  We have a failry complex database sytem along with a very complex ETL process for bringing the 300 diverse data files that come in every month into our data warehouse.  Anyway, that's why we are hosting the system ourselves.

Thanks for the help, both of you.
LVL 15

Expert Comment

ID: 11945076
hahaha, Business Intelligence software.  I love that term.  Yes I agree then, that you need to host in-house.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question