Solved

DNS help

Posted on 2007-11-14
20
209 Views
Last Modified: 2010-04-21
i have a windows server 2003 R2 and i want to configure dns on it.  the dns is hosted by our isp.  i have all the ip's and addresses that they gave me.  i am new to dns so i am looking for advice or direction on how to setup dns for the internal network.  the public is .org and the private interal is .local

thanks
0
Comment
Question by:amoos
  • 13
  • 6
20 Comments
 
LVL 1

Expert Comment

by:CraigLeslie
ID: 20283642
When you setup an Internal DNS you should not publich it externally.
Basically you should
      (1) Install the DNS software
      (2) Crate a primary zone <domain name>.local
      (3) Add a forwarder so that you internal DNS will forward to a external DNS any unknowns.
      (4) Setup any requred MX records
      (5) Setup any required Cname (www) records
      (6) Change your DHCP server and and fixed IP internal computers to you this DNS server

To check the DNS is working correctly you can use the nslookup command
0
 

Author Comment

by:amoos
ID: 20283728
ok. i have a forwarder going to my isp.  what i am curious about is how to setup the mx records and CNAME that you mentioned.
0
 
LVL 2

Expert Comment

by:vnahc
ID: 20283731
You only need to setup any (www) records if you have an internal server. If the DNS server doesn't know where to find an address, it will forward it to the outside. If you use DHCP, set it up to use the internal DNS and have the client register themselves with DNS. Do you have a firewall inplace or are you using the Server as your firewall? If you have a firewall, then I would use your internal DNS for the server also.
0
 

Author Comment

by:amoos
ID: 20283739
my isp gave me all the info for the mail, etc.  now how do i put it in correctly on the DC
0
 

Author Comment

by:amoos
ID: 20283750
i have already configured the external firewall and all of that is correct.  DHCP is setup and everyone internally looks to the server for ip's.
0
 
LVL 2

Expert Comment

by:vnahc
ID: 20283829
You will need to create your zone. Highlight the server and click on forward looking zones. Right click and add new zone. Make it a primary zone, if using AD then store in AD. Select how you want to push this info from within your network (not outside), you can leave the default. Enter the name of the zone (your domain.local). Check allow secure updates if in a domain or both secure and non secure if not then finish. This will allow your clients to start recording their DNS info. Once you have the zone, then you can hightlight the zone and right click. You can then add your CNames, Aliases, MX records...
0
 

Author Comment

by:amoos
ID: 20283927
i have done all of that the way you suggested but, when i go to add mx records and cname records, it shows my .local. is this correct?? since my dns is hosted by my isp what do i need to put into the internal dns??  the ip's that the isp gave me??
0
 

Author Comment

by:amoos
ID: 20283989
my domain internally is .local.  so when i add a mx record and type in let's say www, on the next line it shows www.myinternaldomain.local, and then what should i put for the third line??  do i need to put the @ record from my isp into the internal dns??
0
 
LVL 2

Expert Comment

by:vnahc
ID: 20284107
What www are you adding. Is it an internal such as www.myinternaldomian.local as you suggest or is it a www.externaldomain.org?

Internal - The system adds the domain to the host name, you then give the ip address of the host.
External - Do nothing. If it is not in your DNS, then it will forward to the external DNS.
0
 

Author Comment

by:amoos
ID: 20285798
what i meant was when i want to add a record of some sort into dns i right click and for example click on alias (CNAME) when i enter mail in the first box, it automatically enters mail.mydomain.local in the second, but what do i put into the third since my dns is hosted by my isp??  my main question is that since my dns is hosted by my isp and i already put the forwarders into the forward lookup zone is there anything else that i have to do??  and i also have exchange 2003 running and it is running fine. just want to make sure that i have the dns correct.

thanks
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Expert Comment

by:vnahc
ID: 20288785
Your ISP will only host your outside (internet) DNS. Not your internal. If your mail.domianname.org is registered with your ISP, then no, you do not need to put it into your local DNS. The only problem is that if a user requests the webmail site and your internet connection is down, then they will not get the address. What I do is to create a zone with my outside internet name on my dns server. I then enter the host name (known by the internet) and the outside IP address (unless the outside address redirects internal, then use the internal). This keeps all lookups internal
0
 

Author Comment

by:amoos
ID: 20289029
cool.  my only last question is that i have set up a dns forward lookup zone on the server and entered forwarders that my isp gave me.  all the ip's that are in the firewall for mail and dns are pointed to my server.  are you saying that i should create another forward lookup zone??
0
 

Author Comment

by:amoos
ID: 20289039
do i need to make this zone a primary or secondary zone??
0
 

Author Comment

by:amoos
ID: 20289051
the forward zone that i have in dns now is for mydomain.local.  do i need to create a primary forward lookup zone named mydomain.org??
0
 
LVL 2

Expert Comment

by:vnahc
ID: 20289138
First, You can setup another zone with your outisde domain name. This will allow your server to handle the request rather than passing it along to your ISP and then back in. In the case of outage from your ISP, you will still be able to your internally hosted mail.  None of this is necessary, just gives you a little protection.

Second, Make it a primary as you are not passing this info or receiving info from your ISP. You are going to enter this info manually.

Third, Yes you can but not necessary. I do just to keep the lookups inside.

For instance. My internal and external domains are the same. I have an internal DNS that takes care of my users. When it doesn't have the info, it forwards to the internet. In my internal DNS, I have my www record pointing to the outside (hosted by outside service) as well as my mail record point internal (hosted by us).

intenet DNS   www.xxxxxx.org    216.xxx.xxx.xxx
Internal DNS  www.xxxxxx.org    216.xxx.xxx.xxx

internet DNS mail.xxxxxx.org        65.xxx.xxx.xxx
internal DNS mail.xxxxxx.org         10.xxx.xxx.xxx


 
0
 

Author Comment

by:amoos
ID: 20290055
since my external and internal are different do i really need to create a new zone??
0
 

Author Comment

by:amoos
ID: 20290066
sorry let me be a little more specific.  since my internal is .local and my external is .org, do i really need to create a new zone??
0
 
LVL 2

Accepted Solution

by:
vnahc earned 500 total points
ID: 20290078
No, I would suggest you try using without creating the zone. If you have problems, then you can create the new zone.
0
 

Author Comment

by:amoos
ID: 20290150
i have been using just the one zone for three weeks now and i have not had any problems.  if i do then i will do as you have suggested.  thank you so much for all your help i really appreciate it.
0
 

Author Closing Comment

by:amoos
ID: 31409359
the rep was very helpful and i learned a lot.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now