Local network crawls when ADSL fails? DNS setup problem on Win2003?

We have been running a Win2003 server for a couple of months now, it replaced an NT4 server.
We had some problems after install with DNS, which were resolved at the time by pointing the DNS server
in the Win2003 TCP/IP settings to ISP DNS.

We are not too interested in running DNS for a network of 20 computers, but now I'm hearing it's
mandatory for Active Directory. Therefore, is it wrong to have Win2003 point to ISP on TCP/IP settings
and not DNS Forwarders?  We have a private network, so there are no addresses visible to the Internet
(connection through NAT).

These problems came apparent when our ADSL connection failed. Now this should only affect outgoing
traffic, but now OUR INTERNAL SERVICES HAVE SLOWED TO A CRAWL!  It takes forever to log on, it
takes forever to browse files on the server and opening them fails most of the time.
I can only think of this has something to do with us pointing the Win2003 server TCP/IP settings DNS to
ISP DNS server, which is now unavailable until the connection is fixed.

So how do we configure this 'properly'? The Win2003 server doesn't need to be visible to the Internet,
in fact, better if it isn't. It just needs to download updates from the Internet (so a connection is needed),
distribute them to the private network, as well as provide AD services for this one isolated site.
And file sharing.

Thanks for your help!
LVL 4
ZaSSeRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Hi,

You're correct. DNS is mandetory for AD to function correctly. The only way you can set it up and have it working correctly is by setting all Servers and Clients to use the internal DNS Server (your 2003 Server).

The main reason for this is that Active Directory stores the locations of all Authentication Servers in DNS. These are dynamically updated Service Records and not easy to create yourself. The Server itself also needs to be able to see this for everything to agree. Effectively DNS replaces much that was provided by WINS in an NT Domain.

That leaves Internet name resolution... You can either leave it as the default which uses Root Hints (a recursive query via the Root Name Servers) you don't have to do anything to set it up this way. Or configure you ISPs DNS Servers are Forwarders in the Properties for the DNS Servers.

Your 2003 Server doesn't need to be visible from the Internet for this, it just needs to be able to talk to the outside world so it can get the answers it needs.

Hope that all makes sense.

Chris

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kupzpennyCommented:
If you do not want to use DNS internaly, I suggest add an entry in your workstation hosts.ini file that will map your server lan IP
Open hosts.ini
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
add the ff entry:
IP address of the server          server name
xx.xx.xx.xx                               server01

You have to do this on all your workstation.
Chris DentPowerShell DeveloperCommented:

No... that won't work at all.

You need to be able to find the service records (_ldap, _gc, _kerberos etc) to Authenticate against the Server. The name of the server itself is a minor issue.

Chris
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

rjropesCommented:
I presume that the problems that you are talking about are Internet related that made you point the DNS at the ISP.

The set up as previously stated is that you need to point your DNS at the windows 2003 server.

To get around the problem of not being able to resolve external hosts, if you set the DNS Server to forward all non local domains to the ISPs DNS then this will still allow you to browse and resolve external DNS

This is done by going into DNS manager, right click on server, check enable forwarders and type in the ISPs DNS servers in here

This would hopefully then keep your local up and running when the link goes down

Richard
rjropesCommented:
apologies Chris, I just basically re-wrote your answer

richard
brwwigginsIT ManagerCommented:
The one thing important thing I didn't see mentioned is that on the server, the DNS settings under tcp/ip properties needs to point to itself and NOT your ISP.

You can do as others mentioned and use forwarders to the ISP or root hints but the DNS server's settings must point to itself.
ZaSSeRAuthor Commented:
Thanks guys. It was done with hosts -file like  kupzpenny suggested back in the NT days.
But yes, we did run into problems with this approach with Win2003 & AD.

We'll change our setup accordingly. I'll let you know if there's any problem anymore, but I would say points for this one go to Chris-Dent.
Sorry Richard, you were just too late. :)
Chris DentPowerShell DeveloperCommented:

Glad I could help Zasser :)

Chris
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.