Some background info in case it’s needed.
[ul]
[li]I have a DNS Internet connection.[/li][li]I have four computers hooked up to my modem/router combo.[/li][li]One computer is running Windows Server 2003.[/li][/ul]
I plan on making the 2003 computer a domain controller and adding a client. Of course to do that, I’ll have to add a DNS server role.
During one of my final college classes I was part of group which had to set up a domain controller and some clients. We needed to stay off of the college’s Internet connection and just connect the computers locally, but we somehow accidentally connected to the college’s connection and it screwed up the 2003 DNS server. The server pulled some information from the Internet connection and added it to its own. This screwed up the information we added manually.
My question is, what can I do to make sure that once I add the DNS server role that it won’t be affected by the LAN it’s on? I’m not too worried about it effecting the router or any computers on the LAN (except the client which I’ll add later). I want to make sure that only the client that I’ll be adding has anything to do with the DNS server on the domain controller.
I hope I didn’t poorly word any of that and confuse anyone :o.
Actually, I’m wondering now if when setting up Server 2003 in my class project we allowed Dynamic Updates and that’s why it pulled info from outside DNS servers. Maybe that’s what it was and not allowing Dynamic Updates will make sure everything goes OK.
If you dont want to query the root servers when you encounter non-known addresses then you need to disable recursion. You’ll find that option in the DNS setup.
Each client’s IP config has settings for DNS source. If a client is told to use the router as DNS source, it will be utterly unaware of your DC/DNS.
You do need to ensure you do not let the DC become a DHCP server. Typical soho routers are normally DHCP servers and do not like to turn that feature off. In many cases it can’t be turned off.
When you configure the DNS factlity on your DC, you’ll need to set it up to forward requests it can’t handle to the same place your router is configured to forward to.
You really really want to ensure the DC has a static IP from your router. the specifics of that depend on your router. If yuo have a real dumb one, it may be a matter of limiting the DHCP range to less than the full mask & then hard-setting the IP address of the DC outside that range. And get it’s DNS right.
Make sure you get the part above squared away before you dcpromo. It’s much easier to fix before the box becomes a DC.
Once you do have the DC running as DC, then …
Configuring your DC’s client (or clients pluural later) will be a bit non-standard, since you want to get an IP address from the router but DNS from the DC. Not hard, just go into the advanced section of the DNS tab of the client’s network connection(s) TCP/IP properties. There you can set “obtain IP address from DHCP” and also hard-set the DC’s IP as the DNS source.
In all, I wouldn’t be too worried about the mess you had at school. Unless you’re still at school and your router goes out through them. I’m assuming in your OP you really meant to write that you had a “DSL internet connection”, not a “DNS internet connection”.
Thanks for the help. I took basic and advanced client/server network classes and got good grades, but that didn’t mean much as our teacher, who knows his stuff, was terrible at teaching us.
Be careful here. It depends upon what the OP wants to do. If the OP wants to experiment with DDNS, then you probably do want the box to act as a DHCP server. You can then either turn off DHCP on the router, or - if you cannot - install a second NIC in the server and set up RRAS, with the server and router on one LAN and the server and the client PCs on the other.
OK, I set up the DNS server and made my Server 2003 a Domain controller. So far, so good.
The wanna-be client is Vista running in Virtualbox. My Vista machine has the Server 2003 computer as its DNS server and has full Internet access, so that’s working.
The virtual machine network is set up so that Vista appears to the modem/router as though it’s wired directly to it. Vista is on the same LAN as Server 2003 and the two can ping each other, so that’s working.
It took a while, but Server 2003 finally showed up on the list of network devices listed by Vista, and I was able double click it, provide user name and password, and see a couple of shared folders and a printer on the 2003 computer. So that’s working.
But I still cannot join Vista to the domain. I keep getting an error message that the domain name doesn’t exist. I set up the DNS forward lookup zone with the proper domain name, and I type in the proper domain name on my Vista machine. This is kind of frustrating, but I guess it’ll be good knowledge once I learn what’s going wrong.
After trying to find the domain, I tried NetBIOS name, which brought up Windows Security asking me enter the name and password of an account with permissions to join the domain. At first I was getting an error about multiple connections to a server weren’t allowed…but after a Vista reboot I try again and I finally got accepted into the domain. Go figure.
That makes three major problems that, after racking my brain and doing lots of Googling, they just go away on their own.
I ran across a problem recently (did MS change something?) where you could no longer join a domain unless it was within the broadcast domain. (Same subnet) Not sure what happened. It seems to have fixed itself within a week.
Two computers recognize each others’ names in 2 ways - either netbios broadcast (same subnet) or DNS (dynamic DNS and both machines put their names in the DNS). IIRC to do that they have to be in the domain. The router DNS will not contain extra AD info like domain names.
As long as some other DNS does not accept your DNS as “authoratative” for that domain you will not pollute the wide world with your DNS info. Unlikely behind a firewall/NAT router, and more impossible if you use an illegal domain - which is why the MS textbook recommendation is to use “mydomain.local”, i.e. rather than an internet-valid dot-com or dot-net type full domain name.
Your machine will use the 2003’s DNS if it is told that is its domain server. Warning - secondary DNS servers are IGNORED unless the primary is unreachable. However, some DHCP seems to delight in randomly handing out DNS1 or DNS2 of its choices as the primary. If you make the ISP DNS (or firewall) IP address as the secondary DNS “just in case”, you may accidentally find it the primary sometimes and not be able to find the server, since only the server DNS knows the domain addresses.
IIRC domains are advertised as a DNS name with a funny code attached. If the server was not your DNS, you should have found the domain via broadcast if on the same subnet.
So you can either run DHCP on router or on server. Does your router allow you to specify DNS options, and different from the router’s WAN link DNS? Good. Otherwise, use the Server for DHCP and DNS. The server then uses the router or ISP as its DNS for any addresses it cannot resolve (I.e. outside addresses).
I don’t need my 2003 machine to be a DHCP server. I can either leave that up to my DSL modem/router, or, as I have done, make my Vista address static. Also, if I were somehow to point any of my computers to 2003 as a DNS server, it sends unknown requests to my modem anyway. Vista only has 2003 as its DNS server and it gets full Internet access.