• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

DNS Server Help

K

killumanati

Member
Situation

I have a server running the following

Windows 2000 Server
Active Directory
DNS

I have this server setup as a domain controller for my primary domain that we will call domain 'x'
as such it is also the dns server for domain 'x'

I recently bought a new domain and I also wanted this server to be authorative for this new domain that we will call domain 'a'
I added a new forward lookup zone for domain 'a' but it will not resolve any address's from domain 'a'. It will only resolve address's from domain 'x'
I think that this issue may be due to the fact that my dns server is also my domain controller and maybe 2000 domain controllers will only resolve addess's of domains they are a domain controller for. And maybe a member server running dns would resolve address's from multiple domains??

Any Ideas??
 


<< I recently bought a new domain and I also wanted this server to be authorative for this new domain that we will call domain 'a' >>



Can you clarify this situation a little more for me Kill? I do 2k DNS setups all the time, so I can likely help you.
Do you mean to say that you have a public domain name (the one you just bought I guess) and you would like your DNS server to be authoritative for it as well?
Further, what type of zones are these? Standard Primary or Acitve Directory Integrated?

I suspect that your AD/DNS server is on a Private IP?
 
Yeah that exactly right. I bought a new public domain and I want my dns server to be authorative for it as well. I setup both domains to be active directory integrated. Also I tried setting up the domain I bought to be a standard dns zone, but that did not work either.

Just to clarify what happens is this. If I ping my name server which I registered when I setup the domain, it will respond ok. But If I was to go and make another host in the domain, even if it just an alias that points back to my name server it will not resolve the name.

thanks for the help



 
Well a DNS server that is authoritative for a public domain needs a public IP, for starters. In as much, I would not recommend using a DC. You don't want the box that is exposed to the net to be running AD if you can avoid it.
The way it should work, is that the company you bought the domain from would add a delegation record to thier DNS server. This record should point to your DNS server. The IP for your DNS server would need to be public for this to work.
The best setup would be the "split brain" model. The DNS server exposed to the net hosts your public domain and the DNS server on your private network hosts your private domain.
You could use one DNS server and muti-home it, telling each NIC to listen on only it's IP for DNS queries as well, but that can get messy.

As for being able to resolve new host records in the new domain, are you typing in the FQDN when you ping, or just the computer name you are trying to reach?
 
The server I am running this on has a public ip address and my dns server is setup to listen for requests on both of my interfaces
(private and public). I was thinking about doing just what you were saying and just create another dns server to host my public domain. I just didn't want to spend the cash on another PC to run it on...And yeah I typed in the FQDN of the PC i was trying to ping.

Thanks for the help.....
 
Ill have to check and make sure, but I think it puts a SOA record in a new doamin by default...I'll have to verify so that I can be 100% sure.
So you seem to be pretty knowledgable about NT/2000, are you an admin somewhere. I'm and MCSE 4.0 working on my MCSE for 2000..
 
I'm not a sys admin per say, but I could easily do the job. All of my work experience is focused on server side Win2k stuff. I'm an MCSE. I think the best things to concentrate on in 2k are Active Directory and DNS. None of the MCSE's I know are any good at this stuff, as it tends to involve alot of extra practise and learning.
80% of 2k server issues are DNS related. Being able to set it up efficently is really important if you want to be any good at it.
That said, the MCSE exams don't cover it nearly enough.

The SOA record should have been created by default, yeah.

You may be able to resolve the problem by configuring a forwarder. You can do this by right clicking the server object in the DNS snap in, and selecting the "forwarder" tab. Put in your ISP's DNS server as the forwarder.
This will allow your private network DNS server to pass on queries it is unable to resolve to your ISP's DNS. If everything is well, your ISP's DNS should eventully find the delegation record the company you registered your public domain name with created on thier DNS. That record should point to your public IP addy.
It creates a loop sort of, but it should work if I understand the situation correctly. If I could sit down at the box and see what was going on I could probably do it more efficently.
 
have the root servers entered your server as the authorized dns server for your domain? im not sure how long that takes. if they haven't yet then there wont be any way for somebody to find your dns server out on the net. also what saltin said, is what you should do <internet> <public dns> <firewall> <private dns> you can even have your private dns forward to the public dns for caching.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top