[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Correct DNS Settings

Posted on 2004-11-30
Medium Priority
Last Modified: 2012-06-22

I have a Windows 2003 Standard Server which should be hosting my domain and website. Because I want to install Exchange 2003 on this server I have installed Active Directory. The active directory has the same name as my internet domain name. The server has an internal and an external NIC.

Internal NIC:
default gateway: -

External NIC
IP: various public ip´s
default gateway: default gateway isp

Now I have to setup my DNS server... One thing I am sure I have to do is to setup a forward lookup zone which points to my isp dns servers. How do I set this up, and what do I have to do more?

At the moment dcdiag give me the following error:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\SERVERNAME
      Starting test: Connectivity
         The host HEXADECIMALNUMBER._msdcs.MYDOMAIN.com could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (HEXADECIMALNUMBER._msdcs.MYDOMAIN.com) couldn't

         be resolved, the server name (SERVERNAME.MYDOMAIN.com) resolved to

         the IP address ( and was pingable.  Check that the IP

         address is registered correctly with the DNS server.
         ......................... SERVERNAME failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\SERVERNAME
      Skipping all tests, because server SERVERNAME is
      not responding to directory service requests

Netdiag gives me the following errors:

DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            The name SERVERNAME.MYDOMAIN.com.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server ''. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_FOUND]

All these thing I suppose have to do with my DNS settings. HOW TO SET MY DNS SETTINGS CORRECT STEP BY STEP?

In a short future we would like to host a few more domains on the same server. What changes should we make to run it all smoothly?

Thanks a lot!
Question by:GNTK
  • 2
  • 2
  • 2
LVL 51

Expert Comment

ID: 12709786
Your Forward Lookup Zone would have been created during DCPROMO.  You do NOT want your ISP to service your AD so you do not configure anything to look to them except queries that are forwarded from your own DNS server.

1)  Make sure your internal and external NIC only point to your DNS.
2)  Set up Forwarding to your ISP.
3)  Your ISP will need to setup an MX record pointing to your Exchange Server so you can get external email.
4)  You internal clients point only to your DNS.



Expert Comment

ID: 12717630
It's too late now probably, but your AD domain should be different from any external domain you might be hosting a web site or have DNS on.
To clarify, DO NOT set up a "forward lookup zone"" to your iSP. You just need to configure forwarders on your DNS server. Go to the DNS management MMC, right click on it and select properties. Select the forwarders tab and enter the IP addresses (preferably 2) of your ISP's DNS servers.
Netman, shouldn't the external NIC be pointing to the ISP's DNS?
When you say you want to host "a few other domains", do you mean web sites, email or AD?

Author Comment

ID: 12717899
Hello Antknee869,

Nothing is to late now, because everything is in a test environment at the moment.

Why should the AD domain be different? Isn´t it made to for it to have it the same name as my public domain?

By hosting a few other domains, I mean for website and mail, but the main purpose is for our own domain and website.


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Assisted Solution

Antknee869 earned 1000 total points
ID: 12718746
It is technically possible to do it that way. However, the best practice is to name your AD domain something like AdDomain.local for your AD domain name. Using the .local extension ensures no conflits with any Internet domains out there.
Hosting other web sites and email is no problem. You will just need more public IP addresses, DNS entries from your ISP, etc.

Author Comment

ID: 12749024
A question to Netman66,

You told me to let the internal and external ip point to my DNS. My DNS is running on the same machine, so which ip should I fill in for the DNS on the 2 NIC's? The public one or the private one?

What should be a good reason for not choosing to name the domain like mydomain.com instead of mydomain.local?
LVL 51

Accepted Solution

Netman66 earned 1000 total points
ID: 12749334

Your DNS should only "listen" or service the internal interface - this is configured in DNS.
Make sure that the internal interface is at the top of the binding order.
Use the internal IP address to point to itself or use the loopback of

If you name your AD namespace something that is public (like .com) makes it possible to misconfigure DNS internally.  It's also just good practice to keep your AD namespace separate and out of the public DNS namespace.

This article is for Windows 2000, but the principal is sound for 2003.  Lot's of great info here:


Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Screencast - Getting to Know the Pipeline
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question