Domain Controllers

Discussion in 'Server Networking' started by Patrick Whittle, Aug 2, 2009.

  1. Basic AD DNS setup.

    Install DNS on the domain controller and point it to itself for DNS in the
    properties of TCP/IP. Do not use use the actual IP address. This
    is so the Domain controller can register it's SRV records in the DNS zone
    for your domain so AD clients using this DNS server can "find" the domain
    (remember the long time it took to add a computer to the was
    looking for those SRV records that wern't there). Once you changed it you
    saw how short a time it took.... Pointing the DNS server to your ISP, your
    server tries to register it's SRV record on your ISP's DNS server and they
    don't allow it. Nor do you want any of your private AD domain DNS records
    sitting on a public DNS server where the world can get to them.
    How To Install and Configure DNS Server in Windows Server 2003

    Point all AD clients to the DNS server setup for the AD domain ONLY. Do not
    put your ISP's DNS server's IP address as primary (on whole set of problems
    occur like you saw with the long time it took to add a computer to the
    domain.) and do not put your ISP's DNS server as alternate (this creates a
    whole other set of problems).
    Best practices for DNS client settings in Windows 2000 Server and in Windows
    Server 2003

    For Internet access setup the DNS server to forward to your ISP. This is the
    ONLY place on your AD domain your ISP's DNS servers should be Forwarders.
    How to configure DNS for Internet access in Windows Server 2003

    What you are trying to accomplish is to have ALL AD members (servers are AD
    members also) look to the DNS server setup for the AD domain so they can
    find the resources on your domain. Anything not on your domain ( the
    Internet) you want your DNS server to forward those requests to your ISP's
    DNS server.

    Danny Sanders, Aug 5, 2009
    1. Advertisements

  2. Patrick,

    According to your picture, the internal LAN interface of the router is set
    to DHCP. Yet you stated that you manually set a static address. Can you
    clear that up? Do you have a Visio of it?

    Also, I have never said, explicitly or implicitly, the following statement:
    All along, I've said that for all internal Active Directory members,
    including the domain controller itself, it must only use the DNS server
    installed on your domain controller. If you have more than one domain
    controller with DNS installed, use that as well.

    I've always also said to never use the ISP's DNS server on any internal
    Active Directory member. This is because all of AD's info is in it because
    AD registers that info into it. So if you used the ISP's for AD, AD then
    asks the ISP a question that it cannot answer, such as, "Where is my domain
    controller for my domain?" The ISP's DNS does not have that info.

    In addition, I'm not sure how you came to the following conclusion:
    ICANN has been around a long time, and some say they are the designers of
    DNS. Microsoft's DNS is based on the RFCs that define DNS. Microsoft just
    happens to have a DNS service, just like anyone else, and they are all
    compatible. Matter of fact, they can communicate with each other because
    Microsoft's DNS, as well as other DNS implementations (BIND, TreeWalk, etc),
    all follow the RFCs that define DNS, therefore they are compatible.

    And no, Microsoft did not mutate DNS. They simply designed AD around DNS and
    for AD to use DNS, no matter what brand name DNS server that's used
    (Microsoft or others) and not the other way around.

    Matter of fact, if you don't like Microsoft's DNS, you can use anyone one of
    the others, as long as they support SRV records, you are good to go. But
    whatever you use, you must only point to it for AD because that's what AD
    uses to store information so other machines can find AD resources.

    DNS is simply a database that can be queried. AD simply uses DNS to store
    Active Directory data in DNS.

    I hope that clears up any misconception about Active Directory and DNS.

    Danny also posted the same info Meinolf and I did. I hope it helps.

    Ace Fekay [MCT], Aug 5, 2009
    1. Advertisements

  3. Please see my response to the other thread by Patrick for the successful
    conclusion on this issue.

    Ace Fekay [MCT], Aug 7, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.