How do I get our internal domain DNS to point to a different IP than outside DNS

Discussion in 'DNS Server' started by Saucer Man, Sep 12, 2008.

  1. Saucer Man

    Saucer Man Guest

    These are helpful. Thank you!

     
    Saucer Man, Mar 22, 2010
    #21
    1. Advertisements

  2. It's becoming clearer...but where do I create the new zone? I see I can do
    You create a forward zone under the Forward Lookup Zone. You create a
    reverse zone under Reverse Lookup Zones.
    That link also states in step 6:
    "As this is not an AD integrated zone, disable dynamic updates.
    "

    To me, in conjuntion with Step 3, that is erroneous and skewed. Whether
    the zone is AD integrated or not, it is NOT a factor for Dynamic
    Updates. Dynamic Updates feature is available on either type of zone.

    Remebmer what I said, AD Integrated or not AD Integrated is simply
    telling the system WHERE to store the zone data. So to me, that site is
    erroneous in it's claim regarding AD Integration in the context
    presented.

    I would prefer AD Integration because it will replicate the zone to all
    DC/DNS within it's Replication Scope setting, otherwise you would have
    to create secondaries.

    That depends on who answered that question. Since I can't see the whole
    thread, I will hold back on speculation.
    In the old Windows 2000 days, there was an "DNS becomes an Island"
    issue when using itself as the first, hence why many still hold that
    theory. However that was fixed with Windows 2000 SP3 years ago. The
    currently accepted method by many engineers, incuding Microsoft folks,
    is to set it to itself first, then a replica partner as the second,
    preferrably one in its own site, and if one does not exist in the site,
    choose one in another site connected by a fast link. Besides, you
    wouldn't want to select one in another site as the first anyway, due to
    lag time.
    I think there is a huge misunderstanding between the type of domain
    names AD can have and how AD works resolving AD resources. You have two
    names associated with a domain, the NetBIOS domain name (to support
    legacy clients and apps), and the AD DNS FQDN name. AD primarily uses
    the FQDN name (abc.com), but many legacy apps may use the NetBIOS name
    (ABC).

    If they were joined using the NetBIOS domain name, that's no problem,
    and was resolved using NetBIOS broadcast. The NetBIOS name has NO
    bearing on the AD DNS domain name in DNS. That has nothing to do with
    the AD DNS domain name. It's two different types of resolution.

    If you created the NetBIOS domain name in DNS, nothing will ever use it
    in your case. Keep in mind, when I first saw that name, it alerted me
    to the possibility that you may have a Single Label Name DNS Domain
    Name issue, which is NOT a good thing to have and complicated to fix.
    However, after seeing your config info and ADUC names, I am confident
    this is not the case. That is a good thing for you.

    Delete the single label zone. It's not needed.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit
    among responding engineers, and to help others benefit from your
    resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
    & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance,
    please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Mar 22, 2010
    #22
    1. Advertisements

  3. Saucer Man

    Saucer Man Guest

    OK. I still have a few Windows 2000 clients but that shouldn't make a
    difference if I delete the single label zone correct?

    When I reverse the IPs on the primary dns server so that it points to itself
    first, I do the same on the backup correct? That is, I reverse the ips so
    the backup dns server points to itself first.
     
    Saucer Man, Mar 22, 2010
    #23
  4. Saucer Man

    Saucer Man Guest

    I made the IP reversal change on the Name Servers Tab under the forward
    lookup zone in DNS. Do I also change it on the TCP\IP properties of the
    network adaptor on the servers itself so that both servers have their ip
    listed first?
     
    Saucer Man, Mar 22, 2010
    #24
  5. As I said, the zone is sitting there doing nothing. No machine is using it. You can delete it.
    The recommendation is all DCs point to themselves first.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 23, 2010
    #25
  6. I'm not following you. You changed what under the Nameservers tab?

    I was talking about the DNS settings the DC uses ONLY in IP properties. In DNS settings of the NIC, you set the first DNS address as itself. Choose another DC as the second.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 23, 2010
    #26
  7. Saucer Man

    Saucer Man Guest

    I'm not following you. You changed what under the Nameservers tab?

    I was talking about the DNS settings the DC uses ONLY in IP properties. In
    DNS settings of the NIC, you set the first DNS address as itself. Choose
    another DC as the second.

    Ace


    I misunderstood you. I made that change by right-clicking the
    abc-domain.local zone in DNS, selecting properties, selecting the Name
    Servers tab. I have my two DCs listed there and the BDC is listed first.
    It is listed first for bother servers.
     
    Saucer Man, Mar 23, 2010
    #27

  8. Oh, ok. You will want to leave the NameServers tab alone, unless there's an old entry that has to be removed. That indicates which servers are authorative for the zone, or the SOA (start of authority).

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 23, 2010
    #28

  9. Oh, ok. You will want to leave the NameServers tab alone, unless there's an old entry that has to be removed. That indicates which servers are authorative for the zone, or the SOA (start of authority).

    Ace




    I actually mean Nameservers on record, not necessarily the SOA. However, either way, you usually leave the Nameservers tab alone. :)

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 23, 2010
    #29
  10. Saucer Man

    Saucer Man Guest

    OK. Thanks for all the help. I am going to add the new forward lookup zone
    now.





    Oh, ok. You will want to leave the NameServers tab alone, unless there's an
    old entry that has to be removed. That indicates which servers are
    authorative for the zone, or the SOA (start of authority).

    Ace




    I actually mean Nameservers on record, not necessarily the SOA. However,
    either way, you usually leave the Nameservers tab alone. :)

    Ace
     
    Saucer Man, Mar 23, 2010
    #30
  11. You are welcome. Remmember to delete the single label zone.


    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 24, 2010
    #31
  12. Saucer Man

    Saucer Man Guest

    Since I made these changes last week, I am getting the following events
    logged in the DNS event log frequently...

    Event Type: Information
    Event Source: DNS
    Event Category: None
    Event ID: 5504
    Date: 3/27/2010
    Time: 9:56:08 PM
    User: N/A
    Computer: ABC-DC-1
    Description:
    The DNS server encountered an invalid domain name in a packet from x.x.x.x.
    The packet will be rejected. The event data contains the DNS packet

    The IP is not always the same. Do you know what's causing these?


    You are welcome. Remmember to delete the single label zone.


    Ace
     
    Saucer Man, Mar 29, 2010
    #32
  13. It depends on what's being queried. This error usually indicates an illegal character in the domain name itself. For example, an underscore is an illegal characters, but a dash is not. You'll have to pull a sniffer out to find out what's sending the query that is causing this. Read the following for more info:

    http://eventid.net/display.asp?eventid=5504&eventno=642&source=DNS&phase=1

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 29, 2010
    #33
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.