Stand Alone Internet DNS Only?

Discussion in 'DNS Server' started by Joe, Apr 10, 2006.

  1. Joe

    Joe Guest

    Hello,

    I am in need of some guidence here please.

    I want to set up a Windows Internet DNS server only to host web sites.

    However the only DNS that I have ever used is AD DC and I am wondering if I
    need to install AD to have these DNS servers answer queries on the Internet?

    Also since I have just used Windows DNS for internal AD DC how do I get the
    syntax example >> NS1.Mydomain.com I do however remember when setting up my
    DNS servers before that I made them >>> local.mydomain.name


    I have a registered domain already and is in use but not as a DNS FQDN.
    Also what is done with the Forwarders that usually get the ISP's DNS are
    they left blank? I am just trying to discxern for the two applications

    any help would be great thank you!
    Joe
     
    Joe, Apr 10, 2006
    #1
    1. Advertisements

  2. Joe

    Herb Martin Guest

    Make you life EASY and your DNS more reliable and
    correct:

    Leave your INTERNET DNS at the ***REGISTRAR***.

    For most companies (those without giant Internet presence)
    this is the right thing to do.

    If you setup your own DNS you really should setup TWO (or
    more) and you should place them on DIFFERENT subnets with
    multiple connections to the backbone etc.
    No, should you choose to ignore my advice above you can
    certainly use MS DNS as an ORDINARY (non-AD) DNS
    server.

    For an ODD reason in the case of one domain I do this myself
    (despite my usual advice).
    Generally you are going to create the zone that corresponds to your
    REGISTERED domain name, i.e., YourExample.Com and add the
    DNS server as the NS record with it's own A record then all of the
    other records (SMTP, HTTP, FTP etc.)

    BUT TRUST ME -- leave it at the REGISTRAR and you will be
    better off in practically all cases (especially for those admins who
    need to ask about this <really>.)

    The reason for the REGISTRAR (and not the ISP) is also that
    the registrars usually have all of the following advantages (over the
    common ISP setup):

    1) Web interface where YOU get to make your own changes
    (i.e., it's under YOUR CONTROL)

    2) Multiple high-speed connections to the Internet, fault tolerant
    hardware, true 24/7 support with someone who actually
    answers the phone AND can do something about your problems

    And you already paid for the service when you bought your domain
    name.

    If you don't have a better choice (for you) go with GoDaddy.com

    [The only issue I have really had with GoDaddy.com is their recent
    tendency (twice last month) to make SECURITY CHANGES without
    going through ANY CHANGE CONTROL process or notification.]
    FQDN really means that the name is fully specified INCLUDING the
    "." on the end, i.e., example.com. and not just example.com or serverName.

    If you have a Registered name you have a Domain Name and can
    qualify it as you like.

    If the name is currently held on the Registrars servers then LEAVE
    IT THERE (or consider returning it there.)
    Generally a PUBLIC DNS server (should you still wish to create
    your own) does NOT service client requests for names it doesn't
    hold (it neither recurses nor forwards) but only answers requests
    for it's *OWN* zone names.

    So, using forwarders is NOT an issue and you should generally
    DISABLE both "recursive and forwarded" requests in the Advance
    tab of the server. (DO NOT do this for internal DNS servers,
    although you MIGHT choose to check "Do not use recursion" on
    the forwarders tab IF you use forwarders.)

    Do you really want people to query YOUR server for resolving
    Google.com?

    If not, then DISABLE recursion (and forwarding).
     
    Herb Martin, Apr 10, 2006
    #2
    1. Advertisements

  3. Joe

    Joe Guest

    Herb Thanks for your help and insight.I really didn't expect that long of an
    answer but very much appreciated!

    I do use GoDaddy for my DNS and it works well but there is going to be a
    time (I believe) that I am going to need a set of external DNS and yes I am
    fully aware of needing two or more servers. And Yes you are correct web
    interfaces are very helpfull; Godaddy has one of the best.

    I already host plenty of sites and webmail along with two mail servers.
    As I mentioned I was more familiar with AD DC DNS and I do not see in the
    basic setup of server 2003 where it is throwing me off is I am ending up with
    the netbios ServerName. I am behind the routers SPI firewall and I was
    reading abou ports 135 and 53.

    So when or if? I set up my DNS I really need the answer to the
    NS1.mydomain.com syntax problem for me in my brain.

    I am familiar with A ,MX records and PTR and Domain keys and all that neat
    stuff.

    However I am unfamiliar on getting this Windows DNS server in the correct
    format for the internet.

    So would you be so kind as to help me?

    Thanks for your reply,

    Joe


     
    Joe, Apr 10, 2006
    #3
  4. Are you getting an event that says something like this DNS server has only a
    host name with no domain?

    This is happening because the machine does not have a Primary DNS suffix and
    it is pointing to itself for DNS. So when you create a new zone it creates a
    SOA record showing the servers host name as the Primary DNS server name.

    A DNS server should only point to itself if it hosting zones for its local
    network resolution. If the DNS server is hosting zones for public resolution
    you should not point it to itself.
    If it is hosting zones for local resolution then it can point to itself and
    you should give it a primary DNS suffix that matches a zone it can register
    its name and IP in.

    If it is a Domain Controller, the Primary DNS suffix must match the DNS name
    of the Active Directory domain it serves.
    257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
    Name
    http://support.microsoft.com/?id=257623&sd=RMVP


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Apr 10, 2006
    #4
  5. Joe

    Joe Guest

    Hello Kevin,

    Thanks for your reply.

    This is in the event viewer

    Event Type: Warning
    Event Source: DNS
    Event Category: None
    Event ID: 414
    Date: 4/9/2006
    Time: 11:13:09 PM
    User: N/A
    Computer: SLOVAUNWHITE
    Description:
    The DNS server machine currently has no DNS domain name. Its DNS name is a
    single label hostname with no domain (example: "host" rather than
    "host.microsoft.com").

    You might have forgotten to configure a primary DNS domain for the server
    computer. For more information, see either "DNS server log reference" or "To
    configure the primary DNS suffix for a client computer" in the online Help.

    While the DNS server has only a single label name, all zones created will
    have default records (SOA and NS) created using only this single label name
    for the server's hostname. This can lead to incorrect and failed referrals
    when clients and other DNS servers use these records to locate this server by
    name.

    To correct this problem:
    1) open Control Panel
    2) open System applet
    3) select Computer Name tab
    4) click the "Change" button and join the computer to a domain or
    workgroup; this name will be used as your DNS domain name
    5) reboot to initialize with new domain name

    After reboot, the DNS server will attempt to fix up default records,
    substituting new DNS name of this server, for old single label name.
    However, you should review to make sure zone's SOA and NS records now
    properly use correct domain name of this server.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    What I am gathering here is this must be a Domain Controller before I can
    proceed with any type of DNS?

    Does this help out for my poor expalinations.

    Thanks very much
    Joe

     
    Joe, Apr 10, 2006
    #5
  6. No, it does not have to be a Domain Controller to host DNS. In fact, I would
    recommend against it, unless you know exactly how it will affect the
    machine. But it still needs to be able to find its DNS name so it can create
    the proper SOA record.

    DNS servers need to be able to resolve their own names, and "host" is not a
    valid DNS name, give the machine a primary DNS suffix and it will then have
    a valid Fully Qualified DNS name.



    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Apr 10, 2006
    #6
  7. Joe

    Joe Guest

    Hello Kevin,

    This is where I am confused how can Slovaunwhite be resolved on the internet.
    There is no slovaunwhite.com registered so how would adding a suffix help me
    the name of the server will still be slovaunwhite. not NS1.slovaun.com which
    is registered

    This is my actual problem.

    This is a workgroup server and it's netbios name in "Computer name" in the
    system applet. so do I click "change" and add the suffix to a name that is
    not on the internet?

    Is there a tutorial on this somewhere? I looked for days before I came here.

    Could you please walk me through this step by step
    1
    2
    3 ?
    Please.
    Thanks Kevin.
    Joe

     
    Joe, Apr 10, 2006
    #7
  8. Joe

    Joe Guest

    Also by the way my DNS is not pointing to itself it never was.

    IP 192.168.1.3
    255.255.255.0
    192.168.1.254

    DNS 192.168.1.254
     
    Joe, Apr 10, 2006
    #8
  9. Joe

    Herb Martin Guest

    Then don't name it that. When you tell your registrar to
    set a zone (any zone, every zone) to have your DNS Server
    as a Primary or Secondary it is going to need the DNS
    name of that server AND the Address.

    These will be used to add the NS record (using the DNS
    name) and the A-record (If Necessary, i.e., the first time)
    to the PARENT zone, presumably .Com.

    Com (or whatever parent will want your servers DNS
    name so why not give it THAT name NOW. This name
    is SOMEWHAT arbitrary as long as it can be resolved
    on the Internet.

    It can be in a zone the server holds, or in a zone held
    elsewhere (it's the first case where you need both the
    A and the NS record, not just the NS).

    Go to the SYSTEM CONTROL panel and give your
    server a legitimate (read: resolvable) domain name.
    Make sure there is an A-record in that domain/zone
    for the particular server name: ns1.example.com
    (or whatever.)



    --
    Herb Martin

     
    Herb Martin, Apr 10, 2006
    #9
  10. Joe

    Joe Guest

    Hello Herb,

    I think I got this between posts messing with it. Still a few questions
    remain.

    1. I renamed the server madgig as it is in my registrar madgig.com
    2. I then added a suffix of com and rebooted the server.
    3. Now I have a server name of madgig.com which is a name that can be
    resolved on the internet.

    Next question where does the NS1 come from is this an A record I must enter
    into the DNS?
    Because you get the DNS MMC looking like this

    MADGIG
    + Forward Zones
    Madgig.com
    + Reverse Lookup Zones
    etc...

    When running the configure your server wizard you are asked for the Zone so
    what do you enter there? NS1?

    What about Glue for the DNS server

    Since I am behind a router what are the IP'S isp or C class from the router?


    Thanks again Herb
    Joe

     
    Joe, Apr 10, 2006
    #10
  11. Joe

    Herb Martin Guest

    I think I got this between posts messing with it. Still a few questions
    Then in general that is not the BEST choice of name (althogh legal).

    It should be something.Madgig.com (e.g., ns1.madgig.com or
    www.madgig.com) but it can be simple madgig.com TO OTHERS
    if you wish.

    But as a Windows machine it needs a "base name" AND a DNS
    suffix. So server (base name) plus the domain suffix is what
    you want to have in the System control panel.
    Probably a poor choice -- see above. Server1 with suffix of Madgig.com
    makes more sense (usually.)
    True -- as I said it CAN work.
    NS1 is JUST an example. It is common for DNS servers,
    especially on the Internet to be named nsX.example.com
    or dnsY.example.com etc. Not a rule nor even a suggestion,
    just an example.

    [Where X is some integer number.]

    Sort of like email servers on the Internet TEND to be named
    mailX, or smtp, or smtpX, or similar but again they can be
    named anything (consistent.)
    No, (see above) -- ns1 is just a SAMPLE name FOR the name server
    (name server #1) and would be the name on an A record in the zone.
    GLUE goes at the PARENT. When you ask the Registrar to
    set YOUR server (ns1.example.com) or whatever to be the
    authoritative server then this change gets made in the parent
    zone (e.g.: .com) so that those seeking your resources will
    find "." (the ROOT is written as DOT), then find the GLUE
    from the Root (".") to COM where they find YOUR GLUE
    for your zone.

    Glue records are NS records (and possibly the A record to
    go with it.)
    Ugh.

    [Stuff like this, and questions like this keep convincing
    me that your DNS BELONGS at the Registrar.]

    If your DNS server is behind a NAT (which what I think
    you mean above) then you MUST give the PUBLIC address
    of the (outside of the) router.

    If your DNS has a public address then give that instead.

    Of course if you are behind a NAT, you must setup your
    port forwarding (AKA: service definition, address mapping,
    port mapping, or something similar depending on the router
    vendor and version) to the DNS server.

    TCP and UDP port 53 from external requests mapped to
    those ports on the DNS server.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]

     
    Herb Martin, Apr 10, 2006
    #11
  12. Joe

    Joe Guest

    Herb thanks but I am no further than before

    I am so frustrated at this.Because I have done so much already

    I know how this sounds it sounds like I am an idiot.

    Questions like these are for a person setting up his first Microsoft DNS for
    External use. And there are NO tutorials like this excellent one here
    http://www.visualwin.com/AD-Controller/

    for a guy like me.

    However I am the gentleman who did the FrontPage Tutorials for this site and
    I manage more than you might think.

    Please go to www.dnsreport.com and do a DNS report on gethemail.com

    Notice no errors? Notice 2 MX records? Notice that I could have named them
    anything I wanted? such as MX01.gethemail.com or MX02.gethemail.com as you so
    stated. I am very familiar with this I also manage a block of public IP's and
    have no problem with this. And they are NAT'ed through a firewall and much
    more.


    However I cannot grasp (to save my life here) how to get a microsoft DNS
    prepared for the Internet.

    So is this why simpleDNS was created?

    Let's Scrap the whole thing
    Step one
    What should I name the server?
    How should I name the server

    Thanks
    Joe

     
    Joe, Apr 10, 2006
    #12
  13. Joe

    Herb Martin Guest

    You may be just flailing -- changing things without reason
    or understanding, and not keeping a record of exactly what
    you change and the results.

    Start a log of ALL changes and ALL tests. Write it down.
    (Preferably on the computer and not on paper, but be sure to
    No, it sounds like you are inexperienced.

    Either way, or even if you are a genius, those are just facts
    that really don't matter. The problem is still technical and
    can be solved through VERY EXPLICIT attention to detail
    and SIMPLICATION of the tests.
    There are probably millions of those -- certainly it's
    discussed in books like the OReilly "DNS and BIND"
    (and I am sure many online places.)

    This has been going on since LONG before Microsoft
    entered the IP & Internet business.
    Just like any other DNS server. From the OUTSIDE it is NO
    DIFFERENT.

    The online REAL difference are the GUI tool (DNSmgmt.msc) you
    use to set it up AND a (VERY) few details of the exact features
    versus other DNS servers (which likely make no difference for your
    purposes.)
    Not really easier. Your problems are NOT "MS related" but
    conceptual issues with DNS in general (i.e., lack of experience
    problably is the only real issue, but that lack is GENERAL DNS
    not Microsoft.)

    Anyone who understands DNS can use the MS GUI to perform
    the task just by clicking around.
    In the SYSTEM CONTROL Panel as far a THE server is concerned.

    In the DNS zone where it lives as far a DNS is concerned.

    In the PARENT zone give the NS and A record as far as the
    RECURSION/glue/parent is concerned.


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Apr 10, 2006
    #13
  14. Joe

    Joe Guest

    Ok Herb I am getting somewhere

    I cannot name the server it will not allow it in that format

    I chose DN1.madgig.com

    Where do I go from here. This is the actual problem

    Thanks
    Joe

     
    Joe, Apr 10, 2006
    #14
  15. Joe

    Herb Martin Guest

    Well, then it DID allow it in "that format" because that is
    precisely the form I recommended.

    You did that in the SYSTEM Control Panel right?

    Name woul be DN1 and DNS domain name (or suffix)
    would be madgig.com?
    Now, you must make sure it is listed in Madgig.com as
    DN1 with it's PUBLIC IP address AND that whenver
    you register a zone you provide THIS name and THIS
    IP as the glue record set (for this server.)

    Technically these names are pretty arbitrary. They
    key is to get is all consistent.

    AND notice that you will use the SAME GLUE record,
    i.e., SAME NAME no matter what ZONE you setup.

    THIS server now has a name you have chosen but it can
    hold the zones for dozens or even thousands of domain
    names.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Apr 10, 2006
    #15
  16. Joe

    Joe Guest

    Herb it will not allow this name

    The server will not allow me to name it the way you are asking me to.

    My method is this:
    1. start
    2. Right Click my Computer
    3. Computer Name Tab
    4.Click Change
    5.Then you see the name

    I tried to enter DNS1.madgig.com No go
    I tried to enter DNS1.madgig and No Go
    I then removed the DNS1. and just entered the madgig
    Then I clicked more and enterd a suffix of com.
    So I have a computer name of madgig.com NOT DNS1.madgig.com

    I cannot figure out how to chane this for the life of me.


    This is what is sending me off the deep end.
    I understand the entries into the DNS and that they need to be entered into
    the Registrar for my Domain. I knew this all along but I cannot get the dman
    server in order.

    Thanks : )
    Joe

     
    Joe, Apr 10, 2006
    #16
  17. Joe

    Joe Guest

    Ok Success! I got the naming thing down.

    Now do I go to my registrar and add an A record for DNS1 with the public IP?

    Thanks Herb for hanging in there

     
    Joe, Apr 11, 2006
    #17
  18. Joe

    Herb Martin Guest

    [Darn, I wrote a REALLY good answer and then Outlook
    crashed <grrrrr>]

    You have to get the NS and the A record to the PARENT
    zone -- you do that at the registrar but not in the zone they
    hold their (for you) -- that's worthless as soon as you change
    your glue records at the parent zone.

    NS maps domain name to the authoritive DNS Server name(s)
    A maps for each DNS server name maps to IP address of that server

    But you really should leave it at the registrar.

    REALLY!

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Apr 11, 2006
    #18
  19. Joe

    Joe Guest

    Actually I am going to leave it there I just needed to know how to do this.
    And quite frankly I still need a little more practice. I want to print this
    for my notes.

    lts go to step two
    Installing the DNS.

    Let's say I am running the configure your server wizard and now it asks me
    for the Zone and I select Primary and then it will ask again the zone name.
    In this box in my case what would I put here DNS1 or Madgig.com or
    DNS1.madgig.com?

    Thanks :) and to reassure you I am leaving it at the registrar. Much easier.

    Joe

     
    Joe, Apr 11, 2006
    #19
  20. Joe

    Herb Martin Guest

    The name of the ZONE (not the server.)

    So presumably that would be Madgig.com but tomorrow
    (or in a few minutes) you could add ANOTHER zone and
    call it pretty much anything you wish (that works for you)
    such as Madgig.loc, or Private.tst or even SomeDomain.com

    That server can hold as many ZONES as you wish.

    Each ZONE is roughly equivalent to what most people think
    of as a DOMAIN (but there is a slight different between the
    meaning of zone and DNS domain).
    Most of the work is done for you in that case.

    You now get to ADD your A records for things like
    WWW.Madgig.com or MX records for email server
    (and the A record etc.) or FTP or....

    If you just do that at the Registar like you (now) plan
    then they worry about hardware and backups and hackers
    trying to compromise the DNS service etc.


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Apr 11, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.