Solved

How to configure win 2k3 DNS so it won't try to register it to internet dns roots?

Posted on 2007-03-22
8
254 Views
Last Modified: 2010-04-18
Hi

I have a win2k3 r2 server and it has dns and ad configured to it. I'm also going to configure exchange on it later. Now I need to know how I can stop the server from trying to register itself to Internet dns root servers? I'm using .fi instead of .local because I want the users to use the same login for email and domain. This is the only server in the domain. Only the mydomain.fi MX records should point to this server.

Servers DNS configuration:
The servers dns configuration points to itself as the primary dns server. Secondary dns is a public one. The has one forward lookup zone that is mydomain.fi. I don't use forwarders. Should I use them and remove all the root servers from the config?


This is what the server tries to do:

The dynamic registration of the DNS record '_ldap._tcp.1e0caf58-17a3-4a92-8e63-6e5648b23c41.domains._msdcs.mydomain.fi. 600 IN SRV 0 100 389 CTSRV.mydomain.fi.' failed on the following DNS server:

DNS server IP address: 212.86.0.9
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
Or, you can manually add this record to DNS, but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:juzamx3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 22

Expert Comment

by:dan_blagut
ID: 18772988
Hi
Better leave the server to regester in its own DNS. You need this because of AD. Then you need to host the yourdomain.fi record at the ISP. And there you will add also the MX reccord. In that scenario form internet they see what your ISP show... meaning 3 or 4 reccord, and your client in the network will see full DNS reccord including the AD reccord. Be carefoull because if you lost the DNS you lost AD also.

Dan
0
 

Author Comment

by:juzamx3
ID: 18773229
But I don't wan't to register mydomain.fi to any ISP because www.mydomain.fi website is on a different server and I'm not hosting that server. All I need is the MX records to point to this server is this possible?

Doesn't Exchange need that I have forwarding zone mydomain.fi and that my AD domain is mydomain.fi? Or could I just rename my domain to mydomain.local and still point the MX of mydomain.fi to this server? This way the server wouldn't try to register it to ISP. I'm just learning Exchange :(
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 250 total points
ID: 18773362
OK then
On the IP config for the server put for DNS address local IP (meaning the server it self). With that your AD domain will be OK.
Configure the DNS server to use Forwarders and there put the DNS address from your ISP. That will allow to browse Internet. Add manually on the DNS zone a reccord for www with the IP from your hosted server.
When you will install Exchange send a request to append a MX record to your domain with your external IP and allow trafic to port 25.
The better option is to use yourdomain.local for intern and yourdomain.fi for extern, but can be done with only one domain. The ideea is to keep your DNS invisible from internet.
How is configurated your network now (routers, servers)?

Dan
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:juzamx3
ID: 18774195
The situation is that this server is on a server hotell and the clients are on the customer site. Clients will use the server as mail server and they will also use erp on the server where they need windows authentication from the domain. Clients connect via VPN. The cu doesn't have any other server so can't use internal and external dns .

The server is behind firewall.

"Add manually on the DNS zone a reccord for www with the IP from your hosted server." hmm... why should I do this? Should I point every DNS record of mydomain.fi to this server on the serverhotel and then it would be responsible for the whole zone? This zone is now hosted by ISP and the cu would like to keep it this way. So is it possible to use the server mydomain.fi just as a mail server?
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 18774621
ok
you need a dns for your domain that must be on that server or other windows 2k server and must be keept private. you also need a dns zone with a www record and a mx record visible from internet. that allow users and servers to see your internet site and send you e-mails. in a standard network the internal zone is internal.local and the external is external.com. this two zones can be hosted on same server or on a diferent server, but the internal.local must remain private only for your clients computers. the external.com can be hosted anywhere.
in your case you have 2 zone (which have same name, but this is not a problem) one for local use that is hosted on  your server and a zone on ISP server. that is your external zone.
your clients computer will  use your server as dns server (that is a must for loging on the domain) so they don't have any ideea that you have 2 zones with same name, for that you need www record.
also your server must point to him self for dns. the name resolution for internet will be provided by your server by forwarder so your clients and the server will be able to browse the internet.
A last question: your clients computers made a vpn connection to server; do you use dns name or IP address for vpn server?

Dan
0
 
LVL 12

Assisted Solution

by:Donnie4572
Donnie4572 earned 250 total points
ID: 18775477
For the TCP/IP properties add only the inside active directory dns server. If you have two of them then you may add a second one.

It is bad idea for clients inside to go outside to resolve dns request.

Understand the difference between dns client and dns server. A dns client that is a member of active directory should never go outside for dns. A dns server can go outside but only in the way of forwarder.

On the dns server you may add a forwarder or you may allow the dns server to resolve the request directly from the root servers. It is better to add the inside ip address of your firewall as a forwarder and let the firewall proxy the the dns request it depends if your firewall supports dns proxy.

Also, you may add the ISP dns server as a forwarder but I don't like this one as your internet connection has additional point of failure because if your ISP dns is down your internet goes down.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20324338
Forced accept.

Computer101
EE Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question