|
Home > Archive > microsoft.public.cert.exams.mcse > July 2002 > DNS Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I thought I understood DNS, but this is not working like I think it should.
Any suggestions, or corrections to my thinking?
Two computers, my home network.
=============================
Computer One
W2K Pro with ICS
LAN Settings:
IP 192.168.0.1
DNS 192.168.0.2
GW blank
Internet Settings:
IP 67.250.24.229
DNS 198.6.100.140, 198.6.1.140
GW 67.250.24.229 (strange, same as my IP, but that is the way ISP's DHCP set
it up)
==============================
Computer Two
W2K Server Domain Controller with DNS
Network Settings:
IP 192.168.0.2
DNS 192.168.0.2
GW 192.168.0.1
===========================
Now the problem. Running everything from Computer Two. Configured like
this, IE on Computer Two CANNOT resolve Internet Names, it can ping them
though. If I add the Internet DNS server from Computer One to the setting
for DNS server on Computer two and make it the first one, then I can resolve
Internet names and ping them. If I make it the second one, then I CANNOT
resolve Internet Names, but can ping them by ip address on the internet.
My question:
I thought that if server two had a dns server for the domain, and if it got
a request for say, www.microsoft.com, it would do a interative query to the
root domain ( . domain on the internet). Then go to the server specified
for the .com domain, get Microsoft info, then go to microsoft.com, and get
the info for www.microsoft.com. Then it would return this info to the
requesting dns client. What am I missing? It is an active directory
integrated DNS, does it have to be just a primary DNS server instead? If it
is configured with the Internet DNS server, wouldn't it make it look at the
Internet DNS server when trying to resolve local names?
Thanks for any info.
Jim
| |
|
| I will answer my own question now.
If I remove the "." domain form the forward lookup domains on my dns server,
it will allow me to then set a forwarder for my dns server, I then set this
to my ISP DNS server, and it works. What a pain.
Jim
"Jim" <junk@junk.com> wrote in message news:#OA7lytMCHA.1524@cpimsnntpa03...
> I thought I understood DNS, but this is not working like I think it
should.
> Any suggestions, or corrections to my thinking?
>
> Two computers, my home network.
> =============================
> Computer One
>
> W2K Pro with ICS
>
> LAN Settings:
> IP 192.168.0.1
> DNS 192.168.0.2
> GW blank
>
> Internet Settings:
> IP 67.250.24.229
> DNS 198.6.100.140, 198.6.1.140
> GW 67.250.24.229 (strange, same as my IP, but that is the way ISP's DHCP
set
> it up)
>
> ==============================
>
> Computer Two
>
> W2K Server Domain Controller with DNS
>
> Network Settings:
> IP 192.168.0.2
> DNS 192.168.0.2
> GW 192.168.0.1
>
> ===========================
>
> Now the problem. Running everything from Computer Two. Configured like
> this, IE on Computer Two CANNOT resolve Internet Names, it can ping them
> though. If I add the Internet DNS server from Computer One to the
setting
> for DNS server on Computer two and make it the first one, then I can
resolve
> Internet names and ping them. If I make it the second one, then I CANNOT
> resolve Internet Names, but can ping them by ip address on the internet.
>
> My question:
> I thought that if server two had a dns server for the domain, and if it
got
> a request for say, www.microsoft.com, it would do a interative query to
the
> root domain ( . domain on the internet). Then go to the server specified
> for the .com domain, get Microsoft info, then go to microsoft.com, and get
> the info for www.microsoft.com. Then it would return this info to the
> requesting dns client. What am I missing? It is an active directory
> integrated DNS, does it have to be just a primary DNS server instead? If
it
> is configured with the Internet DNS server, wouldn't it make it look at
the
> Internet DNS server when trying to resolve local names?
>
> Thanks for any info.
>
> Jim
>
>
>
>
| |
|
| I will answer my own question now.
If I remove the "." domain form the forward lookup domains on my dns server,
it will allow me to then set a forwarder for my dns server, I then set this
to my ISP DNS server, and it works. What a pain.
Jim
"Jim" <junk@junk.com> wrote in message news:O22MYttMCHA.1336@cpimsnntpa03...
> I thought I understood DNS, but this is not working like I think it
should.
> Any suggestions, or corrections to my thinking?
>
> Two computers, my home network.
> =============================
> Computer One
>
> W2K Pro with ICS
>
> LAN Settings:
> IP 192.168.0.1
> DNS 192.168.0.2
> GW blank
>
> Internet Settings:
> IP 67.250.24.229
> DNS 198.6.100.140, 198.6.1.140
> GW 67.250.24.229 (strange, same as my IP, but that is the way ISP's DHCP
set
> it up)
>
> ==============================
>
> Computer Two
>
> W2K Server Domain Controller with DNS
>
> Network Settings:
> IP 192.168.0.2
> DNS 192.168.0.2
> GW 192.168.0.1
>
> ===========================
>
> Now the problem. Running everything from Computer Two. Configured like
> this, IE on Computer Two CANNOT resolve Internet Names, it can ping them
> though. If I add the Internet DNS server from Computer One to the
setting
> for DNS server on Computer two and make it the first one, then I can
resolve
> Internet names and ping them. If I make it the second one, then I CANNOT
> resolve Internet Names, but can ping them by ip address on the internet.
>
> My question:
> I thought that if server two had a dns server for the domain, and if it
got
> a request for say, www.microsoft.com, it would do a interative query to
the
> root domain ( . domain on the internet). Then go to the server specified
> for the .com domain, get Microsoft info, then go to microsoft.com, and get
> the info for www.microsoft.com. Then it would return this info to the
> requesting dns client. What am I missing? It is an active directory
> integrated DNS, does it have to be just a primary DNS server instead? If
it
> is configured with the Internet DNS server, wouldn't it make it look at
the
> Internet DNS server when trying to resolve local names?
>
> Thanks for any info.
>
> Jim
>
>
| |
| _Mike_ 2002-07-24, 5:25 am |
|
"Jim" <junk@junk.com> wrote in message news:#s7jdLuMCHA.1524@cpimsnntpa03...
> I will answer my own question now.
>
> If I remove the "." domain form the forward lookup domains on my dns
server,
> it will allow me to then set a forwarder for my dns server, I then set
this
> to my ISP DNS server, and it works. What a pain.
Correct, the '.' means root. If your DNS server thinks it is the root, it is
not
going to look anywhere else to try resolve names.
Cheers
Mike
| |
|
| You don't have to set a forwarder to your ISP's DNS server to resolve names
outside of your local network.
Just make sure the "root hints" are present in your DNS server -- and yes --
you have to remove the "." domain from your DNS server for the root hints to
be present. Once the root hints are present, your server can resolve
everything.
That's how I set my test win 2000 domain up. Works fine. I don't resolve
via my ISPs DNS server and can surf the internet fine.
E
"Jim" <junk@junk.com> wrote in message news:#RhG2LuMCHA.1348@cpimsnntpa03...
> I will answer my own question now.
>
> If I remove the "." domain form the forward lookup domains on my dns
server,
> it will allow me to then set a forwarder for my dns server, I then set
this
> to my ISP DNS server, and it works. What a pain.
>
> Jim
>
> "Jim" <junk@junk.com> wrote in message
news:O22MYttMCHA.1336@cpimsnntpa03...
> > I thought I understood DNS, but this is not working like I think it
> should.
> > Any suggestions, or corrections to my thinking?
> >
> > Two computers, my home network.
> > =============================
> > Computer One
> >
> > W2K Pro with ICS
> >
> > LAN Settings:
> > IP 192.168.0.1
> > DNS 192.168.0.2
> > GW blank
> >
> > Internet Settings:
> > IP 67.250.24.229
> > DNS 198.6.100.140, 198.6.1.140
> > GW 67.250.24.229 (strange, same as my IP, but that is the way ISP's DHCP
> set
> > it up)
> >
> > ==============================
> >
> > Computer Two
> >
> > W2K Server Domain Controller with DNS
> >
> > Network Settings:
> > IP 192.168.0.2
> > DNS 192.168.0.2
> > GW 192.168.0.1
> >
> > ===========================
> >
> > Now the problem. Running everything from Computer Two. Configured like
> > this, IE on Computer Two CANNOT resolve Internet Names, it can ping them
> > though. If I add the Internet DNS server from Computer One to the
> setting
> > for DNS server on Computer two and make it the first one, then I can
> resolve
> > Internet names and ping them. If I make it the second one, then I
CANNOT
> > resolve Internet Names, but can ping them by ip address on the internet.
> >
> > My question:
> > I thought that if server two had a dns server for the domain, and if it
> got
> > a request for say, www.microsoft.com, it would do a interative query to
> the
> > root domain ( . domain on the internet). Then go to the server
specified
> > for the .com domain, get Microsoft info, then go to microsoft.com, and
get
> > the info for www.microsoft.com. Then it would return this info to the
> > requesting dns client. What am I missing? It is an active directory
> > integrated DNS, does it have to be just a primary DNS server instead?
If
> it
> > is configured with the Internet DNS server, wouldn't it make it look at
> the
> > Internet DNS server when trying to resolve local names?
> >
> > Thanks for any info.
> >
> > Jim
> >
> >
>
>
| |
| 70-228 2002-07-24, 8:25 am |
| "Eric" <eric@nospam.com> wrote in message
> That's how I set my test win 2000 domain up. Works fine. I don't resolve
> via my ISPs DNS server and can surf the internet fine.
Think about it this way: Who would you rather have resolving names for you
in a big environment. You over your nice expensive pipe or your ISP. Also
setting a forwarder and disabling recursion is better for security.
| |
|
| Well we are talking test environments here -- not a big environment.
For DNS testing and learning, I suggest have your LAN do it. He can play
with the logs and other stuff that way too.
E
"70-228" <Gibhal@kreunk.com> wrote in message
news:xqy%8.321271$om4.2844590@news.easynews.com...
> "Eric" <eric@nospam.com> wrote in message
> > That's how I set my test win 2000 domain up. Works fine. I don't
resolve
> > via my ISPs DNS server and can surf the internet fine.
>
> Think about it this way: Who would you rather have resolving names for you
> in a big environment. You over your nice expensive pipe or your ISP. Also
> setting a forwarder and disabling recursion is better for security.
>
>
| |
| 70-228 2002-07-24, 10:25 am |
| "Eric" <eric@nospam.com> wrote in message
> Well we are talking test environments here -- not a big environment.
It's not entirely clear what environment he's talking about from his
original question. He's talking about users not being able to talk to the
primary DNS server and incidents occuring when his Firewall was down. Sounds
worryingly like a production LAN to me. And even if it is a test LAN and
he's being attacked then choosing the more secure option would be wise.
> For DNS testing and learning, I suggest have your LAN do it. He can play
> with the logs and other stuff that way too.
I agree he should try both ways and learn about iteration and recursion,
masters and slaves etc. But not on a production LAN or when being hacked.
| |
|
| The thread that I started seems to have attached itself to a prior
thread with the same name. Strange. This is just a small network at
my home for testing and learning.
Jim
| |
| 70-228 2002-07-25, 4:25 am |
| "Jim" <jumpingjack82@hotmail.com> wrote in message
> The thread that I started seems to have attached itself to a prior
> thread with the same name. Strange. This is just a small network at
> my home for testing and learning.
Yeah just checked the dates. Freaky. I wonder if it's your news provider
that's been spitting out the weird reposts of ancient posts because that's
been a probably in the past (restarted half a dozen flame wars too IIRC
:-) ).
On your problem you really should avoid running ICS and DNS or DHCP on the
same network. ICS turns the computer it's running on into "DNS/DHCP lite".
You got it working at the moment because you are using static addresses on
the Server. If you had a 3rd PC and set it up as a DHCP client it would get
it's information from the ICS machine and it wouldn't look to the server for
DNS resolution. As you can imagine that would be a bit of a problem when
looking for srv type of records. You'd then be looking at configuring it
manually and theres the rub...
In short what I'm saying is that you can kludge together the stuff you have
and make it work but it doesn't scale. And since this is for learning you'll
need know that :-) The next step up from this is NAT in RRAS (in server OS
and up only) and would be suitable for a small business. Anything bigger
you'd look to better products like ISA server or many other firewall/NAT
solutions there are out there.
|
|
|
|
|