Win2k Server using DNS while behind a router?

T

travanx

[H]ard|Gawd
Joined
Apr 9, 2000
Messages
1,579
I am trying to setup a windows 2000 server with active directory. I still can't figure out how to get DNS to work with the router. Can someone give a good explanation on how to do this? Also what ip numbers do I use in what spots? Currently the router is 192.168.0.1, what do I use for the server machine to force it to do the DNS instead of the router? Or do I do this a different way?

Any guides would be great, besides the microsoft ones, since they are hard for me to follow without examples.
 
Oh yeah also wanted to say I am trying to connect a windows xp client to the domain controller. In case I need to configure something on the XP machine to see the DC dns. Thanks for any help.
 
Is this for a public or intranet dns server?

BTW "DNS on windows server 2000" by O'reilly books is very good.
 
For just the intranet. So I thought I set up the DNS and DHCP correctly and turned off the DHCP on the netgear router. It didn't work. Right now under DHCP on the server it says domainname.com[169.254.207.76]

then under that the scope I have at [192.168.1.0] not sure what that needs to be. Currently the router is 192.168.0.1. Under scope do I use similiar ip to the router?

Then once I get the DHCP set up properly what do i input for DNS? Under my tcp/ip I have for the server
IP:192.168.0.50
subnet 255.255.255.0
gateway: 192.168.0.1
preferred DNS: 192.168.0.150

that preferred DNS points to the ip of the server correct?
So mainly what are some examples of the numbers I would input into the DNS and DHCP for a default configured router??
 
Originally posted by travanx
For just the intranet. So I thought I set up the DNS and DHCP correctly and turned off the DHCP on the netgear router. It didn't work. Right now under DHCP on the server it says domainname.com[169.254.207.76]

then under that the scope I have at [192.168.1.0] not sure what that needs to be. Currently the router is 192.168.0.1. Under scope do I use similiar ip to the router?

Then once I get the DHCP set up properly what do i input for DNS? Under my tcp/ip I have for the server
IP:192.168.0.50
subnet 255.255.255.0
gateway: 192.168.0.1
preferred DNS: 192.168.0.150

that preferred DNS points to the ip of the server correct?
So mainly what are some examples of the numbers I would input into the DNS and DHCP for a default configured router??
Click to expand...

What is the complete name of the system? you should never set it to a top level domain for security reasons. Set it to .local
A few basic pointers... The server needs static ip and dns. so 192.168.0.50 is fine for it's IP gateway and subnet is ok set the dns to itself. in other words dns is going to be 192.168.0.50

As far as scope options go I would set it to something like 192.168.0.100-192.168.0.250

DNS doesn't need a whole lot of configuration for a local intranet. Just make sure it's not set as a root hints server. You can check this by opening up dns management and looking at the forward zones, if you have one that is set to "." then your set as a root server and that zone needs to be deleted. I also never set it to use forwarders.

Your remote systems should have the dns severs IP added into it.
 
the name is theserver.engr.com

ok i am going to try to mess around with those settings you mentioned. any chance you have settings that I could compare to? that way I get an idea of what goes where. also the dns doesn't have any "."

Ok got the DHCP part working. It was entering the DNS server into tcp/ip on the client. So now how do I know if DNS is working correctly? If I am able to get on the internet with the DHCP up the DNS should be working right?
 
one other thing. is there a way to make windows xp get the dhcp info without inputting the dns server into the tcp/ip setting?
 
Originally posted by travanx
the name is theserver.engr.com

ok i am going to try to mess around with those settings you mentioned. any chance you have settings that I could compare to? that way I get an idea of what goes where. also the dns doesn't have any "."

Ok got the DHCP part working. It was entering the DNS server into tcp/ip on the client. So now how do I know if DNS is working correctly? If I am able to get on the internet with the DHCP up the DNS should be working right?
Click to expand...

Exactly what settings do you need? To be honest with you, for local intranet you don't have to do anything. You did let windows configure the dns server when you promoted it, right?

My DNS is a public server for websites and is configured much differently than you need.

And on the XP box just set everything to dynamic. Now that DHCP is configured it will handle DNS for you.
 
Yeah I guess it works fine, just had to turn off the DHCP on the router. But I can only go on the internet if I put the server dns on the client machine. Otherwise the client wont go on the internet. But it does see the network. Thanks for your help, that solved my main problem.

Now with active directory whats the best way to share a folder? Or is it like normal where you right click and do share folder?
 
Do an ipconfig /all on the client system. DHCP should hand out the correct ip for the dns server. if not then I would look at the scope options in dhcp for proper address
 
Originally posted by travanx
But I can only go on the internet if I put the server dns on the client machine. Otherwise the client wont go on the internet. But it does see the network.
Click to expand...
It probably doesn't need DNS if you are talking to machines in the same subnet so that's why you need a DNS that knows what www.company.com is number-wise to get to internet sites.

Originally posted by travanx
Now with active directory whats the best way to share a folder? Or is it like normal where you right click and do share folder? [/B]
Click to expand...
Basically that's it. With AD you have the added option of putting domain users in your permissions and fine-tune those. The other big thing is "single sign-on" (if you can call it that) where you don't have to set up the same users on every single machine in your intranet. Remote management is also a plus.

Sorry for hijacking the thread, I do have a somewhat related question. If on my router I have all the information from my cable provider (DHCP'ed, ie. all dynamic), is there a way to set up an AD server to allow clinents to pick up on those and have the benefits of an AD-enabled network + ICS via the router?
 
If you've got DHCP handing out IPs to client machines and the clients are using the server for DNS, then you also need to enable DNS forwarders in the server itself.

The forwarders allow Win2k DNS to ask other DNS servers (internet) to resolve names that it does not yet know.
 
Originally posted by SJConsultant
If you've got DHCP handing out IPs to client machines and the clients are using the server for DNS, then you also need to enable DNS forwarders in the server itself.

The forwarders allow Win2k DNS to ask other DNS servers (internet) to resolve names that it does not yet know.
Click to expand...

SJ, that's not true! You do not need to configure forwarders. My dns server is authoritative for both internal and external lookups and I have no forwarders configured. Basically all you need to do is configure it to ask the root hints servers directly.


Basically rt click on the server itself in dns management and then click configure the server. add whatever info and zone data you want then it will get to this screen. Select no, it should not forward queries

dns.jpg

just finish the wizard and your all set
 
Originally posted by Stu Pidasso
SJ, that's not true! You do not need to configure forwarders. My dns server is authoritative for both internal and external lookups and I have no forwarders configured. Basically all you need to do is configure it to ask the root hints servers directly.
Click to expand...
So if your DNS server is not authoritative then you have to set fowarders...

Is there a problem going out to root hints servers all the time? Isn't it better to use the DNS supplied by your ISP?
 
Originally posted by Flying Fox
So if your DNS server is not authoritative then you have to set fowarders...

Is there a problem going out to root hints servers all the time? Isn't it better to use the DNS supplied by your ISP?
Click to expand...

There are way too many ways to configure dns to say yes to first question

You can go to the root hints as much as you want, that's what they are there for.
 
Is there a problem going out to root hints servers all the time? Isn't it better to use the DNS supplied by your ISP?
Click to expand...

Using your ISP servers has two benifits. One it lessens the load on the root servers and two they are likely to be much faster since they should be much closer to your own network.
 
Originally posted by Stu Pidasso
SJ, that's not true! You do not need to configure forwarders. My dns server is authoritative for both internal and external lookups and I have no forwarders configured. Basically all you need to do is configure it to ask the root hints servers directly.

Basically rt click on the server itself in dns management and then click configure the server. add whatever info and zone data you want then it will get to this screen. Select no, it should not forward queries

just finish the wizard and your all set
Click to expand...

Stu, what I stated is not necessarily wrong, nor does anyone have to configure it the way I stated, but this just happens to be one of the ways it can be configured.
 
Originally posted by SJConsultant
Stu, what I stated is not necessarily wrong, nor does anyone have to configure it the way I stated, but this just happens to be one of the ways it can be configured.
Click to expand...

I miss understood what you said. Sorry about that:)

Deuce, I don't see any speed difference at all. If you have a big enough network you should have a caching server anyways.
 
Since you guys are quick with answers. What is the best account to make that lets the client able to do whatever they want on their machine? This is mainly because one of the programs we use is a DOS one that uses a Dongle. Which seems to only work if I give them the Domain Admin account. Is there any other one to use? For now I dont mind letting them have access to anything they want to do on their own computer.
 
Originally posted by travanx
Since you guys are quick with answers. What is the best account to make that lets the client able to do whatever they want on their machine? This is mainly because one of the programs we use is a DOS one that uses a Dongle. Which seems to only work if I give them the Domain Admin account. Is there any other one to use? For now I dont mind letting them have access to anything they want to do on their own computer.
Click to expand...
I'm sure I don't need to tell you this is a big no-no.. :) You don't want them to add/remove network users at will, do you?

What you need is probably any account with local administrative rights, and by default when a machine joins a domain Domain Admins are part of the local Administrators group so that's why your setup works. Armed with that knowledge you can do a few things (there will be more I can't think of everything):
1. You can add the person's account in the local Administrators group on their machines. This is what a lot of companies do these days. Downsides are you have to set this up for all users that need to run this app and they cannot use the same program on another box that they are not configured as an administrator. Still not so good in terms of security though (the "assigned" person can do whatever they want).
2. Add a new user group in the domain and let that group be in the local Administrators group on the machines. You still have to run around the machines to configure but you just have to look for one group name instead of remembering who's using what machine, and users can go to another machine and inherit administrative rights. Problem is still giving them administrative rights to the machines (install malware, delete system files, etc.).
3. Test to see if Power Users group also work?
4. Do what a Unix environment is supposed to do, you only elevate privileges when needed. With Win2K/XP's "Run As" command, you can set up the shortcut to this special app to run as a specially created local administrative account. You probably still have to do this for all machines though, but I suppose not all your machines in the network have this strange dongle? But I haven't found a way to embed the password in a shortcut so you still have to disclose that password to the users. (Hmm.. may be not so good an idea after all...)
 
Yes basically all the machines have the stupid dongle. Its annoying and its an old dos program. :mad: So since I am putting together these machines right now, and will probably only add 1 or 2 more later down the road. I don't mind doing the setup on each computer.

I also don't mind letting the users have whatever control they need. As long as that stupid dos program works. Also as you can tell I am new to setting up the server. Its more to get this to work sooner than later and over time I can earn how to properly set this up.

You wouldn't believe how long I was trying to find a sentinel dongle emulator so I wouldn't need those dongles. The company doesn't support the software either and knows there are a ton of problems running it in anything beyond windows 95.
 
You must log in or register to reply here.
Back
Top