Solved

DNS Setting for Domain controller

Posted on 2014-02-18
12
440 Views
Last Modified: 2014-02-21
Have a small domain and needed a hurry up domain controller installed.

Running well enough but routinely run into issues with public and domain name resolution.

I'm sure I never set the forwarding for the public DNS on the controller right.  Any good checklist reviews for verifying my set up and what i may have done wrong/missed?

This is a Windowss 2008 server...
0
Comment
Question by:VirtualKansas
  • 8
  • 3
12 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 39868477
Hi,

Which computers are having the public/private issues?  The client pcs?  the server?  Are you using DHCP coming from the Domain Controller?

- gurutc
0
 

Author Comment

by:VirtualKansas
ID: 39868528
The client PC's.  It's been nearly a year since I set up this network, so not positive where DHCP is, but it appears its not on the DC.  

This is a really strange network because we have field offices that are tunnel VPN'ed to HQ and really strange in that no one is really ever in the HQ office.  So field offices come & go and there is a lot of tunnel and other VPN that consumes these services.
0
 

Author Comment

by:VirtualKansas
ID: 39868532
I think I may simply failed to take the time to set up forwarders in the DNS of the DC's for public name resolution.  Chicken & egg problem; field offices got set up before there was ever a domain.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39868538
deal, nothing configured on the adapters for public resolution, right?

sounds like you're ciphered.

- gurutc
0
 

Author Comment

by:VirtualKansas
ID: 39868551
OK; I'm at HQ office in proximity of a back up DC.  The primary believe it or not is in a field office.  The back up DC is set for primary DNS as a loop back and secondary as the PDC.  No public DNS on this adapter.
0
 

Author Comment

by:VirtualKansas
ID: 39868561
OK; checked PDC and same.  1st lookup is self, 2nd is another DC.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 16

Expert Comment

by:gurutc
ID: 39868562
yes sometimes that'll do the trick if you've got a public DNS anywhere.

- gurutc
0
 

Author Comment

by:VirtualKansas
ID: 39868572
don't think i have a public dns anywhere
0
 

Author Comment

by:VirtualKansas
ID: 39868583
so kind of jack of all master of none, here; do i need to add a forwarder for public dns?  is that my loose end?
0
 

Author Comment

by:VirtualKansas
ID: 39868909
yes; definitely need help.  Certain external dns not resolving when in the HQ LAN.  Forwarder?
0
 
LVL 18

Accepted Solution

by:
sarang_tinguria earned 500 total points
ID: 39870117
Refer Below link for DNS best Practices...


How we should Configuere DNS on our DC :-->

Every DNS server should Point to its own IP as a primary DNS and DNS located in remote site as a secondary DNS in TCP/IP properties
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294


If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"

DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=WS.10).aspx

Checklist: Deploying DNS for Active Directory
http://technet.microsoft.com/en-us/library/cc757116(v=ws.10)

DNS Arguments

http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest


http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 

Author Closing Comment

by:VirtualKansas
ID: 39877282
I'll take this as the best answer.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
L2 to EIGRP slow migration? 27 64
IE 9 will not update to 11 on server 2008 27 14
server plus 2 47
iPad Won't Connect 16 42
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now