• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Server 2003 DNS Setup

G

goodlookin1

Junior Member
Hey guys,

Had a quick question on proper DNS setup for my office. We have a Windows 2003 Server setup as a fileserver right now and are using our Router to give out the DNS and DHCP. Our router is garbage and I would much rather control the network via the 2003 Server because it gives me so much more control over the network.

The problem comes when I setup the 2003 Server's IP to be controlling the DNS, the workstations email accounts in Outlook stop working. I believe this happens because the outside POP3 email server, incoming and outgoing (we'll say "xyz123.com") is the same exact domain as our inside local Domain (also "xyz123.com"). So when the workstation's primary DNS is pointed to our local Winders 2003 Server, the email is attempting to send and receive from the local Domain instead of using our ISP's DNS to resolve the IP of our outside POP3 Domain.

Does anyone know how to configure the local DNS to understand or distinguish between the inside (local) "xyz123.com" and the outside "xyz123.com"? Is it as simple as creating a forwarder to our ISP's DNS? I got it to work by getting the IP address of the outside xyz123.com, sticking that in the "incoming" and "outgoing" server boxes in outlook, but what if my Webhost changes the IP occasionally? I dont believe we're paying for a static IP on a shared webhosting solution.

Thanks.


P.S. - In case anyone is wondering why I want to do this, it's because upon logging into the domain in the morning, it takes 5-10 minutes to get past the "applying computer settings", due to bypassing the local domain controller and using the DNS of our ISP. When I change the Workstation's Primary DNS to point to our local DNS server, it logs in immediately.
 
You need to rename the domain. You domain is configured improperly if the workstations contain any DNS servers that are not Domain Controllers or Domain controlled DNS servers. I am pretty sure that 2003 has provisions to rename the domain. Internally (as you have found out) it poor practice to use a windows domain of anything.com, .net .org etc for this reason. Typically .local used for this. Renaming the domain to xyz123.local would be step 1 in resolving the issues. Forwarders are not the solution to your problem.
 
imagoon said:
You need to rename the domain. You domain is configured improperly if the workstations contain any DNS servers that are not Domain Controllers or Domain controlled DNS servers. I am pretty sure that 2003 has provisions to rename the domain. Internally (as you have found out) it poor practice to use a windows domain of anything.com, .net .org etc for this reason. Typically .local used for this. Renaming the domain to xyz123.local would be step 1 in resolving the issues. Forwarders are not the solution to your problem.
Click to expand...

Certainly are right about the naming. Fortunately, I dont feel so stupid because I wasnt the one that set this network up 😀. I thought about renaming the Domain to solve the problem, but I didnt know if I would have to re-setup the Active Directory for the users and so forth.....didnt wanna hafta do that. Will 2003 change all the necessary settings to cross over to the AD as well?

Thanks!
 
goodlookin1 said:
Certainly are right about the naming. Fortunately, I dont feel so stupid because I wasnt the one that set this network up 😀. I thought about renaming the Domain to solve the problem, but I didnt know if I would have to re-setup the Active Directory for the users and so forth.....didnt wanna hafta do that. Will 2003 change all the necessary settings to cross over to the AD as well?

Thanks!
Click to expand...

You don't need to reset it all up from scratch.

http://technet.microsoft.com/en-us/library/cc781575(WS.10).aspx

2003 and above had built in provisions for doing it.
 
goodlookin1 said:
Does anyone know how to configure the local DNS to understand or distinguish between the inside (local) "xyz123.com" and the outside "xyz123.com"?
Click to expand...

There is no way to distinguish between an internal and external "xyz123.com". People accessing "xyz123.com" will use whichever DNS server is authoritative for the domain. For your internal users, it will be your internal DNS server.

Setting up a split DNS environment is not really a recommended practice, but it can work if configured properly.

The easiest way to get your mail set working is to create an A record for your mail server in your internal DNS. For example, if you mail server is named "mail.xyz123.com" and has an IP address of 12.34.56.78, you would add an A record of "mail.xyz123.com" in your internal DNS. This way, it doesn't matter if your users are using your internal DNS or your ISP's DNS; they'll resolve to the same IP address.

Edit:

imagoon said:
You need to rename the domain.
Click to expand...

This is completely unnecessary and will probably lead to numerous unintended consequences.

imagoon said:
Internally (as you have found out) it poor practice to use a windows domain of anything.com, .net .org etc for this reason. Typically .local used for this.
Click to expand...

Using .local has its own issues. The recommended practice is to use a subdomain of the public-facing domain name (e.g. int.xyz123.com)
 
Last edited:
theevilsharpie said:
There is no way to distinguish between an internal and external "xyz123.com". People accessing "xyz123.com" will use whichever DNS server is authoritative for the domain. For your internal users, it will be your internal DNS server.

Setting up a split DNS environment is not really a recommended practice, but it can work if configured properly.

The easiest way to get your mail set working is to create an A record for your mail server in your internal DNS. For example, if you mail server is named "mail.xyz123.com" and has an IP address of 12.34.56.78, you would add an A record of "mail.xyz123.com" in your internal DNS. This way, it doesn't matter if your users are using your internal DNS or your ISP's DNS; they'll resolve to the same IP address.

Edit:



This is completely unnecessary and will probably lead to numerous unintended consequences.



Using .local has its own issues. The recommended practice is to use a subdomain of the public-facing domain name (e.g. int.xyz123.com)
Click to expand...

on renaming: Having done it, it was pretty simple. You have to do it during company acquisitions (at least where I did it we did that.)

on the sub domain thing: I have never seen it recommended that way ever. This doesn't mean that someone some place didn't recommend it someplace. .local had already been reserved in icann for 'never to be issued' so you can never conflict. Kinda like 192.168.0.0/24 etc.

edit: I should revise that... I only see that recommended when the company is internally hosting the public facing DNS servers. However even in those cases I still see many using internal names and basically using a selective forwarder to handle anything that needed to be seen 'publicly.' IE windows is whatever.company.local or just company.local and then a selective forwarder would handle company.com where typically a BIND / some linux based OS was doing split DNS so that "www.company.com" would report internal server names inside the co and the outside IP's for external people.
 
Last edited:
imagoon said:
on renaming: Having done it, it was pretty simple. You have to do it during company acquisitions (at least where I did it we did that.)
Click to expand...

Active Directory itself will function fine, but programs that rely on Active Directory having a certain domain name (e.g. Samba on a NAS device) or hosts that have a hard-coded FQDN will malfunction.

Renaming the domain is certainly doable, but it needs to be done by someone that understands how the Active Directory system is laid out and what will break in a configuration change. I don't think that someone who just figured out that they should be using their internal DNS server is that person.

imagoon said:
on the sub domain thing: I have never seen it recommended that way ever.
Click to expand...

http://support.microsoft.com/kb/909264
Domain Name best practices:
If the organization has an Internet presence, use names that are relative to the registered Internet DNS domain name. For example, if you have registered the Internet DNS domain name contoso.com, use a DNS domain name such as corp.contoso.com for the intranet domain name.
 
Yeah, typically, when setting up a domain, you'll do whatever.company.com or company.local. I tend to prefer the latter, though I'm not opposed to the former.

As to your problem, the easiest thing to do is to add a few A records in your forward lookup zone that match whatever they're supposed to be for the public Internet. There is no harm in doing this, though it can be a pain to maintain, especially if you don't contain the public-facing DNS servers.

Your clients and servers in a domain environment should only ever point to a DNS server hosting the primary zone or a secondary copy of the zone for your active directory domain. Clients and servers should never, ever point to an external DNS server, even as a secondary DNS server.
 
Thanks guys! I'll be working on the Server DNS setup next week....hopefully I dont run into any issues, but if I do, I'll definitely come back and ask!

Thanks again.
 
theevilsharpie said:
There is no way to distinguish between an internal and external "xyz123.com". People accessing "xyz123.com" will use whichever DNS server is authoritative for the domain. For your internal users, it will be your internal DNS server.

Setting up a split DNS environment is not really a recommended practice, but it can work if configured properly.

The easiest way to get your mail set working is to create an A record for your mail server in your internal DNS. For example, if you mail server is named "mail.xyz123.com" and has an IP address of 12.34.56.78, you would add an A record of "mail.xyz123.com" in your internal DNS. This way, it doesn't matter if your users are using your internal DNS or your ISP's DNS; they'll resolve to the same IP address.
Click to expand...

Yea I dont see why you'd go through the PAIN of trying to rename the domain, when you could simply add an A record on the internal DNS server, then update the clients to use mail.xyz123.com.

This should take only a few minutes, assuming you dont have many clients.

And yes, Active Directory really does need to use its own DNS server. Its good that you're doing this.

Renaming a domain is a last ditch effort. SO many things can go wrong so easily. In many cases, just starting over is easier.
 
I seriously have never had major issues doing it. I am not sure why you would be nervous. It is really a common occurrence when you buy companies.

As mentioned above anything with hardcoded settings might have issues but something Samba can handle the change with what amounts to one fine and replace in the config.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top