Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

External DNS Servers on a Windows 2003 Server - Where do I input the IP Address?

Hello Experts,

I have a pretty simple setup, two HP servers both with windows 2003 and some other member servers also running windows 2003 & 2000.

Right now I have all the workstations that are in the domain set to DHCP

My main File server is named FS-1 and it has active directory, dns & dhcp configured on it, FS-2 is my exchange server and it's IP is hard coded to 192.168.100.3 and I have pointed the DNS to 192.168.100.2 which is the IP for FS-1

In FS-1 I hard coded the IP to 192.168.100.2 and I pointed the DNS to 192.168.100.1 which is my linksys router.

in my linksys router I have it configured for a static IP that I got from my ISP and two DNS servers of 66.28.0.45 & 66.28.0.61

Is this the correct way of pointing the servers to my ISP's external DNS servers?

Should I be hard coding the External DNS servers of 66.28.0.45 & 66.28.0.61 someplace else within Windows 2003?

Basically I just want to know what you experts do, Does everybody else do it this way?

TIA for all the info,

Lasareath

0
Lasareath
Asked:
Lasareath
3 Solutions
 
oBdACommented:
This
> I pointed the DNS to 192.168.100.1 which is my linksys router.
is a Big No.
Compare this with your current configuration:

*** TCP/IP-Settings ***
* On FS-1, make sure the only DNS listed in the TCP/IP properties is itself (192.168.100.2).
* If FS-2 is DC/DNS as well, let it point to FS-1 as primary, to itself as secondary.
* On your domain members, enter only your AD DNS server(s) as DNS servers.
* Do NOT enter your ISP's or your router's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal AD DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS server's forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS (or your linksys router). The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

if you had to change any DNS server settings, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
Here's a bunch of links you might find useful:

10 DNS Errors That Will Kill Your Network
http://www.mstraining.com/misc/10_dns_errors_that_will_kill_you.htm

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=816584

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Down an dirty,

DNS server, point DNS to itself Only.  Other servers and workstations, Point to the Internal DNS server ONLY.  Let that server resolve all queries to the Internet root servers.  Do not use forwarders unless absolutely necessary, like if your ISP requires it.  In you case ALL DNS settings should point to 192.168.100.2.

That's all there is to it.
0
 
Joseph HornseyPresident and JanitorCommented:
Holy Web Links, Batman!  Quite a collection up there!

Sometimes the root hints don't resolve correctly in Windows 2000/2003 DNS servers (not often, but I've seen it happen).  An alternative is to go to your DNS Console, right-click on the server and go to "Properties".  Then, click on the "Forwarders" tab and enable forwarders.  Add the two IP addresses (66.28.0.45 & 66.28.0.61) to the list of forwarders and click OK a few times.  :)

For the record, samccarthy's way is the best practice.

<-=+=->
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LasareathAuthor Commented:
Thanks Alot SplinterCell5894 , samccarthy , oBdA !

I would love to split the 500 points between the three of you's but I can't figure out how.

Thanks,

Lasareath

I think this page needs some updates. Each contributator to the answer should have a check box next to their names, I click the person(s) that should get points and then the next page asks me how to split the points, evenly or to a certian amount for each person.

0
 
oBdACommented:
Well, that's sort of how it works:
More than one Expert helped solve my problem. What do I do?
http://www.experts-exchange.com/help.jsp#hi69
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Thanks, I appreciate it!
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Split like the poster said above

Thanks Alot SplinterCell5894 , samccarthy , oBdA !

I would love to split the 500 points between the three of you's but I can't figure out how.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now