Questions

DNS setup advice

+
0 Votes
Locked

DNS setup advice

erickson147
I have a 2003 windows server acting as the domain controller and also running Active Directory for user and computer accounts, which requires DNS to be configured.

From the Windows 2003 server is a linksys router running the DHCP service which is connected to a Cisco router that supplies the ISP settings.

I have the server set to a static IP 192.168.1.2 and the DNS setup on the domain controller, but it takes about 5 minutes for a client to logon to the domain.

How do I need to configure the DNS service and Active Director on the server to speed up the login process?

Do I have to set up a forwarding zone to the ISP DNS?
  • +
    0 Votes
    Matthew S

    Someone with more relevant experience may provide better detail.

    My take based on past experience would be keep it simple, which means using Win2003 server to the max, and leave your routers to route:

    - Run DHCP on Win2003 Server (optional but cleaner, and enables dynamic mapping of AD objects, DNS entries (for clients) & IP addresses)

    - If you leave the Linksys DHCP running, you need to override the DNS server settings in the DHCP settings to point to your Win2003 Server (i.e. DNS set to 192.168.1.2) not your ISP's DNS services.

    - Set up DNS forwarding on Win2003 to your ISP's DNS servers or utlize a service such as OpenDNS (which I use and beleive is provides superior performance & results). Running DNS on Win2003 server will improve general DNS look-up performance because it will cache DNS look-ups, saving the latency of going out to your ISP's servers every time.

    Hope this helps.

    +
    0 Votes
    erickson147

    Thanks for the fast response Matthew. I'm going to be working on this configuration later this afternoon. I'm going to try using your suggestion of setting up DHCP on the Win2003 server, and creating a forward to the ISPs DNS. This should also help me with my faster logon response?

    If I leave my Linksys DHCP running and point to Win2003 server 192.168.1.2. I would still need to setup forwarding on the Win2003 server to the ISPs DNS? Correct?

    Since my Win2003 server is my DC and running AD would I be able to run a program such as OpenDNS?

    +
    0 Votes
    Dean Wheatley

    Just to add to Matthews post, OpenDNS is a web based service which you create a user account on and is extremely good imo. My suggestion would be to setup your DNS domain on your DC, along with DHCP. (Make sure you set you DNS to only use secure updates.)
    On your DHCP scope set your server IP address as the gateway, and DNS server, that way each client will have the same gateway and DNS settings.
    Using routing and remote access tell your server the address of the router as it's gateway. Then set your routers DNS to the openDNS or your ISP's DNS server.

    That should create a more secure and uniform environment. There may be better ways to do it but this ways has worked well for my network for over a year without issue.

    Hope this helps

    Dean

    +
    0 Votes
    erickson147

    HELP! I just can't get anything to work. I have read just about everything on the net. Now I can't add any clients to the domain.

    Here are my linksys router settings:

    ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : NTIGCPOS4
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base
    -T Controller
    Physical Address. . . . . . . . . : 00-1E-8C-6A-62-3D
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.105
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 216.165.129.157 216.170.153.146

    The router is running my DHCP

    Server 2003 settings:

    Static IP: 192.168.1.2
    Domain Name: NTI_Domain
    Server Name: NTIDC1

    This server is also my domain controller
    When I configured my AD I ran the DNS setup wizard.

    Is there anyway I can delete all forward zones and reverse lookup zones and start from scratch?

    +
    0 Votes
    CG IT

    in their DNS TCP/IP settings.

    What extension did you use for a domain name eg. .com/.net or a non routable .local?

    your linksys router is probably the real culprit since you are using 2 routers thus have 2 networks.

    Since your linksys router is running DHCP, you need to create options in DHCP for the default gateway [linksys router]. I believe the option # is 3.

    With that, clients now have the information for the default gateway.

    With DNS, queries not resolved by your DNS server should be forwarded to root hint servers on the internet.

    +
    0 Votes
    erickson147

    Currently my clients get DCHP from the Linksys router. So you are saying to add the servers IP to the linksys routers DNS entry?

    Forward zone: NTI_Domain (Domain Name)
    What settings do I need for this? I made a primary.

    Reverse Zone: not configured
    Forward: 216.x.x.x (ISP DNS)
    216.x.x.x (ISP DNS)

    Root: was never configured

    Can I delete these DNS entries and start from scratch? Also, I need to set the server to a static IP and put that as the DNS IP correct?

    +
    0 Votes
    erickson147

    Could this be causing an issue as well? The board is an Intel DP35DP desktop board and I read that the board doesn't support Windows server 2003 drivers?

    Sorry to all, but I walked into all of this mess.

    Thanks for all the help, it is much needed.

    +
    0 Votes
    CG IT

    here's the deal. workstations on the network must use the W2003 Active Directory domain controller which also has DNS service running on it as their preferred DNS server in TCP/IP settings of their network card. This is for Active Directory login purposes. This is most likely why it takes users a long time to log in. They don't have the correct DNS server listed to find your W2003 domain controller.

    The problem arises as to how are workstations going to get the information they need to find the AD Domain Controller? [and get to the internet[

    Since your router is providing DHCP services, you have to create options in DHCP to provide workstations with DNS information. I believe option 6 is for DNS servers.

    Another problem is configuring the default gateway. Again, you create an option in DHCP specifying the routers address as the default gateway .

    Now, I'm not sure if your consumer level Linksys router is capable of having DHCP options. If not, you'll have to resort to turning that off, using your Cisco router for DHCP which I know can have options, or using your W2003 Server as your DHCP server and going that route.

  • +
    0 Votes
    Matthew S

    Someone with more relevant experience may provide better detail.

    My take based on past experience would be keep it simple, which means using Win2003 server to the max, and leave your routers to route:

    - Run DHCP on Win2003 Server (optional but cleaner, and enables dynamic mapping of AD objects, DNS entries (for clients) & IP addresses)

    - If you leave the Linksys DHCP running, you need to override the DNS server settings in the DHCP settings to point to your Win2003 Server (i.e. DNS set to 192.168.1.2) not your ISP's DNS services.

    - Set up DNS forwarding on Win2003 to your ISP's DNS servers or utlize a service such as OpenDNS (which I use and beleive is provides superior performance & results). Running DNS on Win2003 server will improve general DNS look-up performance because it will cache DNS look-ups, saving the latency of going out to your ISP's servers every time.

    Hope this helps.

    +
    0 Votes
    erickson147

    Thanks for the fast response Matthew. I'm going to be working on this configuration later this afternoon. I'm going to try using your suggestion of setting up DHCP on the Win2003 server, and creating a forward to the ISPs DNS. This should also help me with my faster logon response?

    If I leave my Linksys DHCP running and point to Win2003 server 192.168.1.2. I would still need to setup forwarding on the Win2003 server to the ISPs DNS? Correct?

    Since my Win2003 server is my DC and running AD would I be able to run a program such as OpenDNS?

    +
    0 Votes
    Dean Wheatley

    Just to add to Matthews post, OpenDNS is a web based service which you create a user account on and is extremely good imo. My suggestion would be to setup your DNS domain on your DC, along with DHCP. (Make sure you set you DNS to only use secure updates.)
    On your DHCP scope set your server IP address as the gateway, and DNS server, that way each client will have the same gateway and DNS settings.
    Using routing and remote access tell your server the address of the router as it's gateway. Then set your routers DNS to the openDNS or your ISP's DNS server.

    That should create a more secure and uniform environment. There may be better ways to do it but this ways has worked well for my network for over a year without issue.

    Hope this helps

    Dean

    +
    0 Votes
    erickson147

    HELP! I just can't get anything to work. I have read just about everything on the net. Now I can't add any clients to the domain.

    Here are my linksys router settings:

    ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : NTIGCPOS4
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base
    -T Controller
    Physical Address. . . . . . . . . : 00-1E-8C-6A-62-3D
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.105
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 216.165.129.157 216.170.153.146

    The router is running my DHCP

    Server 2003 settings:

    Static IP: 192.168.1.2
    Domain Name: NTI_Domain
    Server Name: NTIDC1

    This server is also my domain controller
    When I configured my AD I ran the DNS setup wizard.

    Is there anyway I can delete all forward zones and reverse lookup zones and start from scratch?

    +
    0 Votes
    CG IT

    in their DNS TCP/IP settings.

    What extension did you use for a domain name eg. .com/.net or a non routable .local?

    your linksys router is probably the real culprit since you are using 2 routers thus have 2 networks.

    Since your linksys router is running DHCP, you need to create options in DHCP for the default gateway [linksys router]. I believe the option # is 3.

    With that, clients now have the information for the default gateway.

    With DNS, queries not resolved by your DNS server should be forwarded to root hint servers on the internet.

    +
    0 Votes
    erickson147

    Currently my clients get DCHP from the Linksys router. So you are saying to add the servers IP to the linksys routers DNS entry?

    Forward zone: NTI_Domain (Domain Name)
    What settings do I need for this? I made a primary.

    Reverse Zone: not configured
    Forward: 216.x.x.x (ISP DNS)
    216.x.x.x (ISP DNS)

    Root: was never configured

    Can I delete these DNS entries and start from scratch? Also, I need to set the server to a static IP and put that as the DNS IP correct?

    +
    0 Votes
    erickson147

    Could this be causing an issue as well? The board is an Intel DP35DP desktop board and I read that the board doesn't support Windows server 2003 drivers?

    Sorry to all, but I walked into all of this mess.

    Thanks for all the help, it is much needed.

    +
    0 Votes
    CG IT

    here's the deal. workstations on the network must use the W2003 Active Directory domain controller which also has DNS service running on it as their preferred DNS server in TCP/IP settings of their network card. This is for Active Directory login purposes. This is most likely why it takes users a long time to log in. They don't have the correct DNS server listed to find your W2003 domain controller.

    The problem arises as to how are workstations going to get the information they need to find the AD Domain Controller? [and get to the internet[

    Since your router is providing DHCP services, you have to create options in DHCP to provide workstations with DNS information. I believe option 6 is for DNS servers.

    Another problem is configuring the default gateway. Again, you create an option in DHCP specifying the routers address as the default gateway .

    Now, I'm not sure if your consumer level Linksys router is capable of having DHCP options. If not, you'll have to resort to turning that off, using your Cisco router for DHCP which I know can have options, or using your W2003 Server as your DHCP server and going that route.