Correct DNS Settings

Posted on 2004-11-30
Last Modified: 2012-06-22

I have a Windows 2003 Standard Server which should be hosting my domain and website. Because I want to install Exchange 2003 on this server I have installed Active Directory. The active directory has the same name as my internet domain name. The server has an internal and an external NIC.

Internal NIC:
default gateway: -

External NIC
IP: various public ip´s
default gateway: default gateway isp

Now I have to setup my DNS server... One thing I am sure I have to do is to setup a forward lookup zone which points to my isp dns servers. How do I set this up, and what do I have to do more?

At the moment dcdiag give me the following error:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\SERVERNAME
      Starting test: Connectivity
         The host could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         ( couldn't

         be resolved, the server name ( resolved to

         the IP address ( and was pingable.  Check that the IP

         address is registered correctly with the DNS server.
         ......................... SERVERNAME failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\SERVERNAME
      Skipping all tests, because server SERVERNAME is
      not responding to directory service requests

Netdiag gives me the following errors:

DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            ''. [ERROR_TIMEOUT]
            The name' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server ''. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_FOUND]

All these thing I suppose have to do with my DNS settings. HOW TO SET MY DNS SETTINGS CORRECT STEP BY STEP?

In a short future we would like to host a few more domains on the same server. What changes should we make to run it all smoothly?

Thanks a lot!
Question by:GNTK
    LVL 51

    Expert Comment

    Your Forward Lookup Zone would have been created during DCPROMO.  You do NOT want your ISP to service your AD so you do not configure anything to look to them except queries that are forwarded from your own DNS server.

    1)  Make sure your internal and external NIC only point to your DNS.
    2)  Set up Forwarding to your ISP.
    3)  Your ISP will need to setup an MX record pointing to your Exchange Server so you can get external email.
    4)  You internal clients point only to your DNS.


    LVL 3

    Expert Comment

    It's too late now probably, but your AD domain should be different from any external domain you might be hosting a web site or have DNS on.
    To clarify, DO NOT set up a "forward lookup zone"" to your iSP. You just need to configure forwarders on your DNS server. Go to the DNS management MMC, right click on it and select properties. Select the forwarders tab and enter the IP addresses (preferably 2) of your ISP's DNS servers.
    Netman, shouldn't the external NIC be pointing to the ISP's DNS?
    When you say you want to host "a few other domains", do you mean web sites, email or AD?

    Author Comment

    Hello Antknee869,

    Nothing is to late now, because everything is in a test environment at the moment.

    Why should the AD domain be different? Isn´t it made to for it to have it the same name as my public domain?

    By hosting a few other domains, I mean for website and mail, but the main purpose is for our own domain and website.

    LVL 3

    Assisted Solution

    It is technically possible to do it that way. However, the best practice is to name your AD domain something like AdDomain.local for your AD domain name. Using the .local extension ensures no conflits with any Internet domains out there.
    Hosting other web sites and email is no problem. You will just need more public IP addresses, DNS entries from your ISP, etc.

    Author Comment

    A question to Netman66,

    You told me to let the internal and external ip point to my DNS. My DNS is running on the same machine, so which ip should I fill in for the DNS on the 2 NIC's? The public one or the private one?

    What should be a good reason for not choosing to name the domain like instead of mydomain.local?
    LVL 51

    Accepted Solution


    Your DNS should only "listen" or service the internal interface - this is configured in DNS.
    Make sure that the internal interface is at the top of the binding order.
    Use the internal IP address to point to itself or use the loopback of

    If you name your AD namespace something that is public (like .com) makes it possible to misconfigure DNS internally.  It's also just good practice to keep your AD namespace separate and out of the public DNS namespace.

    This article is for Windows 2000, but the principal is sound for 2003.  Lot's of great info here:;en-us;298448

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now