• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

TCP/Ip on server

which address should one use in the prefered DNS server and the Altrenate DNS server in the TCP/IP properties on a server

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CCOFFSET>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Branch1
   Primary Dns Suffix  . . . . . . . : ccoffset.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ccoffset.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-13-72-FD-D4-C6
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.76
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.76
                                       64.115.0.9
                                       64.115.0.10
                                       27.0.0.1

C:\Documents and Settings\Administrator.CCOFFSET>
0
meteorman
Asked:
meteorman
  • 14
  • 11
  • 5
  • +1
1 Solution
 
JBond2010Commented:
If you have a Windows Server as a Domain Controller performing DNS, then the preferred the DNS address would be the ip address of the Server. Also, if the Domain Controller is also doing DHCP you would configure the scope options with the ip address of the Server for DNS and the client PCs would be using this ip for name resolution.

Alternate ip address for DNS would be used if you had a second Domain Controller also performing DNS and event that one server would fail you would have a second server in place for fault tolerance and redundancy.
0
 
arnoldCommented:
ADding to Jbond2010's comment, the IP addresses used in Name server sections of LAN computers in an an AD should be those of the DC's in the environment (two preferred which provides fault tolerance in the event on DC dies due to hardware failure without the costly and time consuming restore of a DC from backup).

You should not reference external DNS on the workstations. This is what adds a delay during logon when the external DNS server is queried for information on yourdomain.local.
0
 
KCTSCommented:
Expanding on the above comments, it seems that your current set-up is that your machine is using itself as internal DNS server (192.168.2.76) - this is correct

You however have external DNS servers listed as alternate DNS servers 64.115.0.9, 64.115.0.10 and 27.0.0.1 - these MUST be removed - only internal DNS servers should ever appear as preferred or alternate DNS servers. References to external DNS server must only appear as forwarders in the DNS console.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
meteormanAuthor Commented:
Does using a firewall appliance for DHCP have an effect on DNS
0
 
JBond2010Commented:
I would recommend using DHCP on Server for client stations as oppose to DHCP on your Router/Firewall. DHCP on the Server can able to interact with DNS on your Server by updating client A and PTR records.
0
 
KCTSCommented:
Also - DHCP on a router/firewall is not as configurable as that on the server - most tend to list the router/firewall itself or the ISP Server as the DNS server - this will cause issues with internal name resolution on the domain - the only DNS server any client should be aware of is your own internal DNS server.
0
 
meteormanAuthor Commented:
Do you need to add forwarders for the desktops to obtain internet?
0
 
meteormanAuthor Commented:
The desktops on the network do not reflect the DNS address in IPconfig
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator.CCOFFSET>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.2.8
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.1

C:\Documents and Settings\Administrator.CCOFFSET>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : D7V2Y6D1
        Primary Dns Suffix  . . . . . . . : ccoffset.local
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ccoffset.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) 82566DC Gigabit Network Con
nection
        Physical Address. . . . . . . . . : 00-16-76-D0-96-CD
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.2.8
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.1
        DHCP Server . . . . . . . . . . . : 192.168.2.1
        DNS Servers . . . . . . . . . . . : 64.115.0.9
                                            64.115.0.10
                                            27.0.0.1
        Lease Obtained. . . . . . . . . . : Monday, April 25, 2011 6:05:09 PM
        Lease Expires . . . . . . . . . . : Monday, May 02, 2011 4:44:09 PM

C:\Documents and Settings\Administrator.CCOFFSET>
0
 
JBond2010Commented:
First thing to do is disable DHCP on your Router/Firewall. Then go to Administrative Tools and open DHCP start the service. You can go through the options and configure the scope options - Router, DNS etc. Then make sure to Authorise the DHCP Server.
0
 
meteormanAuthor Commented:
Good practice would be to preform that on site. How would you Authorize the DHCP server
0
 
JBond2010Commented:
The only scope options you need to configure are, 003 Router = ip address of your Router/Firewall, 006 DNS Servers = Server ip address, 015 DNS Domain Name = Active Directory Name eg: domain.local, 044 WINS/NBNS = Server ip address.

You also need to configure the address pool which your case depending on how clients are on the network.

Your subnet mask is 255.255.255.0 so this means that you can have 254 hosts.

if you only have say 20 -30 hosts on your network then make the address pool say 192.168.2.100 to say 192.168.2.50. This is your choice.
0
 
JBond2010Commented:
In my previous comment on the last line it should be 192.168.2.100 to say 192.168.2.150. You can change this to what ever you want eg: 192.168.2.1 to say 192.168.2.254
0
 
JBond2010Commented:
You would Authorize the DHCP Server by right clicking on the Server Node and then select Authorize.
0
 
JBond2010Commented:
Just one other thing to note. On the client PCs you will need to reboot them so they can get the new ip schemas or you can open the command prompt on each station and type: ipconfig /release and press enter and then ipconfig /renew and press enter and they should receive the new schemas.
0
 
arnoldCommented:
Some Routers provide an option to include the DNS in the settings they push as part of the DHCP IP assignment.

Best practice is to have a windows DHCP server allocating IP.  DHCP is not a resource intensive application.
Setting up a pair with each configured to allocate a portion will provide for fault tolerance should one fail.
I.e. often recomendations are to use a 80/20 split (I'd suggest setting up a 70/30 split)
i.e. DHCP server a with a scope of 192.168.2.2-192.168.2.254 will allocated 154 IPs while server B will allocate 60.
This accounts for the 32 static IPs that one should always reserve
i.e.
scope 192.168.2.2-192.168.2.254
reserved on both for static 192.168.2.2-192.168.2.31

Server A will allocate IPs 192.168.2.32-192.168.2.185
reserved-allocateable by server B 192.168.2.186-192.168.2.245
reserver for other purpose 192.168.2.246-192.168.2.254

Serverb
reserved -allocateable by server a 192.168.2.32-192.168.2.186
reserver for other purpose 192.168.2.246-192.168.2.254

There is within the DHCP management interface, properties of the server, conflict detection which you can use to make sure that your DHCP server does not allocate AN ip that is already in use (i.e. someone mistakenly configured a static IP from a dynamic range, etc.)
0
 
meteormanAuthor Commented:
Will all this keep the network folders connected without the users need to log on or off?

Thank you all
0
 
JBond2010Commented:
As I said in my previous comment you can update the new schemas on the PCs by opening the command prompt and typing ipconfig /release and press enter and then ipconfig /renew and press enter and that should do the trick. They shouldn't need to logoff.
0
 
meteormanAuthor Commented:
The curious part of all this is that it wasn't happening before a couple of weeks ago. When I inherited this network it was running without this symptom. And yes the firewall does push out DNS settings.
0
 
arnoldCommented:
Make sure to block off the IP range that you are currently using for static. If you had IP reservation setup on the Router (dhcp using MAC address set a specific address) you have to replicate this on your windows DHCP configuration.

Provided you take into account what the current IP allocations are and use the conflict detection mechanism, you will minimize the possibility that the windows DHCP will allocate an IP that is already in use (caveat that a firewall on a workstation that does not allow ICMP  pings will be seen as not in use.)

Best practice for the transition is to exclude/reserve the IP range currently being allocated by the routers DHCP  on the windows DHCP.
You can always delete the exclusion/reservation range

This way the people will not need to be disturbed. Once the Lease of the IP expires the workstation will broadcast the request to see whether it can keep its current IP which will be denied at which point it will ask and get a new one.
0
 
JBond2010Commented:
The default lease duration in DHCP is 8 days. You can set this to 1 day if you prefer. Then the clients that are configure for DHCP will request a new ip. Clients that have static ips or reservations that you have setup in DHCP or exclusions will remain the same.

This is how DHCP works:

client ---------------------> DHCP Server
           DHCP Discover

        <---------------------
           DHCP Offer

         --------------------->
           DHCP Request

         <--------------------
           DHCP Ack
0
 
meteormanAuthor Commented:
How do you set up the server so the workstations can get on the internet?
0
 
JBond2010Commented:
In DHCP the only scope options you need to configure are, 003 Router = ip address of your Router/Firewall, 006 DNS Servers = Server ip address, 015 DNS Domain Name = Active Directory Name eg: domain.local, 044 WINS/NBNS = Server ip address.

These will be the ip addresses the client stations will receive. 003 Router IP is the gateway address for the client stations to connect to the internet.

Like I said in my previous comment, to update new schema on the PCs ASAP, open the command prompt and type: ipconfig /release and press enter and then type: ipconfig /renew.
0
 
meteormanAuthor Commented:
003 Router                    192.168.2.1
006 DNS Servers            192.168.2.76
015 DNS Domain             ccoffset.local
044 WINS/NBNS            192.168.2.76

scope 192.168.2.1 - 192.168.2.254
reservation 192.168.2.1-.192.168.2.10
reservation 192.168.2.76

This looks ok

Should I setup a reverse lookup
0
 
JBond2010Commented:
Yes, this looks ok! There is no need to set a reservation for the Server IP Address - 192.168.2.76 as this will be a static ip address not DHCP ok and this would be the same for 192.168.2.1. You would only really need to set an exclusion for the Server ip address.
0
 
meteormanAuthor Commented:
I don't have to exclude the firewall appliance?
0
 
arnoldCommented:
reverse lookup is up to you, but is a good practice to have forward/reverse zones configured.
The addition of the reverse zone will also avoid the transmission of DNS packets (if you use forwarders) for the private IP space.
192.168.0.0/16
172.16.0.0/19
10.0.0.0/8
0
 
JBond2010Commented:
No!
0
 
meteormanAuthor Commented:
Arnold I just Add those exact addresses in the reverse Zone?

0
 
JBond2010Commented:
That's fine. Forward Zones mapped names to ip addresses and reverse zones mapped ip addresses to names.
0
 
arnoldCommented:
You would add a 192.168
Then within it you would add the second to last octet as a reference which will create a 192.168.2
this is the zone where your Reverse records will go.  You can configure your DHCP server to register the reverse.
the workstations often have the default behavior to register the name/IP in DNS as well.

With the 172.16 is more complicated and if you so wish has to be added one at a time
the 172.16.0.0/12 and not /18 my mistakes.
172.16.0.0
172.17.0.0
.
.
172.31.0.0

172.16.0.0 255.255.0.0
0
 
meteormanAuthor Commented:
I wanted to thank all the people on this string for helping me. Everything worked out.
0
 
JBond2010Commented:
@ meteorman, your welcome:)
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 14
  • 11
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now