Creating Forward LookUp zones on Windows dns server
Hello Experts,
I am following these steps for setting up a DNS server on Windows 2008 R2:
What you need to do is the following...(high level steps)
- Leave the DNS server on a workgroup - DONE
- Change the DNS suffix on the machine to the same as your AD domain - DONE
- Create the zones on the DNS server
*** I am unclear about this step. I went through the wizard and created the default Forward Lookup zone With (SAO) and (NS).Do I need to configure it further??? ***
- Configure root hints and add your domain controller to it
*** What does this mean exactly and how do you do it ? ***
- Restart your DNS server
- Point a client to the new DNS server and test it
- Add your internet DNS settings under the forwarder on the new DNS server
*** I know I want all sites on the Internet to resolve on this DNS server before going to client but how do you do this for all sites on the Internet?? ***
Thanks!
I am following these steps for setting up a DNS server on Windows 2008 R2:
What you need to do is the following...(high level steps)
- Leave the DNS server on a workgroup - DONE
- Change the DNS suffix on the machine to the same as your AD domain - DONE
- Create the zones on the DNS server
*** I am unclear about this step. I went through the wizard and created the default Forward Lookup zone With (SAO) and (NS).Do I need to configure it further??? ***
- Configure root hints and add your domain controller to it
*** What does this mean exactly and how do you do it ? ***
- Restart your DNS server
- Point a client to the new DNS server and test it
- Add your internet DNS settings under the forwarder on the new DNS server
*** I know I want all sites on the Internet to resolve on this DNS server before going to client but how do you do this for all sites on the Internet?? ***
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Mahesh- According to OP and last thread, it's all workgroup.
Where is the DHCP and what name servers does it push to the clients or are they all setup with static IPS and no name server records.
ASKER
Hello All - Thanks for all your comments. I believe I have this working now.
I used a forwarder to my firewall (The primary DNS before although I had been pointing to Google and OpenDNS on each client as well) and understand Root Hints will take over if forwarder does not resolve queries.
I did not enable Dynamic updates when creating my forward lookup zone but would to try this in a couple of days as they are still getting a couple of "Host not Found: messages.
1. With Dynamic updates enabled will the the DNS file keep building for sites/ips as they are requested?
2. Can this give me a better local cache and less page failures due to host not found?
3. I remember this option when I set up the DNS server but did not enable it at that time. I am looking at the properties of my forward lookup zone now on the General tab but it won't let me enable Dynamic Updates there.
Do I need to delete the forward lookup zone and recreate it in odder to enable dynamic updates?
Thanks!
I used a forwarder to my firewall (The primary DNS before although I had been pointing to Google and OpenDNS on each client as well) and understand Root Hints will take over if forwarder does not resolve queries.
I did not enable Dynamic updates when creating my forward lookup zone but would to try this in a couple of days as they are still getting a couple of "Host not Found: messages.
1. With Dynamic updates enabled will the the DNS file keep building for sites/ips as they are requested?
2. Can this give me a better local cache and less page failures due to host not found?
3. I remember this option when I set up the DNS server but did not enable it at that time. I am looking at the properties of my forward lookup zone now on the General tab but it won't let me enable Dynamic Updates there.
Do I need to delete the forward lookup zone and recreate it in odder to enable dynamic updates?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks:
2) Dynamic updates doesn't have anything to do with the workstations still not working. Dynamic updates allow your internal hosts to dynamically update their own DNS entries on the DNS server. It doesn't sound like your hosts will have any entry at all since this isn't an AD installation. (See https://technet.microsoft.com/en-us/library/cc771255.aspx)
***
OK - I think I understand. Dynamic updates will not build a table of DNS entries on the DNS server that is not already on the client computers?
***
3) Local cache is fine, but you shouldn't need one. The local cache just speeds things up, but you shouldn't be getting host not found for valid hosts ever.
***
They are getting Host Not Found messages sporadically when accessing the same websites. It seems to happen when the connection is bottle necked (128 K and maxed out). I figured anyway to speed up the DNS resolving process the better?
***
4) I don't understand why you'd need a windows based DNS server at all that forwards to your firewall's dns server. I don't see a reason that you couldn't just use the firewall's dns server for the client machines in this small environment.
***
I had been (and still am using) the firewall's DNS server but they were getting Host Not Found messages. (usually but not always during high congestion times)
***
2) Dynamic updates doesn't have anything to do with the workstations still not working. Dynamic updates allow your internal hosts to dynamically update their own DNS entries on the DNS server. It doesn't sound like your hosts will have any entry at all since this isn't an AD installation. (See https://technet.microsoft.com/en-us/library/cc771255.aspx)
***
OK - I think I understand. Dynamic updates will not build a table of DNS entries on the DNS server that is not already on the client computers?
***
3) Local cache is fine, but you shouldn't need one. The local cache just speeds things up, but you shouldn't be getting host not found for valid hosts ever.
***
They are getting Host Not Found messages sporadically when accessing the same websites. It seems to happen when the connection is bottle necked (128 K and maxed out). I figured anyway to speed up the DNS resolving process the better?
***
4) I don't understand why you'd need a windows based DNS server at all that forwards to your firewall's dns server. I don't see a reason that you couldn't just use the firewall's dns server for the client machines in this small environment.
***
I had been (and still am using) the firewall's DNS server but they were getting Host Not Found messages. (usually but not always during high congestion times)
***
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thanks...
"A local cache would help with that. How many users are on this 128k line?"
10 - 15 users. Will my Windows DNS Server set up a local cache if it is not forwarding?
"So get rid of the firewall's dns server. Why not just set forwarders right in the windows DNS server. Use 8.8.8.8 and 8.8.4.4. That will completely bypass your firewall's DNS server. WHy have an internal dns server (Windows DNS) ask another internal dns server (firewall) that then has to ask outside anyway?"
Hmm - good question
1. So if I set up my windows DNS server (call it x.x.x.2) to forward directly to Google DNS servers will it also build a cache of websites as users access them? This is what I am really trying to accomplish here (to prevent requests going out and back from Google DNS on the web for every single website for every user). Bandwidth is at a premium here.
2. Configure each client to use x.x.x.2 DNS as primary and firewall DNS as secondary. This way x.x.x.2 will always be used first with a local cache and firewall DNS will only be used if Windows DNS (x.x.x.2) doesn't work for some reason.
Does this sound reasonable?
Thanks!
"A local cache would help with that. How many users are on this 128k line?"
10 - 15 users. Will my Windows DNS Server set up a local cache if it is not forwarding?
"So get rid of the firewall's dns server. Why not just set forwarders right in the windows DNS server. Use 8.8.8.8 and 8.8.4.4. That will completely bypass your firewall's DNS server. WHy have an internal dns server (Windows DNS) ask another internal dns server (firewall) that then has to ask outside anyway?"
Hmm - good question
1. So if I set up my windows DNS server (call it x.x.x.2) to forward directly to Google DNS servers will it also build a cache of websites as users access them? This is what I am really trying to accomplish here (to prevent requests going out and back from Google DNS on the web for every single website for every user). Bandwidth is at a premium here.
2. Configure each client to use x.x.x.2 DNS as primary and firewall DNS as secondary. This way x.x.x.2 will always be used first with a local cache and firewall DNS will only be used if Windows DNS (x.x.x.2) doesn't work for some reason.
Does this sound reasonable?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> I don't know how strict Windows PC's are with the order that DNS servers are entered.
Not really relevant, but:
Moderately so, but it can cause problems in instances where the primary DNS service is providing responses about internal resources and where any other DNS service listed cannot. Negative responses are cached, and if the client does slip onto the secondary / tertiary / quaternary DNS servers listed it won't shift back very quickly (nominally 15 minutes).
Linux and Unix have the problem the other way around (without a bit of tweaking), they always queries DNS servers in order (have no local caching client). This can lead to slow service operation which isn't ideal either.
Anyway, if there are no local resources to resolve it's moot.
Chris
Not really relevant, but:
Moderately so, but it can cause problems in instances where the primary DNS service is providing responses about internal resources and where any other DNS service listed cannot. Negative responses are cached, and if the client does slip onto the secondary / tertiary / quaternary DNS servers listed it won't shift back very quickly (nominally 15 minutes).
Linux and Unix have the problem the other way around (without a bit of tweaking), they always queries DNS servers in order (have no local caching client). This can lead to slow service operation which isn't ideal either.
Anyway, if there are no local resources to resolve it's moot.
Chris
ASKER
Thanks All!
OR all your clients in workgroup?