IT Employment

General discussion


Real World Windows 2000 and DNS Problem

By donnyr10 ·
Hi Guys
Were in the planning stages of Migrating our WIndows NT Domain
to Windows 2000, I have a few questions I want to slog out with you
Gurus her on the list.

FIrst it may be easier to give you some Background on the Network
12 NT Domain Controllers
200 Clients PC (95/9
50 Clients Mac
Proxy 2.0 on one BDC, gateway is the Router IP to the Internet...
Name Resolution - WINS no DNS.

Ok My question is this..
I know that we need DNS for Resolution in 2000
I am proposing a schemes like company.local for Internal DNS
I'll convert it to AD Integrated to take advantage of Multi Master
replication, I'll make sure and configure DynamiC updates
and DHCP to integrate with DNS, to update clients
(ALL PC Clients will be WIndows 2000)

How do we get 2000 DNS and Proxy to play together ??
Do I set up Proxy on a Member server ? where it doesen;t
have any Zone Information ?? My fear is that I don't want resolution
of External URLS such as, to be handled by the Internal
DNS Servers of company.local, but rather by the proxy 2.0 Server ..

Under NT it was simple, all clients was given the IP address of the
Internal Proxy Server as the Router (gateway), and therefore when
clients opened up IE , all requests were passed to the proxy,
has anyone had experience with setting up 2000 and DNS and proxy ??
I just want to get some opinions...

Thanks Much Guys in advance for the future dialogue.....


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

You Can Still Do The Same Thing

by buzz70_98 In reply to Real World Windows 2000 a ...

Your DNS should still seperate from your Proxy server. Both should be domain controlers. You should still keep the gateway as your Proxy server. It will work the same. It would help to have your WINS on the same server as your DNS. However, if all your workstations are going to be 2k pro, then you will not need WINS any more.

Collapse -

Use Proxy for Windows 2000 Server

by anthonybernardino In reply to Real World Windows 2000 a ...

I've actually had this near-identical scenario. I setup Proxy with DNS on the same server. I kept WINS internal. Hope this helps ...

Collapse -


by alket In reply to Real World Windows 2000 a ...

Hi, I am setting up a test lab for exactly this purpose. I actually do not want to have DNS on the proxy and so as a first step I setup an ISA server with an ISP IP on one card and an IP on the internal. Then I built two Win2K servers with DNS and they are on the internal subnet. Then I installed the proxy client on both these machines but the DNS is not working properly. My plan is to install AD on both these DNS servers and then add the ISA server to the win2k domain. Is there a reason why this is not working other than maybe a wrong config. by me? Thanks.

Collapse -


by donnyr10 In reply to re:

What Problems are yougetting with the DNS Servers in particular ??

Many things are possible, so just drop me a note and lets see if we can figure this out :)


Collapse -

The DNS test fails

by alket In reply to re:

Well, I haven't gotten far yet. When I try to test the DNS (from the test tab in properties for the DNS) it says it fails on both the server itself and forwarded queries. On the ISA server I have created a filter for allowing DNS queries to go out. I put a forwarded to the ISP Dns server, and added it into the root hints as well. (Question, the NIC for the DNS server, where should it point? Itself or the ISP DNS?) Thanks.

Collapse -

DNS seems to be fine but Can't add a DC

by alket In reply to re:

Well...finally DNS is working fine. Nslookup is querying fine and my two servers can access the net through the ISA server..happy about this. But...after I installed the first DC (with AD), I could add any machines to the domain, but I cannot add another DC, it gives me a domain not found..This is driving me nuts since DNS is playing fine, and in the AD wizard, when you browse for the domain, (which is my internal domain) shows up in the window..but the error says it can't contact the primary DC...????? Any ideas? Thanks

Collapse -

Internal DNS doesnt mess you up..

by skkzarg_death In reply to Real World Windows 2000 a ...

Your concerned with outgoing requests being handled by your internal DNS. I assume thats for security reasons (Reverse lookup, etc.)

Set up DNS and AD. DNS internal set to disallow dynamic updates and only allow the DNS to see the inside of your network. Set your clients to query it first, then secondary DNS will be thru your proxy/gateway. This keeps your interior network from being viewed. When a client hits the first DNS box, it will fail to resolve, and the request will be forwared to the secondary DNS, which resides outside your local network.


Collapse -

Last Update on my test works :)

by Shanghai Sam In reply to Internal DNS doesnt mess ...

Well, thanks for trying to help.

I actually got the whole thing working. So, basically I set up the ISA server (it could be MSproxy, a NAT server....) and on the internal subnet I installed two DNS servers, one primary one secondary with only (not registered)...I created host, NS, and PTR records(on the reverse lookup zone..the PTR-s) for all these three servers. Both DNS servers point to itself for DNS resolution (the DNS in the TCP/IP is set to point to the server itself). I enabled dynamic updates otherwise the AD doesn't function properly (ex. I couldn't add another DC to the Domain)...made my ISA server member of the domain. This all plays fine now. I guess I have to try and secure ISA as much as possible now....this is a matter for a new discussion.

Related Discussions

Related Forums