Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS question 1

Status
Not open for further replies.
MattWray

MattWray

Technical User
Joined
Nov 2, 2001
Messages
2,332
Location
US
I am a newbie adminning a win2k domain. My issue is with our DSL and DNS. We have SWB DSL and as of now our network gets DNS and IP's from our DSL router. I have just set up a new server and when I try to install active directory, it hangs up at the DNS point. Because we have no DNS server besides the router on the network. I am wondering if I have to install a 2nd NIC, or get another router, and if so the basic downand dirty of what to do.

Thanks!

Matt Wray
CCNA
 
Sort by date Sort by votes
AD requires Microsoft DNS (technically others, but I don't think it's worth it). You should be able to install DNS on your Win2K server. That doesn't mean that your workstations have to use it, but they could.
 
Upvote 0 Downvote
In my test network I have similar structure. If you set your server NIC for static IP, gateway set to the router, DNS set to the router and then install DNS it will try to find an external server that is authoritive for the domain "yourcorp.com." During my install this took a LONG time (15+ minutes) and came back with an error "Cannot find a DNS server that is authoritive for the domain yourcorp.com, setup will install DNS service on the server (recommended.)" I said OK and then it completed, rebooted, and was ready to go. Is there a lockup during your install, or is there communication to the DSL router the whole time? (I was ready to reset too, except I saw a lot of traffic over the WAN.)

Alex
 
Upvote 0 Downvote
I am thinking of installing a second NIC and using it to pull its info form the router. Then having all other computers point to the other NIC as a gateway. With routing set up onthe server to send traffic from one NIC to the 2nd NIC then to the internet. Does this sound correct? If so, it is very difficult to set up?
 
Upvote 0 Downvote
This is easy to setup, the WAN NIC is setup just like a normal router client (Dynamic IP...) this is cabled direct to the router. The LAN NIC is set with static IP, and DNS set to itself, get your DNS installed and then install DHCP on the server, perform a NAT setting through the RRAS service and you are running. When you get tired of the server, pull it and cable around it, your clients can then get IP from router DHCP, DNS info, etc. and never know the server is missing.

There are many posts about this in this forum.

Alex
 
Upvote 0 Downvote
Ok, i set up teh server wiht 2 NICs, DNS, NAT on the internet side card, and static IP on the local side. I joined a workstation to the new domain, but when I change his IP's it doesn't get out to the internet. Ping times out. I show teh server as the gateway on WS, and DNS server for WS. I am sure I missed something.

Matt Wray
CCNA
 
Upvote 0 Downvote
Did you get the NAT setup? If your server can access internet fine, then its getting the info from the router, so the WAN side card setup is fine. Performing the DNS test should tell you that the DNS server is forwarding correctly, so we can eliminate that. If the clients are getting dynamic IP from the server, gateway, and DNS addressing then DHCP is working.

From a post by peterve on setting up NAT:
Right click on RRAS in MMC, and choose 'enable Routing & Remote Access'
Select 'manual configuration' and click next until the setup has completed
After completion, right click on 'general' under the IP routing section, and choose 'New Routing Protocol'
Choose NAT from the list

Right click on 'Network Address Translation' under the IP routing section, and choose 'new interface'
All the interfaces, both logical & physical are listed here
First, select your public interface (=interface that has an public internet IP)

Set this interface to 'public interface connected to the internet' and check 'translate TCP/UDP headers'
Do the same for the internal interface, and set it's properties to 'private interface connected to private network'

Right click 'Network address translation (NAT)' and choose properties
Go to the address translation tab, and make sure the checkbox 'automatically assign IP addresses by using DHCP' is ENABLED
Check that the DNS settings are enabled and configured too.

Alex

 
Upvote 0 Downvote
If it is possible to turn off DNS and DHCP on your router read on:

I would install Active Directory integrated DNS on your w2k domain controller and set it up as a DNS Forwarder. The w2k domain controller will be authoratative for your domain and forward all other request to your ISPs DNS. You could also set up DHCP on the same server; I like to keep my domain controller clean so I wouldn't install too many application and services. Plug your router into a switch or hub as well as all your other machines so they can communicate with each other. Set the default route to the router and you should be finished. Make sure the DNS on your client machines points to the w2k domain controller.
 
Upvote 0 Downvote
You could pull the computer off the network, hook up to either a standalone client, or a hub with no clients. Then run DCPROMO.exe When you are finished with the install and DNS has been set up, hook up to the router. then in DNS delete the .zone, and then it will in a few moments allow you to add forwarders.Then add the Internet forwarders.
Have the clients look first to the server for DNS.
 
Upvote 0 Downvote
I have DNS and AD running. The clients are pulling DNS and IP's from the router. When I try to use DHCP off the server, the clients can pull ips and ping each other. But they cannot access the internet. The server can acces the internet. I hsve NAT running on both of the servers NICs. I tried deleting the DNS zone as stated above, but it did nothing about forwarding, simply deleted it. Is there any pros or cons about leaving the network getting its info from the router? What would be a good reason to have the server running the DHCP?

Matt Wray
CCNA
 
Upvote 0 Downvote
I'm sorry, I thought you had set this up dfferently. To use NAT as intended, your clients need to use the server as their DNS and gateway. If you connect the server directly to the router with the WAN NIC, it can be the DHCP client for the router. Now connect the LAN NIC to your hub/switch/clients so all internet traffic must pass through the server. Using the server DHCP to supply addresses, gateway, and DNS info to your clients will make it easier on you.
In this confiugration, if the server can acces the internet the the WAN card is getting info from the router correctly. Testing the DNS proves this is configured for forwarding properly. And if your clients are getting IP, gateway, and DNS from the server then DHCP is set properly. Setup this fashion I know that there would be a NAT configuration problem.
If your clients and the server are both connecting to the router as DHCP and DNS clients, then you have no need for a DNS server (except that AD requires this.) You should not use NAT on the server in this configuration, rather you must change each client to look at your server for DNS (not getting this from DHCP at the router.) Now the server and clients gateway through the router, but the server gets DNS from the ISP (forwarders) and the clients get this DNS from your server.

Alex
 
Upvote 0 Downvote
I think it is something with my DHCP. I set up with router to NIC 1 to NIC2 to hub. All stations can ping and see each other, teh server can access the internet, but it seems to be getting stuck between the two. In the DHCP scope, the gateway is wrong, but when I try and change it I get message target computer is not running DHCP? Is there a real benefit to setting it up like this, or should I stick with the router for DHCP?

Matt Wray
CCNA
 
Upvote 0 Downvote
You have no cable from the router to the hub I hope. Your gateway specified in Win2K server DHCP should be the Win2K server static IP for LAN NIC. Also your DNS server in the DHCP is your Win2k server static IP for LAN NIC. Did the DNS test work out?
Sounds like you are very close to getting this running...

Alex
 
Upvote 0 Downvote
In a corporate environment I have never heard of anyone using a router for DHCP. Many of my friends use DHCP for their home networks but not for a corporate entity. I am not saying this is wrong or cannot be done I am just saying I find it unusual. I usually want my router to route traffic, period; that is what they were originally designed to do and they do that task well.

Let's hypothesis, if for some reason your router is compromised, you lose everything. Your internal network will cease to operate. Especially, if you have a domain. Your client machines are dependent on DNS and DHCP. Putting mission critical services on your gateway is dangerous.

If you have a microsoft shop I highly recommend you use active directory integrated DNS and their DHCP. I have been using this without fail for years now and have never had a problem. If you are using a private address schema for your LAN, even better. Now your servers/workstations are once removed from the router and somewhat protected from the outside world.

Now you have the problem of what is going to be your gateway: the router or a server. The server option will be something like a proxy server which I do not recommend. I worked with proxy servers for 3 years and can honestly say they do not work well. A nice firewall would be a good gateway but I don't know your setup. Proxy stinks but if it's all you got go for it. I was in those shoes for awhile and I was happy to migrate my companies to Checkpoint Firewalls on Nokia boxes. Anyway directing all traffic to the router is not so bad but it leaves you more vulnerable in terms of security. Plug everything into a switch and make sure to set DHCP to assign IP addresses, SM, DG, and DNS. You are done.
 
Upvote 0 Downvote
Red7,
I think you have contrasicted yourself in that last post:
"If you have a microsoft shop I highly recommend you use active directory integrated DNS and their DHCP."

"Now you have the problem of what is going to be your gateway: the router or a server...Plug everything into a switch and make sure to set DHCP to assign IP addresses, SM, DG, and DNS."

These two statements are NOT compatable. Matt is trying to set up M$ AD (which requires DNS) and I have suggested DHCP to supply IP info to his clients. The best way to do this AND allow client access to the internet would be to place the server inside the firewall (or a NAT router) with one NIC and then connect a second NIC to a switch/hub where his clients are connected. In this fashion, all internet traffic will pass through the server, so I test for each in stages.
Step #1 - Does WAN NIC have good settings? The server needs to connect to the router somehow, and most routers/firewalls have own DHCP hosts, so let the WAN NIC be a DHCP client. Check that server can connect to internet and resolve names (surf the net.)
Step #2 - Did the DNS service get setup with correctly, and is it able to forward queries to ISP DNS? In DNS perform simple and recursive testing.
Step #3 - Is the server's DHCP passing IP address info to the clients? Use ipconfig /all or winipcfg to see DNS and gateway settings given from DHCP. Check that clients can ping each other by IP and name.
Step #4 - Did RRAS NAT service get setup correctly? Test if clients can ping internet hosts by name.

If all these steps check out, then you are good to go. If you are worried about security in this case, then your firewall/router isn't good enough.
In extreme security cases, I would suggest placing TWO dual homed servers after the firewall, first is member server still with DNS, DHCP, and NAT plus IP packet-filter software, second is AD server with DNS and DHCP. Now you could set one IP address scope in firewall, one IP address scope in packet-filter server, and your ordinary network scope in AD server. Anyone compromising the firewall, and the packet-filter server must be sitting at the desk NEXT to you, cause they are NOT coming in from outside.

Alex
 
Upvote 0 Downvote
I am not sure what the DNS tests you are refering to. Sorry, but I am still very green!

Matt Wray
CCNA
 
Upvote 0 Downvote
Go to the DNS manager and on the monitor tab there is a test now button. First make sure the check boxes are both selected, then press this. Its gives pass/fail for both tests.

Alex
 
Upvote 0 Downvote
Man, I got it! Changed the router and the DNS in the DHCP scope and BAM. Up and running! Thanks AlexIT and everyone!

Matt Wray
CCNA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
1K
suncit
suncit
fredmartinmaine
  • Locked
  • Question Question
Domain Controller without DNS Server
Replies
4
Views
1K
fredmartinmaine
fredmartinmaine
edgar28
  • Locked
  • Question Question
Question on Network cards - Windows Server 2019
Replies
1
Views
382
DrB0b
DrB0b
telecotek1
  • Locked
  • Question Question
strange DNS issue
Replies
1
Views
573
telecotek1
telecotek1
DrB0b
  • Locked
  • Question Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
411
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top