External DNS Servers on a Windows 2003 Server - Where do I input the IP Address?

Hello Experts,

I have a pretty simple setup, two HP servers both with windows 2003 and some other member servers also running windows 2003 & 2000.

Right now I have all the workstations that are in the domain set to DHCP

My main File server is named FS-1 and it has active directory, dns & dhcp configured on it, FS-2 is my exchange server and it's IP is hard coded to 192.168.100.3 and I have pointed the DNS to 192.168.100.2 which is the IP for FS-1

In FS-1 I hard coded the IP to 192.168.100.2 and I pointed the DNS to 192.168.100.1 which is my linksys router.

in my linksys router I have it configured for a static IP that I got from my ISP and two DNS servers of 66.28.0.45 & 66.28.0.61

Is this the correct way of pointing the servers to my ISP's external DNS servers?

Should I be hard coding the External DNS servers of 66.28.0.45 & 66.28.0.61 someplace else within Windows 2003?

Basically I just want to know what you experts do, Does everybody else do it this way?

TIA for all the info,

Lasareath

LasareathAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
This
> I pointed the DNS to 192.168.100.1 which is my linksys router.
is a Big No.
Compare this with your current configuration:

*** TCP/IP-Settings ***
* On FS-1, make sure the only DNS listed in the TCP/IP properties is itself (192.168.100.2).
* If FS-2 is DC/DNS as well, let it point to FS-1 as primary, to itself as secondary.
* On your domain members, enter only your AD DNS server(s) as DNS servers.
* Do NOT enter your ISP's or your router's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal AD DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS server's forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS (or your linksys router). The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

if you had to change any DNS server settings, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
Here's a bunch of links you might find useful:

10 DNS Errors That Will Kill Your Network
http://www.mstraining.com/misc/10_dns_errors_that_will_kill_you.htm

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=816584

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
0
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Down an dirty,

DNS server, point DNS to itself Only.  Other servers and workstations, Point to the Internal DNS server ONLY.  Let that server resolve all queries to the Internet root servers.  Do not use forwarders unless absolutely necessary, like if your ISP requires it.  In you case ALL DNS settings should point to 192.168.100.2.

That's all there is to it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joseph HornseyPresident and JanitorCommented:
Holy Web Links, Batman!  Quite a collection up there!

Sometimes the root hints don't resolve correctly in Windows 2000/2003 DNS servers (not often, but I've seen it happen).  An alternative is to go to your DNS Console, right-click on the server and go to "Properties".  Then, click on the "Forwarders" tab and enable forwarders.  Add the two IP addresses (66.28.0.45 & 66.28.0.61) to the list of forwarders and click OK a few times.  :)

For the record, samccarthy's way is the best practice.

<-=+=->
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

LasareathAuthor Commented:
Thanks Alot SplinterCell5894 , samccarthy , oBdA !

I would love to split the 500 points between the three of you's but I can't figure out how.

Thanks,

Lasareath

I think this page needs some updates. Each contributator to the answer should have a check box next to their names, I click the person(s) that should get points and then the next page asks me how to split the points, evenly or to a certian amount for each person.

0
oBdACommented:
Well, that's sort of how it works:
More than one Expert helped solve my problem. What do I do?
http://www.experts-exchange.com/help.jsp#hi69
0
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Thanks, I appreciate it!
0
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Split like the poster said above

Thanks Alot SplinterCell5894 , samccarthy , oBdA !

I would love to split the 500 points between the three of you's but I can't figure out how.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.