I need some assistance how to setup a local domain with all of my servers. I have 7 servers, all running WS 03 or 08. Each server has been named and provided static ip settings. Currently none of the servers are members of a domain.
On server 1 (S1), I installd Active Directory Domain Services and DNS Server. I created my domain, TPA.LOCAL. Now I need to add the other 6 servers to the domain.
Currently, the 7 servers are pointing to the DNS Server of the Data Center NOC, not my priary DNS Server S1.
Question 1: Should I first setup my Secondary DNS Server and point all 7 servers to my S1 and S2 DNS Servers rather than the NOC? (disclosure, none of these servers are running in production)?
If the answer to the above question is yes, then I assume adding the servers to the domain is just as easy as going into System > Server Name > and adding the server to TPA.LOCAL?
I hope you have a wonderful day. I'm not sure if I got your situation completely, but will try to look over possible variations.
1. It depends on the way how zone tpa.local is configured on your NOC DNS. If it is slave zone pointed to S1 (along with reverse lookup zone for IP of computers in that domain and rest of zones you need managed on S1), you can point S2-6 to NOC DNS. I personally prefer to have it set up that way. Otherwise, you have to point S2-6 to S1
2. Depends on the role of S2-6 in domain TPA local. If you want all they to be domain controllers for tpa.local, install relevant roles and run dcpromo.exe on each S2-6. If you want them to be just members of tpa.local, join them to the domain on each s2-6 exactly as you said. Remember that you'll need to enter credentials of domain administrator or user assigned to the Domain Administrators group.
Thanks for the response. I am really trying to achieve two things, (1) manage DNS from S1/S2 rather than the NOC DNS Servers and (2) configure a local domain (tpa.local) to manage S1-S6.
For my first issue, I understand that I need to point S1-S7 to my DNS Servers S1 and S2, rather than the NOC DNS Servers. That I get. It is the management of the DNS Server that I am struggling with. My first step in managing the DNS Srver was to create a local domain for my servers, just like computer workstatons connecting to a local domain. This is why I created the domain tpa.local. I was able to create this domain and add the Servers.
Now I am confused as to the relationship to my internet domains (i.e., mycompany.com). How does this relate to zones? How does this relate to tpa.local? I understand the management of RR's for a domain, but I do not understnd the relationship and management of that domain in the DNS Server for MS Server 08.
Okay, let's proceed with scenario when you S1-7 use DNS at S1 to resolve domain names. As far as I got now, you are concerned about ability of S1-S7 to correctly resolve local (for instance tpa.local) and Internet names (i.e. mycompany.com). The only thing that you need to make it work properly is to configure forwarders at S1. Log in with administrative privileges to S1, click Start->Run->dnsmgmt.msc . At the left panel, highlight DNS server if you have more than one, click Actions->Properties, go to tab "Forwarders". Click "Edit" and add your NOC DNS server. Click OK twice. Okay, what do you have now: members of tpa.local, along with every computer that uses DNS server at S1 for resolution, will be able to resolve names under tpa.local and every Internet name, like mycompany.com, webhostingtalk.com etc. For global names, DNS server will just load these zones from DNS NOC. Let me know if you came across any obstacles with this scenario.
So do I have to forward to my NOC DNS server? Can I bypass it completely?
Let's continue with a single domain, mycompany.com.
Currently mycompany.com resolves to the NOC DNS servers through the registrar (e.g., ns1.noc.com and ns2.noc.com). But if I changed the servers at the registrar to ns1.myserver.com and ns2.myserver.com, then I could bypass the NOC DNS server and not forward?
If this is true, then I create a new zone under my Forward Lookup Zones for mycompany.com, which is then where I create all of the Records (ie, SOA, NS, A, etc.)?
So the only DNS records I should need at the NOC DNS server are the named servers (i.e., ns1.myserver.com and ns2.myserver.com)?
Yes, you can bypass forwarding to NOC DNS completely. In this case you must prepare DNS server at S1 for a production use (make sure that DNS server at S1 listens on two different globally routable IPs from different C-classes, make sure that reverse lookup records for DNS IPs are set up as something that contain mycompany.com, like ns1.mycompany.com, make sure that you registered NS's at your registrar's control panel). Once it is done and all changes came into effect, create forward lookup zone at S1 for mycompany.com and change mycompany.com nameservers to ns1-2.mycompany.com. Since you don't want to forward to NOC DNS and use solely S1, at dnsmgmt.msc snap-in, at the same tab that I told above, you must check checkbox "Use root hints if no forwarders available". It should secure correct resolution of external domain names for all computers that use S1 as DNS server.
Ok, this is what I am looking to do but you may need to break it down into smaller pieces for me. Again, I have a test domain that I am hosting through the NOC DNS called zavikon.com. I then have mydomain.com, which is my site.
1. Prepare DNS server at S1 for production?
Could you break this one down for me at a micro level as I am not sure what you mean by listening to two globally routable IPs from different C-classes.
Having .com domain makes your task little bit easier For .com domains it is enough to have just one nameserver, so you need to
1. On S1, bind "external" IP address to any of the interfaces. Make sure that your network infrastructure setup allows access to DNS server at S1 from any external network (I.e. me from my location is able to connect to DNS server at S1 and query it for contents of forward lookup zones hosted on it)
2. Define reverse resolution record for dns server IP
3. Register DNS server at the domain registrar control panel
1. I assume you mean assign a static public IP to the server S1? - Yes
2. Is this a firewall setting that needs to be made? The server has Public IP adress assigned to it but it is behind my firewall. I have the standard ports open. - On the firewall make sure that ports 53 tcp/udp are open
3. You mentioned this in the previous post that I need to add two records that define my name servers (i.e., ns1.mycompany.com and ns2.mycompany.com).
- for .com names you need only one (ns1)
In regards to Forward Zone management, what is good practice of the hierarchy? What should my high level zone be? At what levels are the actual domains (i.e., zavkon.com, client2.com, etc.)? Does a forward lookup zone = a domain?
Thank you too Yes, it is regular practice of the hierarchy. You can set up as much forward lookup zones as your domains, i.e. one for zavkon.com, another for client2.com, it should allow you to manage all domain records with convenience. Have a good day!
Mikka, I am back to a confused state and it has to do with the local domain that I set up. I set up the domain TPA.LOCAL and included all of my servers in that domain. The problem is that my 2 NS records in the Reverse Lookup reference this domain, as S1.TPA.LOCAL and S2.TPA.LOCAL. Shouldn't the 2 NS records in be S1.mydomain.com and S2.mydomain.com?
From what I can determine, Active Directory will only let me create 1 domain, which is currently TPA.LOCAL. Shouldn't the 1 domain managed by AD be mycompany.com?
I'm glad to hear from you today, I hope you have wonderful day too! I think you can just rename tpa.local to mydomain.com, along with reverse lookup zone to preserve consistency. I've PM'd you some details on this.