DNS Gurus I need some help

I seem to really struggle with DNS. I have read and read and it just doesn't seem to sink in.
I am one of those people that learn by doing and not by reading and unfortinately I cant find anyone to show me.

So I'm going to ask for some help from one of you veterans that can explain the setup steps in a very basic way.


Heres scenerio number one.

Windows 2000 Server configured as a domain controller.
The local domain is the same name as their hosted internet domain name.
We will call it domain.com (to protect the inocent )

Server is connected to the internet via cable modem and router.
Server has a local static ip of 10.0.0.5

DNS appears to not be running at this time. It is installed and running but not configured and running up log errors by the dozen.

First Question
Static IP Configuration
Configuring the NIC of the server. Where do I point the nic for DNS?
Point to itself? Or to ISP's DNS Servers?

Second Question
I know how to add Forward and Reverse Lookup Zones but I dont know how to answer the questions being asked in the wizzards.

Any Help would be appreciated. I know it's hard to picture this in your mind without hands on.

Thanks.

Scenerio number 2 would be same as above except domain.local instead of .com

 

I would start by saying that Windows DNS servers by default, should know the addresses of the root internet servers. That is the root servers that look after the COM, NET, AC, ORG, MIL etc. top level domains. Therefore you do not HAVE to assign forwarders or set up a remote DNS on the server's network card, for the DNS server to resolve internet addresses outside its own name space.

The reason for using forwarders is to communicate with other DNS servers in your organisation. They can also be used to grab information from your ISP's DNS servers which can be useful. However, if this is the only DNS server in your network, don't add complication to the set up by adding forwarders.

The big gottcha with this is that on Win 2000 servers (I don't know if 2003 servers behave the same way. NT4 doesn't.), if you set up DNS without having an active connection to the internet (a perfectly reasonable thing to do in my opinion), the server will automatically assume it is the root server and that there are no other root servers out there. This is a pain in the place where these sort of pains reside. If this happens your DNS server will refuse to resolve names outside of its name space, which will effectively stop internet access. Fortunately it is very easy to fix this problem. If the problem has occured, in the DNS tree structure you will see a folder labelled with a single dot (.). This is the root folder. To get the server to work properly, all you have to do is delete this dot folder.

Second, for a small to medium size network residing behind a NAT router/firewall (so using private IP addresses) I would strongly recommend that you do NOT use your public domain name as your local domain name. Instead use a .local name space. For example mycompany.local. If you use your public address space within your local network you can get into a muddle - the most common one is being unable to access your own internet site from within your network (a problem that is fixable, but need not happen in the first place). This way your ISP can look after your external public DNS address space, and all you have to manage is you own .local address space.

As far as setting up a DNS server is concerned. I'd suggest working in this way:

1. Install the DNS service/server. Delete the dot folder if it is present. Test the server as it is. In this format it is a caching server (in effect an internet only name resolving service). In this format you should be able to use it to resolve internet addresses to IP addresses. Test it by setting up a client computer with this server as its DNS server. Then do a "PING WWW.GOOGLE.COM" and/or a "NSLOOKUP WWW.GOOGLE.COM ".
2. Once you are happy that the DNS server is resolving internet names, the next job is to add a local domain. By far the easiest way to do this is to use the wizard. If memory servers me right the wizard also gives you the option to automatically set up reverse lookup zones for the new domain. If it does take this option. Then test this by pinging the server by its full name (server.domain.local for example) from the testing computer.
3. Last set up or check that DNS is talking to DHCP and that new pc assigned IPs by DHCP are also getting DNS records added.

 

Ahh it was very simple once it finally sunk in and the Server was much happier from the final result.

First thing id go to TCP/IP properties / Advanced / DNS and remove all IP addresses. That way it knows it's a root server on the network.

Then in DNS right click on the DNS server, select properties, Forwarder tab and add the ISP's DNS servers.
(Forwarders were never discussed in any documents I read. Unless I had it mixed up with Forward Lookup zones)

I created the Forward lookup zone and everybody is happy except the MACs

Error Logs are clean and the machine sped up 300%


Now,
Anybody want to take a stab at getting the MACs happy on the network for Browsing?
I pointed them to the router (Gateway) for DNS and they seem happy.

 

I've recently had an opportunity to play with an Exchange 2003 server (actually SBS 2003), and have found that setting up the server to deal with multiple domains is not at all straight forward (certainly far more difficult that it was on earlier versions of Exchange). It appears that you have to asign seperate IP address and/or ports for each SMTP domain which is a pain on a small network. With this in mind, I think there is a good case for keeping to one domain on small networks and dealing with the problem of accessing the external instance of the company's website in another way. Or of course, you could use an alternative e-mail system.