Creating your first forward lookup zone
I recently upgraded the 5 Active Directory servers to Windows 2008 R2 at my place of work. The Active Directory servers also serve as the enterprise?s DNS servers. Of course, there was a small catch from Microsoft that was yet again one of those ?why did they do this? situations. The issue itself was that we could no longer get certain sites on the web to load. Even trying to hit microsoft.com had issues, but more importantly we could not hit some of the financial sites we needed. After getting some time to research this and wasting some time troubleshooting, I came across the exact issue we were having and found out this dog had bit some others out there. The problem is with EDNS which stands for Extension mechanisms for DNS (which expands the size of several parameters for DNS). By default, EDNS is turned on on Windows Server 2008 R2 and the web is not quite ready for EDNS as myself and others found out the hard way. The solution is simple but took some digging to find. To fix the issue simply go to an elevated command prompt (right mouse click on command and choose run as administrator) and type ? dnscmd /config /EnableEDNSProbes 0 ? . Easy enough right? That will take care of the issue. Why Microsoft decided to turn this feature on when they knew the web (with a little testing) was not ready for it I do not know. Just another one of those quirky things to love about Microsoft. For further reading enjoyment and the lamenting of others on this issue go http://weblogs.asp.net/owscott/archive/2009/09/15/windows-server-2008-r2-dns-issues.aspx Thank you to Scott Forsyth for detailing this issue and getting it out there for the rest of us.
A rhetorical question (DNS service is required for Domains) but is it really appropriate for my new domain server to now be serving up addresses for every one of the thousands of banner ads and junk that our users need daily to do their internet browsing?
DNS is critical for a network infrastructure. Reverse zones are required for good troubleshooting of network issues. Without reverse zones, some apps do not work properly. DNS must have redundancy and be properly configured for a quick / stable network infrastructure.
All my clients smtp email is coming from my primary ip address?? Not sure what is causing this, I use have my own dns server now using through godaddy... Any ideas?
If you are on a Windows domain, you need at least one DNS server [2 is really required in case 1 drops]. Your DNS is primarily doing work internally. Wherever your DNS asks for checks, that server does the work.
Your DNS server is serving up no such addresses. You ever consider blocking ads and scripts? Locally, of course, so there are no lookups in the first place.
Unix Bind is what? Better? Easier? More robust? Either way it's not how you generally run DNS on Windows server...
Unless you want to remember a lot of IP addresses, which wouldn't even work consistently any longer for internet use.
I would like to suggest that you put all these pictures on one page or even put them as PDf download, it will be more readable this way. Thanks.
If you have only one public IP, then that is all there is. What does GoDaddy domain name hosting have to do with this article? edit: Oh, never mind, I see this is an old comment on a recycled article.
This may not be the forum for bringing us zombie victims up to speed. But I was told that every workstation should have one and only one DNS server entry - my windows server. Otherwise domain joining is impossible. Doesn't that mean all internet DNS queries will go to the server and it will send all unkown host names upline and then cache the answers?
DNS is not only to locate ip addresses. In a domain infrastructure, dns is used to locate services as well. A proper configured dns server allow quick user login. Even GPOs do not work or do not apply well if DNS is not properly configured. A poor or bad data in DNS can even give you serious problems with the Email infrastructure.
I'm not a DNS guru, but I know enough to suggest that folks who are new to DNS to NOT start by following these screens - no forwarder is setup (like OpenDNS) despite a forward zone was specified, there's a premise stated that most still use WINS even though WinServer 2008 won't work without DNS, (I noticed on image 13 it mentions Windows 2000 - is this just an updated slideshow?) and there is no mention of the tight integration of the WinServer 2008's DHCP is quite important to DNS health.
as to what you originally meant. Sure, the workstations should point to your DNS server(s) only. No, one should never mix DNS addresses in any environment. Doesn't that mean all internet DNS queries will go to the server and it will send all unkown host names upline and then cache the answers? Absolutely. Records will be cached until the TTL runs out. If this is what you mean by "serving up addresses for every one of the thousands of banner ads", then yes, your server is doing that. I don't think it inappropriate for a local resolver to do so. And, if the workstations are running the DNS client service, those records are cached at the workstation, and your server will not be queried. The browser cache also tends to eliminate such repeat queries as well. As to whether one finds the type and amount of advertising on the net to be appropriate, or just annoying, or a bandwidth hog, that is mostly a personal preference. Which is why, for reasons of efficiency, I suggest blocking such junk locally, at the browser. That way, nary a lookup is raised for such.