Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Forward Lookup Zon 2

Status
Not open for further replies.
Zcript3r

Zcript3r

IS-IT--Management
Aug 22, 2001
94
US
When setting up a Forward Lookup Zone, how should one go about setting up the following options if they want to:

a.) Configure all Clients' DNS settings to point to the Windows 2000 AD Server on their Network so that . . .

b.) . . . the Win2K Server can forward all name resolution querries to the ISP Name Server . . .

. . . while also keeping it the most simple (I don't want to pull any zones down from the ISP, only want to be able to forward my requests to them).

I have the following options when setting up a new Forward Lookup Zone.

1.) Type of Zone
a.) Primary Zone
b.) Secondary Zone
c.) Stub Zone

2.) AD Zone Replication Scope
a.) DNS Servers in AD Domain
b.) DNS Servers in AD Forest
c.) Domain Controllers in AD Domain

3.) Zone Name

Can anybody send me in some direction concerning these settings?

Thanks,
Rob
 
Sort by date Sort by votes
Create a primary zone that is replicated to all DNS servers in the AD forest if all of your DCs are 2003. If you have a mix of 2000 and 2003 DCs that run DNS, choose C for replication.

Forwarding is done of the properties of the server in DNS, not the zone. Right click on the server name and go to properties, forwarders. Add the IP address of your ISP DNS servers.
 
Upvote 0 Downvote
Configure all Clients' DNS settings
Click to expand...
Done via DHCP. Set the options (either server or scope) for DNS, WINS, nameserver router, and whatever else you want.

only want to be able to forward my requests to them
Click to expand...
Set up the forwarders in DNS server properties. MMC | DNS snap-in | Properties of the server | Forwarders tab.
 
Upvote 0 Downvote
mlichstein,

I have done what you suggested, and that seems to work fine.

The only problem is that web sites seem to come up slower than they were before. Before I had a forward lookup zone with the name of my ISP, and it was configured with both of their DNS Server Names. After removing that, and just using the forwarding in the DNS Server Properties Forwarding Tab, it is definitely slower.

Any ideas as to why this might be? I am running Windows 2K3 Server, on a 2GHZ machine with 512MB RAM. Only a few clients, so really should be no problem.

Thanks,
Rob
 
Upvote 0 Downvote
512 ram bit low for a server, considering the cost of ram I would up it to 1 gig.
Disable all unnecessary services and remove unnecessary programs. Check you task manager for processes using excess resources, CPU\memory. For a small network network, under the local area connection, properties, File and Print Sharing for Microsoft Networks,properties, optimization, select "balance" (restart required)

Run Dcdiag.exe and Netdiag.exe, correct any problems.

On the forwarding, make sure you have "Do not use recursion for this domain", checked off for security reasons.

Dns servers is pointing to it's own IP address ?

You do not need the server names entries, just the ISP's DNS servers IP addresses in the Selected Domain's forwarder IP address list box, remove the names from the DNS domain box

All client machines should be pointing to your DNS servers IP address, not the forwarders

In the DNS console, in the view pull down, insure advanced is selected, you should see "Cached lookups" under your DNS server icon. The sites of visited web pages should be there, the number should be increasing with newly visited sites.

You do have a reverse lookup zone, and PTR records?

From experience place a third entry in the forwarder list pointing to a DNS server other than your ISP's name server, at the bottom of the list, just in case you ISP loses the servers or they screw up the servers somehow. This happened to me with Road Runner. Last June they changed the name servers over a weekend but failed to inform anyone, they change the IP address of both name servers (real nice).

Get Mark Minasi's Mastering Windows 2003 Server
 
Upvote 0 Downvote
technome,

Thanks for the help!!

One question:
You said
"On the forwarding, make sure you have "Do not use recursion for this domain", checked off for security reasons."

Does this mean "Do not use recursion for this domain" is checked, or unchecked?

Thanks,
Rob
 
Upvote 0 Downvote
It is checked. This causes the server to query the forwarders only(slaving), and if the query is not satisfied by the forwarders, your internal DNS server does not go roaming around the internet querying other DNS servers. This makes you dependant on your ISPs DNS uptime, hence the third or even 4th entry in the forwarding list, to another ISP.

In his book, Minasi explains this well on p 459 of the Windows 2003 server book

How is the speed ?
 
Upvote 0 Downvote
Speed is fine after running through your list! Thanks again!!
 
Upvote 0 Downvote
Glad the fixes work..
Minasi's book is great, basically eplains everything you need to know about AD, without boring you to death.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
905
suncit
suncit
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
813
fredmartinmaine
fredmartinmaine
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
411
telecotek1
telecotek1
evr72
  • Locked
  • Question
Wundows Server 2003 DNS can resolve names but not ip addresses
Replies
0
Views
187
evr72
evr72
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
410
rrmcguire
rrmcguire

Part and Inventory Search

Sponsor

Back
Top