Configuring DNS server

Greets. Have just completed an initial Server 2003 install and I'm following along with "Mastering Windows Server 2003" in order to configure my DNS and then AD.

I understand that we want the DNS query to point to the server itself, therefore why we want to change the DNS Server IP under local connection to resolve back to the static ip of the server.

But I've installed two NIC in order to use the server as a gateway. One NIC for the LAN, then the other for Internet.

So with this in mind, should both NIC point back to themselves? Or should the NIC for the Internet side go ahead and point to my router for DNS?

Thanks.

 

Hmm, maybe I shouldn’t be using two NICs. I guess I started that way because when I installed SBS 2003 it pretty much demanded 2 NIC in order to be a secure gateway. However, googling multiple NIC for Server 2003 doesn't seem to be generating any hits.

Anyone running multiple NIC (in Server 2003) for gateway purposes?

In relation to my above post, when I try to set DNS of one NIC to point to itself, 2003 gives me an error msg stating that 2 NIC should be used for redundancy, and trying to configure them for separate networks (LAN vs Internet) would lead to errors.

Since the book makes no mention of having a second NIC, I think I'm going to disable the second one and drive on with the install while I wait for some responses.

Thanks for reading.

 

I've had what you've got going on up and running over here. The only difference I had was the 2003 Server was doing the routing by running RRAS. No router in between.

1. NIC 1 - went to the Internet configured with one of my static IP's / Mask / Gateway and my DNS setting's for that NIC pointed to DynDNS's ns1 & ns2 Name Servers.
2. NIC 2 - was also static IP'd at x.x.x.1 and provided my DHCP pool 192.168 range of addresses to my internal network. The internal networks DNS was handed out to be NIC 1's IP via DHCP options along with the gateway being NIC 2's IP.

I remember getting bitched at about "multiple gateways" but I just saved my settings and continued.

Worked just fine.

Why are you using 2 NIC's if you already have a device doing the routing?

Then I tried the same approach with 10 NIC's and 5 IP's for 5 different internal networks. That was fun!


One of the Mod's will come along and explain it alot clearer than I can. I **** at "explaining by text ". Just sit tight.

 

Why 2 NIC w/ a router? Starting to wonder the same thing.

Eventually I wanted to try ISA 2004, and I guess SBS just kind of stuck in my head that I needed two NIC to 'funnel' the clients through the server to the net. Clients in one, traffic out to the net on the other. Reason being to force them to go through ISA instead of directly to the router. But I'm starting to wonder if that is even needed.

Right now I'm set up in a lab with two clients, 2003 server, router, cable modem for test purposes. The work environment will be the same except for additional clients.

What I'm shooting for:
25 clients to go through the server, to the router, out the net. I do not need DHCP as all clients have to be on static IP. Just take my word on that one, we have an in-house application that requires it. I have to keep the router as its a dual-wan router that is feed from a dsl-modem and a cable-modem.

Goals:
I'm hoping to better protect the LAN with ISA along with enacting some restrictions on the clients, and all the other common benefits of running a domain (shares, storage, etc.)

Thanks for the comments.

 

Not to help your delimma but I just don't have a "Warm and fuzzy" about a MS server being exposed to the net.
I want a real hardware firewall doing that task built by someone that building firewalls is their job not operating systems.

Just my opinion!

 

My sentiments exactly!

While I can understand that some may consider it a little more complicated than needed, my situation as far as Internet use and policies are pretty simple. No VPN, Remote users etc. So the added layer is welcome for me.

I've had something else come up so I've had to put this project on hold until mid-next week. Hopefully we can get some more comments on single vs multi NIC usage by then.

 

I have no problems with running MS 2003 as a router box, or a Debian & Shorewall box as a router/firewall, or a FreeBSD & mOnOwall box as a router/firewall. Why pay Watchguard $$$ when you can learn and do for oneself?

Wanna try and pop any of the above config's?

 

Because they are not that expensive, and if one fails, I can easily drop another one into it's place.

Nothing wrong with creating your own firewall with the sorts of combinations you describe, but dedicated hardware is simpler. Perhaps I'm just a lazy network manager. I like the easy life too much