How to configure win 2k3 DNS so it won't try to register it to internet dns roots?

Hi

I have a win2k3 r2 server and it has dns and ad configured to it. I'm also going to configure exchange on it later. Now I need to know how I can stop the server from trying to register itself to Internet dns root servers? I'm using .fi instead of .local because I want the users to use the same login for email and domain. This is the only server in the domain. Only the mydomain.fi MX records should point to this server.

Servers DNS configuration:
The servers dns configuration points to itself as the primary dns server. Secondary dns is a public one. The has one forward lookup zone that is mydomain.fi. I don't use forwarders. Should I use them and remove all the root servers from the config?


This is what the server tries to do:

The dynamic registration of the DNS record '_ldap._tcp.1e0caf58-17a3-4a92-8e63-6e5648b23c41.domains._msdcs.mydomain.fi. 600 IN SRV 0 100 389 CTSRV.mydomain.fi.' failed on the following DNS server:

DNS server IP address: 212.86.0.9
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
Or, you can manually add this record to DNS, but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
juzamx3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dan_blagutCommented:
Hi
Better leave the server to regester in its own DNS. You need this because of AD. Then you need to host the yourdomain.fi record at the ISP. And there you will add also the MX reccord. In that scenario form internet they see what your ISP show... meaning 3 or 4 reccord, and your client in the network will see full DNS reccord including the AD reccord. Be carefoull because if you lost the DNS you lost AD also.

Dan
0
juzamx3Author Commented:
But I don't wan't to register mydomain.fi to any ISP because www.mydomain.fi website is on a different server and I'm not hosting that server. All I need is the MX records to point to this server is this possible?

Doesn't Exchange need that I have forwarding zone mydomain.fi and that my AD domain is mydomain.fi? Or could I just rename my domain to mydomain.local and still point the MX of mydomain.fi to this server? This way the server wouldn't try to register it to ISP. I'm just learning Exchange :(
0
dan_blagutCommented:
OK then
On the IP config for the server put for DNS address local IP (meaning the server it self). With that your AD domain will be OK.
Configure the DNS server to use Forwarders and there put the DNS address from your ISP. That will allow to browse Internet. Add manually on the DNS zone a reccord for www with the IP from your hosted server.
When you will install Exchange send a request to append a MX record to your domain with your external IP and allow trafic to port 25.
The better option is to use yourdomain.local for intern and yourdomain.fi for extern, but can be done with only one domain. The ideea is to keep your DNS invisible from internet.
How is configurated your network now (routers, servers)?

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

juzamx3Author Commented:
The situation is that this server is on a server hotell and the clients are on the customer site. Clients will use the server as mail server and they will also use erp on the server where they need windows authentication from the domain. Clients connect via VPN. The cu doesn't have any other server so can't use internal and external dns .

The server is behind firewall.

"Add manually on the DNS zone a reccord for www with the IP from your hosted server." hmm... why should I do this? Should I point every DNS record of mydomain.fi to this server on the serverhotel and then it would be responsible for the whole zone? This zone is now hosted by ISP and the cu would like to keep it this way. So is it possible to use the server mydomain.fi just as a mail server?
0
dan_blagutCommented:
ok
you need a dns for your domain that must be on that server or other windows 2k server and must be keept private. you also need a dns zone with a www record and a mx record visible from internet. that allow users and servers to see your internet site and send you e-mails. in a standard network the internal zone is internal.local and the external is external.com. this two zones can be hosted on same server or on a diferent server, but the internal.local must remain private only for your clients computers. the external.com can be hosted anywhere.
in your case you have 2 zone (which have same name, but this is not a problem) one for local use that is hosted on  your server and a zone on ISP server. that is your external zone.
your clients computer will  use your server as dns server (that is a must for loging on the domain) so they don't have any ideea that you have 2 zones with same name, for that you need www record.
also your server must point to him self for dns. the name resolution for internet will be provided by your server by forwarder so your clients and the server will be able to browse the internet.
A last question: your clients computers made a vpn connection to server; do you use dns name or IP address for vpn server?

Dan
0
Donnie4572Commented:
For the TCP/IP properties add only the inside active directory dns server. If you have two of them then you may add a second one.

It is bad idea for clients inside to go outside to resolve dns request.

Understand the difference between dns client and dns server. A dns client that is a member of active directory should never go outside for dns. A dns server can go outside but only in the way of forwarder.

On the dns server you may add a forwarder or you may allow the dns server to resolve the request directly from the root servers. It is better to add the inside ip address of your firewall as a forwarder and let the firewall proxy the the dns request it depends if your firewall supports dns proxy.

Also, you may add the ISP dns server as a forwarder but I don't like this one as your internet connection has additional point of failure because if your ISP dns is down your internet goes down.
0
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.