General discussion

Locked

DNS Server

By sharma_yashpal ·
We have installed windows 2000 PDC with AD integrated DNS server (not a registered domain) and a backup server to PDC. Backup server is configured with IP address of the PDC as primary DNS server. It?s synchronizes with PDC and everything works fine. Now we need to have access to Internet on backup server. For that we need to change IP address of the primary DNS server to the IP of our ISP DNS server (external). Here problem start. If we use the Internal DNS then we are not able to access Internet because it will not resolve to IP address or if we use the external DNS then backup server will not synchronize with PDC because it will not find the PDC using external DNS.

Please Help.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DNS Server

by edrossius In reply to DNS Server

Just let your internal DNS IP on the backup server (and on your PCs in LAN).
On the primary server, which is hosting the AD-integrated DNS, open the DNS console, go in the forward lookup zones. Delete the zone ".". Close the DNS console and open itagain. Right-click the name of your primary server and choose Properties. Click on the "Forwarders" tab and select the 'Enable Forwarders' check box. Now enter the DNS IP of your ISP.

What's going on now ? Internal resolution will be made of course by the primary server. When request to external domain will reach the internal DNS, it will understand it's not authoritative for that zone and will forward requests to your ISP DNS servers.

Hope this will help...

Collapse -

DNS Server

by sharma_yashpal In reply to DNS Server

Poster rated this answer

Collapse -

DNS Server

by d.walker5 In reply to DNS Server

Excellent answer. I'll only add, don't forget the security. Connecting a DC to the Internet without security is job suicide. At a minumum, update to SP4, run Microsoft's Baseline Security Analyer (http://www.microsoft.com/downloads/details.aspx?FamilyID=9a88e63b-92e3-4f97-80e7-8bc9ff836742&DisplayLang=en), harden the OS as suggested and install a hareware firewall.

Collapse -

DNS Server

by sharma_yashpal In reply to DNS Server

Poster rated this answer

Collapse -

DNS Server

by ctmoore1998 In reply to DNS Server

You must correctly configure your 2000 DNS this is what you do. Open DNS on the PDC you should see 2 zones a '.' zone and the zone for your internal domain. Right mouse on your internal domain and click on the forwarders tab, notice that it is greyed out and you can't put forwarders in, that is because your DNS is configured as a 'root' dns server. hopefully you started your domain name for 2000 with domain ie domain.company.com or have a registered domain or else you may be work around by disabling the register this connect in DNS in network properties. So delete the '.' root zone you will receive a message concerning the deletion of this zone so be sure that rest of you configuration is correct. Once the root zone is deleted you can go back into the zone properties and add forwarders these forwarders should be the IP address(es) for your ISP DNS servers. Now all workstations (including the PDC/DNS server) should have its DNS address pointed to the PDC/DNS IP addresses (note to set the PDC DNS servers IP address to itself make sure DNS addresses are blank and its default gw points at the internet access device {router/firewall} all other stations should have the PDC IP address as its primary DNS server address (also only dns server address needed) This should solve your problem. As once the forwarders are enable the DNS requests come to the server if it can't resolve the name it will pass it on to the forwarders (ISP DNS SERVERS) for resolution. IE 2000server.domain.company.com will be resolved by the PDC but www.yahoo.com will be passed on to the ISP DNS servers for resolution.

Collapse -

DNS Server

by sharma_yashpal In reply to DNS Server

Poster rated this answer

Collapse -

DNS Server

by sharma_yashpal In reply to DNS Server

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums