• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

DNS help

i have a windows server 2003 R2 and i want to configure dns on it.  the dns is hosted by our isp.  i have all the ip's and addresses that they gave me.  i am new to dns so i am looking for advice or direction on how to setup dns for the internal network.  the public is .org and the private interal is .local

thanks
0
amoos
Asked:
amoos
  • 13
  • 6
1 Solution
 
CraigLeslieCommented:
When you setup an Internal DNS you should not publich it externally.
Basically you should
      (1) Install the DNS software
      (2) Crate a primary zone <domain name>.local
      (3) Add a forwarder so that you internal DNS will forward to a external DNS any unknowns.
      (4) Setup any requred MX records
      (5) Setup any required Cname (www) records
      (6) Change your DHCP server and and fixed IP internal computers to you this DNS server

To check the DNS is working correctly you can use the nslookup command
0
 
amoosAuthor Commented:
ok. i have a forwarder going to my isp.  what i am curious about is how to setup the mx records and CNAME that you mentioned.
0
 
Greg GirtenDesktop Engineer IICommented:
You only need to setup any (www) records if you have an internal server. If the DNS server doesn't know where to find an address, it will forward it to the outside. If you use DHCP, set it up to use the internal DNS and have the client register themselves with DNS. Do you have a firewall inplace or are you using the Server as your firewall? If you have a firewall, then I would use your internal DNS for the server also.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
amoosAuthor Commented:
my isp gave me all the info for the mail, etc.  now how do i put it in correctly on the DC
0
 
amoosAuthor Commented:
i have already configured the external firewall and all of that is correct.  DHCP is setup and everyone internally looks to the server for ip's.
0
 
Greg GirtenDesktop Engineer IICommented:
You will need to create your zone. Highlight the server and click on forward looking zones. Right click and add new zone. Make it a primary zone, if using AD then store in AD. Select how you want to push this info from within your network (not outside), you can leave the default. Enter the name of the zone (your domain.local). Check allow secure updates if in a domain or both secure and non secure if not then finish. This will allow your clients to start recording their DNS info. Once you have the zone, then you can hightlight the zone and right click. You can then add your CNames, Aliases, MX records...
0
 
amoosAuthor Commented:
i have done all of that the way you suggested but, when i go to add mx records and cname records, it shows my .local. is this correct?? since my dns is hosted by my isp what do i need to put into the internal dns??  the ip's that the isp gave me??
0
 
amoosAuthor Commented:
my domain internally is .local.  so when i add a mx record and type in let's say www, on the next line it shows www.myinternaldomain.local, and then what should i put for the third line??  do i need to put the @ record from my isp into the internal dns??
0
 
Greg GirtenDesktop Engineer IICommented:
What www are you adding. Is it an internal such as www.myinternaldomian.local as you suggest or is it a www.externaldomain.org? 

Internal - The system adds the domain to the host name, you then give the ip address of the host.
External - Do nothing. If it is not in your DNS, then it will forward to the external DNS.
0
 
amoosAuthor Commented:
what i meant was when i want to add a record of some sort into dns i right click and for example click on alias (CNAME) when i enter mail in the first box, it automatically enters mail.mydomain.local in the second, but what do i put into the third since my dns is hosted by my isp??  my main question is that since my dns is hosted by my isp and i already put the forwarders into the forward lookup zone is there anything else that i have to do??  and i also have exchange 2003 running and it is running fine. just want to make sure that i have the dns correct.

thanks
0
 
Greg GirtenDesktop Engineer IICommented:
Your ISP will only host your outside (internet) DNS. Not your internal. If your mail.domianname.org is registered with your ISP, then no, you do not need to put it into your local DNS. The only problem is that if a user requests the webmail site and your internet connection is down, then they will not get the address. What I do is to create a zone with my outside internet name on my dns server. I then enter the host name (known by the internet) and the outside IP address (unless the outside address redirects internal, then use the internal). This keeps all lookups internal
0
 
amoosAuthor Commented:
cool.  my only last question is that i have set up a dns forward lookup zone on the server and entered forwarders that my isp gave me.  all the ip's that are in the firewall for mail and dns are pointed to my server.  are you saying that i should create another forward lookup zone??
0
 
amoosAuthor Commented:
do i need to make this zone a primary or secondary zone??
0
 
amoosAuthor Commented:
the forward zone that i have in dns now is for mydomain.local.  do i need to create a primary forward lookup zone named mydomain.org??
0
 
Greg GirtenDesktop Engineer IICommented:
First, You can setup another zone with your outisde domain name. This will allow your server to handle the request rather than passing it along to your ISP and then back in. In the case of outage from your ISP, you will still be able to your internally hosted mail.  None of this is necessary, just gives you a little protection.

Second, Make it a primary as you are not passing this info or receiving info from your ISP. You are going to enter this info manually.

Third, Yes you can but not necessary. I do just to keep the lookups inside.

For instance. My internal and external domains are the same. I have an internal DNS that takes care of my users. When it doesn't have the info, it forwards to the internet. In my internal DNS, I have my www record pointing to the outside (hosted by outside service) as well as my mail record point internal (hosted by us).

intenet DNS   www.xxxxxx.org    216.xxx.xxx.xxx
Internal DNS  www.xxxxxx.org    216.xxx.xxx.xxx

internet DNS mail.xxxxxx.org        65.xxx.xxx.xxx
internal DNS mail.xxxxxx.org         10.xxx.xxx.xxx


 
0
 
amoosAuthor Commented:
since my external and internal are different do i really need to create a new zone??
0
 
amoosAuthor Commented:
sorry let me be a little more specific.  since my internal is .local and my external is .org, do i really need to create a new zone??
0
 
Greg GirtenDesktop Engineer IICommented:
No, I would suggest you try using without creating the zone. If you have problems, then you can create the new zone.
0
 
amoosAuthor Commented:
i have been using just the one zone for three weeks now and i have not had any problems.  if i do then i will do as you have suggested.  thank you so much for all your help i really appreciate it.
0
 
amoosAuthor Commented:
the rep was very helpful and i learned a lot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 13
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now