Correct DNS Settings

Hello,

I have a Windows 2003 Standard Server which should be hosting my domain and website. Because I want to install Exchange 2003 on this server I have installed Active Directory. The active directory has the same name as my internet domain name. The server has an internal and an external NIC.

Internal NIC:
IP: 192.168.0.110
subnet: 255.255.255.0
default gateway: -
DNS: 192.168.0.110

External NIC
IP: various public ip´s
subnet: 255.255.255.0
default gateway: default gateway isp
DNS: 192.168.0.110

Now I have to setup my DNS server... One thing I am sure I have to do is to setup a forward lookup zone which points to my isp dns servers. How do I set this up, and what do I have to do more?

At the moment dcdiag give me the following error:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SERVERNAME
      Starting test: Connectivity
         The host HEXADECIMALNUMBER._msdcs.MYDOMAIN.com could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (HEXADECIMALNUMBER._msdcs.MYDOMAIN.com) couldn't

         be resolved, the server name (SERVERNAME.MYDOMAIN.com) resolved to

         the IP address (192.168.0.110) and was pingable.  Check that the IP

         address is registered correctly with the DNS server.
         ......................... SERVERNAME failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SERVERNAME
      Skipping all tests, because server SERVERNAME is
      not responding to directory service requests

Netdiag gives me the following errors:

DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'SERVERNAME.MYDOMAIN.com.'. [ERROR_TIMEOUT]
            The name SERVERNAME.MYDOMAIN.com.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.0.110'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_FOUND]

All these thing I suppose have to do with my DNS settings. HOW TO SET MY DNS SETTINGS CORRECT STEP BY STEP?

In a short future we would like to host a few more domains on the same server. What changes should we make to run it all smoothly?

Thanks a lot!
GNTKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
Your Forward Lookup Zone would have been created during DCPROMO.  You do NOT want your ISP to service your AD so you do not configure anything to look to them except queries that are forwarded from your own DNS server.

1)  Make sure your internal and external NIC only point to your DNS.
2)  Set up Forwarding to your ISP.
3)  Your ISP will need to setup an MX record pointing to your Exchange Server so you can get external email.
4)  You internal clients point only to your DNS.

Advise.


0
Antknee869Commented:
It's too late now probably, but your AD domain should be different from any external domain you might be hosting a web site or have DNS on.
To clarify, DO NOT set up a "forward lookup zone"" to your iSP. You just need to configure forwarders on your DNS server. Go to the DNS management MMC, right click on it and select properties. Select the forwarders tab and enter the IP addresses (preferably 2) of your ISP's DNS servers.
Netman, shouldn't the external NIC be pointing to the ISP's DNS?
When you say you want to host "a few other domains", do you mean web sites, email or AD?
0
GNTKAuthor Commented:
Hello Antknee869,

Nothing is to late now, because everything is in a test environment at the moment.

Why should the AD domain be different? Isn´t it made to for it to have it the same name as my public domain?

By hosting a few other domains, I mean for website and mail, but the main purpose is for our own domain and website.

0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Antknee869Commented:
It is technically possible to do it that way. However, the best practice is to name your AD domain something like AdDomain.local for your AD domain name. Using the .local extension ensures no conflits with any Internet domains out there.
Hosting other web sites and email is no problem. You will just need more public IP addresses, DNS entries from your ISP, etc.
0
GNTKAuthor Commented:
A question to Netman66,

You told me to let the internal and external ip point to my DNS. My DNS is running on the same machine, so which ip should I fill in for the DNS on the 2 NIC's? The public one or the private one?

What should be a good reason for not choosing to name the domain like mydomain.com instead of mydomain.local?
0
Netman66Commented:
Ok,

Your DNS should only "listen" or service the internal interface - this is configured in DNS.
Make sure that the internal interface is at the top of the binding order.
Use the internal IP address to point to itself or use the loopback of 127.0.0.1

If you name your AD namespace something that is public (like .com) makes it possible to misconfigure DNS internally.  It's also just good practice to keep your AD namespace separate and out of the public DNS namespace.

This article is for Windows 2000, but the principal is sound for 2003.  Lot's of great info here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;298448
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.