General discussion

Locked

Need opinion of DNS issue

By Sitizn Wille ·
I am going crazy trying to set up an addition domain controller.

Can anyone explain the difference between using dynamic updates and not using them. I understand that it auto updates the SRV records and things.
I guess I need to take up my old DNS and set it up again? Is there any problem in doing this.

Also,
It ask if I want to do dynamic updates, secure dynamic updates. I currently do not use dynamic updates which i think is what is causing me problems I addes a host record, but that didn't resolve my problem.
Should I be using dynamic DNS? Do I need to do the secure updates? Or is there something I need to add to my current setting to make this work?

I am at a total loss, I have been working on this for weeks now and although have made progress I still have have yet to make it work.
Thanks
Sitizn Wille

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Active Drectory DNS issue

by BFilmFan In reply to Need opinion of DNS issue

Is DNS running on the domain controller that is already in existence?

Collapse -

DNS

by Sitizn Wille In reply to Active Drectory DNS issue

Yes, active dir. is running on the existing dc, but not sure it is configured right. It is not set to do dynamic updates.
I have done dc promo on the 2000 box and it has become a dc. But the replication part is not working. Everything I read makes me think that it is a DNS issue?
Thanks

Collapse -

DNS

by Sitizn Wille In reply to Active Drectory DNS issue

Yes, DNS is running on the existing dc, but not sure it is configured right. It is not set to do dynamic updates.
I have done dc promo on the 2000 box and it has become a dc. But the replication part is not working. Everything I read makes me think that it is a DNS issue?
Thanks

Collapse -

Unresolved Questions

by nossedai In reply to Need opinion of DNS issue

1. Is the DC in question in the same Active Directory site as your DNS server?
2. If you drop to a command prompt on your admin workstation, and type nslookup, what do you see? The response should be something like:
Default Server: servername.domain.name
Address: x.x.x.x
> (prompt with a cursor)
If you get anything different than this, DNS isn't configured properly. Try:
http://support.microsoft.com/default.aspx?scid=kb;en-us;824449 (url may be wrapped.)

Also, go get the dcdiag and netdiag tools:
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en (again, the url may be wrapped.)

A good Microsoft DNS reference site:
http://www.microsoft.com/technet/community/columns/profwin/pw1200.mspx

HTH
nos

Collapse -

Unresolved Questions

by Sitizn Wille In reply to Unresolved Questions

Yes the Dc in question is in the same active directory as the DNS. The PDC runs DNS for the domain. The new dc (win 2000) does not run dns.

When I do a nslookup I get:
can't find server address for xxx.xxx.xxx.xxx: non-existant domain.
default server not available
Default Server: Unknown
address: it has the right addy

Can I just delete my current DNS without having any further issues and set it back up using the dynamic DNS?
Thanks
Sitinz Wille

Thanks for the info, I am reading though it and downloading the tools right now!!!!

Collapse -

DNS Configs

by nossedai In reply to Unresolved Questions

I would not recommend dumping your DNS server and building a new one, especially if it is an Active Directory integrated server.
I have seen your nslookup error. The network card(s) on the DNS server need to point to the local IP address of that DNS server (not the loopback address). In the mmc for DNS, the server properties > general tab should have the server's IP address. If this server is internet connected, there are other configurations to deal with, so for the moment, we will assume that your server is not. Your DNS server must have both a Forward Lookup Zone configured and also a Reverse Lookup Zone. If you installed DNS as a part of dcpromo, the Reverse Zone probably did not get configured. So once you add the Reverse Lookup Zone, you need to add PTR records, and "glue" those records to the Forward records. This is done by adding a PTR record, typing in the IP address, and click Browse by the host name field. Double click your server name > Forward Lookup Zones > yourdomain.name > and the click on the host name and click OK. Do this for your static-addressed hosts, then reload both zones; maybe even stop and restart the DNS server service. Your nslookup should now look right.

Accepting Dynamic updates should be enabled as a property on the DNS server; you should be able to just change it, you should not have to reinstall.
Look at the properties for your Forward Lookup Zone, there is a dropdown in the middle of the General tab.

Try this stuff, and find all you can from microsoft.com for DNS, you need to have it solid for Active Directory to be happy.

Regards,
nos

Collapse -

Getting Closer THANK YOU!!

by Sitizn Wille In reply to DNS Configs

You are my new favorite person!! :-)

I went and and did some reconiguring on the DNS mostly just set it to use dynamic updates and did a PTR record. The 2 domain controllers are now replicating and all of the xp workstations are being registered in DNS, which is o.k. i guess.. ?
Still haveing a few issues, but are very close now. The DC is connected to the internet, is there somthing I need to check for securing purposes?? I have not configured the reverse lookup yet, do I still need to? I am able to get on the web with a workstation so I think that it is forwarding o.k.
the nslookup still is displaying the same message, is this because of the reverse lookup thing?

Everything pases when doing netdiag, dcdiag, except for wins, which isn't configured.

Thanks!!!!!!!!!!!!
You have been most helpful!
Sitizn Wille

I am going to order a book on actice directory and a book and DNS, any comments on a good one?

Collapse -

A Couple of Things

by nossedai In reply to Getting Closer THANK YOU! ...

You are welcome.

When you mention "connecting to the Internet" I get very nervous; the first thoughts that come to mind are how quickly an unsecured/undersecured machine is compromised when directly connected.

It is my strong recommendation to employ a firewall between your server and the Internet(if your company doesn't have one already), be it an appliance like a PIX or a software firewall. Firewalls are an entirely different technology, and thus out of the scope of this discussion. Other security-related suggestions are a regularly-updated anti-virus solution, and an anti-spyware solution.

As far as Active Directory references, the Windows 2000 Security Technical Reference from Microsoft Press is a good start, they talk about how it works, and then how to secure it better. But after that, the options are wide open.

DNS - I have 'DNS and BIND' by Cricket Liu et al, but there is one oriented to Windows called 'DNS on Windows 2000'. Still by Cricket Liu et al, and very good. O'Reilly Press has that, but you can get them all from amazon.com cheaper.

Cheers!
nos

Collapse -

A Couple of Things

by Sitizn Wille In reply to A Couple of Things

We are connected to the internet, however I didn't metion that we are highly secured, router, firewall, IDS, ect.. sorry for the confusion.
I just wondered if there was anything in the DNS that need to be set differently, Read something somewere about Secure updates using Active Dir. I think mine is a primary zone and isn't AD intagrated.
Things seem to be looking up. Definitly not a Windows expert, i know more about routers and networking than servers, but need to learn ie the books and stuff.
Thanks for all your help, may post some more question on this thread if we encounter anymore problems.
Thanks again
Cheers
Sitinz Wille

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums