|
|
| blackwidow 2003-08-31, 4:08 pm |
| You install a brand new win2k domain on one DC, where you also place the win2k DNS service and create 50 new user accounts for existing employees. You reassign the DNS setting on all win2k pro machines to be pointed to your new win2k DNS service. After making all win2k pro machines part of this domain, users log in correctly.
On the win2k DNS, you type the IP of the ISP's DNS server as the forwarder (the network is connected externally through a T1 line). You ping the IP of the ISP's DNS from the win2k server and you get proper responses.
Will the users be able to browse the internet now? | |
| jay1140 2003-08-31, 5:03 pm |
| My guess- No.
You have just set dns for name resolution.
For internet the users need to be configured with proxy settings/ICS. | |
| blackwidow 2003-09-01, 1:07 am |
| quote:
You have just set dns for name resolution.
For internet the users need to be configured with proxy settings/ICS.
So companies cannot access internet without Proxy/ICS?
I hope people who are MCSA/CCNA/MCSE/etc can now really come forward and prove once and for all that experience beats books anytime.
 | |
| jay1140 2003-09-01, 1:14 am |
| So you say the users will be able to access internet....right? | |
| blackwidow 2003-09-01, 3:19 am |
| "So you say the users will be able to access internet....right?"..
I did'nt say yes or no.. I just asked another question.
| |
| Jonoplunk 2003-09-01, 12:23 pm |
| I would say that it all depends on what kind of access the user has to the outside world. If the user is behind a firewall, then provided his IP address has been given open access through the firewall then surely all he needs is to recieve the IP to Name resolution from the ISP's DNS Server via the internal DNS server? If the user does not have direct access out then I would say that he would need access to either a proxy, ISP or NAT server that in turn has access to the internet. I have a feeling that I am deviating again from the original debate.
Short answer would be in a normal corporate network, adding a Forwarder would not be the only step required for users to get Internet access. | |
| adam salam 2003-09-01, 1:52 pm |
| in my home network i have the same scinario, and all the family computer can access the internet.
my home network:
a w2k server serve as DNS, AD, DC
4 w2k pro client computers.
a DSL internet connection through Gateway/router. | |
| everetjo 2003-09-02, 3:10 pm |
| don't you have to delete the "." value in DNS to have your forwarding to work properly? | |
| blackwidow 2003-09-02, 7:37 pm |
| Applause for everetjo!
Hit right on the nail, because if after configuring a forwarder (and no mention of proxy etc even though i realize it may be an issue but then that would open up the scope of question to a whole lot of variables).. the "." zone needs to be checked and deleted. Otherwise the internal DNS with the "." zone thinks it is authoritative for the entire namespace and may not look at other DNS servers (external or internal) for domain names it does not host itself.
Now, as a sidenote, in some cases, a win2k DNS at install time may not create the "." zone (but that's a different issue).
 | |
| jarbob69 2003-09-09, 3:37 pm |
| Would depend on lots of things:
Is there a router/gateway on the network that knows how to get to the internet, that can properly translate addresses if the internal structure is private IP addresses?
Do the DNS server and all clients have this gateway configured as the default?
If the zone is AD integrated, the . zone may be installed by default, this would have to be removed.
If external network access is regulated by a proxy or firewall the appropriate permissions or rules would have to be configured. | |
| adam salam 2003-09-18, 10:48 am |
| quote:
Would depend on lots of things:
Is there a router/gateway on the network that knows how to get to the internet, that can properly translate addresses if the internal structure is private IP addresses?
Do the DNS server and all clients have this gateway configured as the default?
If the zone is AD integrated, the . zone may be installed by default, this would have to be removed.
If external network access is regulated by a proxy or firewall the appropriate permissions or rules would have to be configured.
this is the case in my scenario.
I have the "." root zone in my DNS server but still get to the internet.
quote:
Originally posted by everetjo
don't you have to delete the "." value in DNS to have your forwarding to work properly?
I tried to delete the "." root zone but I didn't find the delete command from the context menu, is there another way to delete it? | |
|
|
|
|