Setting up Active Directory and DNS

[Mickwish]

OK, I'm trying to fiddle with ADS on my home LAN. Not that it needs it, just for my own information.

I have an internal server running win2k Advanced Server. The LAN currently uses workgroup config, and accesses the net using an IPCop linux firewall/router. At present, I resolve DNS through IPCop.

Now, as I understand it, to set up ADS I MUST have a DNS server on a win2k server machine and create a FQDN for use. Firstly, is that right? Is there any way I can run a DNS server ONLY for the LAN, and still use IPCop to resolve for internet addresses??? Or some other way to make it work?? Does the FQDN for local use have to be internet registered?

I know this is a field all of it's own, but I'm trying to get a handle on how it could work for me.

Can anyone give me some tips, in posts less that 50 pages long or with some useful links? This is an area of networking I have yet to explore muich, so go easy on the acronyms and terminology, please.

Thanks
Mick

[M_Six]

You could set your DNS server to forward only. Set the forwarder IP to the IPCop DNS server. (I know it sounds weird, but the "forwarder" is the server you forward DNS requests to. In other words, the outside DNS server.)

And yes, you must have a DNS server to run AD, but it does not need to be a registered domain name. Make sure you set your firewall to block all incoming DNS requests.

[Mickwish]

Thanks M-Six. I will try that, but I hit a slight snag. It won't let me start the DNS service at all - something to do with root hints??? Any clues?

Thanks
Mick

[DVNT1]

Quote:

ADS I MUST have a DNS server on a win2k server machine and create a FQDN for use. Firstly, is that right?

no. But the DNS server must bsupport Service Locator (SRV) resource records (defined in RFC 2782). Some versions of BIND do this too.

Quote:

Is there any way I can run a DNS server ONLY for the LAN

yes (but why would you want to?)

Quote:

Does the FQDN for local use have to be internet registered?

no

[DVNT1]

oops, that last post took a while to finish (got side tracked )


Here's a decent AD link to start with http://labmice.techtarget.com/active...ry/default.htm

[DVNT1]

link on some DNS help http://support.microsoft.com/default...b;en-us;301197

[Mickwish]

Quote:

Originally posted by DVNT1
yes (but why would you want to?)

'Cause I'm a fiddlin' fool, that's why.

Actually I thought if I could use ADS and still use IPCop for DNS it would be easier. But maybe I would be better off using the win2k server box to do all DNS for me. If I can ever get DNS service started, that is.

Cheers
Mick

[vass0922]

make sure you delete the ROOT dns '.' ... you are definately not a root dns server

Sorry to inform you

[DVNT1]

Quote:

Originally posted by Mickwish
...I thought if I could use ADS and still use IPCop for DNS it would be easier. But maybe I would be better off using the win2k server box to do all DNS for me....

I would setup your LAN DNS to use the W2K DNS only, and have it resolve DNS using your ISP's DNS IP addresses listed in the Forwarders. Often this is the fastest way to resolve host names.

You could have the W2K server simply not resolve Internet hosts and put two DNS IP adddresses in your clients (W2k server as Primary DNS, and IPCOP as secondary DNS).

Quote:

Originally posted by vass0922
make sure you delete the ROOT dns '.' ...

..and instructions for that are at the bottom of the last link I posted

[Mickwish]

Ah, I think I found it. I installed ADS before I tried to coinfigure DNS. Am deleting ADS now, so will see if I can configure DNS after that.

Cheers
Mick