DNS server with internal IP

Hi,

heres my problem;

I have a single server (SERVER) to handle the following jobs (IIS,
DNS, AC, EMAIL, Fileserver, PrintServer)

The problem lays with DNS and AC

The network is as following;

1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
request to SERVER by the means of SERVER internal ip) -> SERVER

a- With DNS if i dont integrate it with AC and then attribute the
external ip (recgonized by the Router) to be the A Host (SERVER), i
have no problem with DNS..IIS etc... but seems to be a problem with AC
external connectivity.. (it seems that i need to have DNS integradet
with AC for AC to fully function).

b-When i integrate the DNS zone with AC (to solve the problem above)
even if i choose to do not allow updates, the IP of SERVER (that i
configured to be the external making no reference to this machine
internal ip) will be updated to its real IP, the internal. Resulting
in complete failure to connection from internet to this machine.


Tanks in advance.

Search for NETLOGON in this page http://support.microsoft.com/kb/246804
I really don't recommend to disable dyamic updates and I belive that you are
having a design problem with your DNS. You are trying to access that server
from the internet with the same name it has on the internal network, and by
using only the internal DNS. I belive this is your real issue.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader...lt2.asp?ref=au

"PauloPT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
>
> heres my problem;
>
> I have a single server (SERVER) to handle the following jobs (IIS,
> DNS, AC, EMAIL, Fileserver, PrintServer)
>
> The problem lays with DNS and AC
>
> The network is as following;
>
> 1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
> request to SERVER by the means of SERVER internal ip) -> SERVER
>
> a- With DNS if i dont integrate it with AC and then attribute the
> external ip (recgonized by the Router) to be the A Host (SERVER), i
> have no problem with DNS..IIS etc... but seems to be a problem with AC
> external connectivity.. (it seems that i need to have DNS integradet
> with AC for AC to fully function).
>
> b-When i integrate the DNS zone with AC (to solve the problem above)
> even if i choose to do not allow updates, the IP of SERVER (that i
> configured to be the external making no reference to this machine
> internal ip) will be updated to its real IP, the internal. Resulting
> in complete failure to connection from internet to this machine.
>
>
> Tanks in advance.
>

You cannot use the router for DNS if you are running AD. All AD machines
(including the DC itself) should be using the local DNS. To allow machines
on the private LAN to access external machines by name, set your local DNS
server to forward to a public DNS service. Then your local DNS can resolve
both private and public names.

I do not understand what you say about the server's external address. If
you are using NAT on the router, the server should not have an external
address. Only the router should have one.

"PauloPT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
>
> heres my problem;
>
> I have a single server (SERVER) to handle the following jobs (IIS,
> DNS, AC, EMAIL, Fileserver, PrintServer)
>
> The problem lays with DNS and AC
>
> The network is as following;
>
> 1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
> request to SERVER by the means of SERVER internal ip) -> SERVER
>
> a- With DNS if i dont integrate it with AC and then attribute the
> external ip (recgonized by the Router) to be the A Host (SERVER), i
> have no problem with DNS..IIS etc... but seems to be a problem with AC
> external connectivity.. (it seems that i need to have DNS integradet
> with AC for AC to fully function).
>
> b-When i integrate the DNS zone with AC (to solve the problem above)
> even if i choose to do not allow updates, the IP of SERVER (that i
> configured to be the external making no reference to this machine
> internal ip) will be updated to its real IP, the internal. Resulting
> in complete failure to connection from internet to this machine.
>
>
> Tanks in advance.
>

Bill Grant escreveu:
> You cannot use the router for DNS if you are running AD. All AD machines
> (including the DC itself) should be using the local DNS. To allow machines
> on the private LAN to access external machines by name, set your local DNS
> server to forward to a public DNS service. Then your local DNS can resolve
> both private and public names.
>
> I do not understand what you say about the server's external address. If
> you are using NAT on the router, the server should not have an external
> address. Only the router should have one.

So you mean i have to get a second machine to serve DNS linked
directly to the outside world so i can use the actual one to serve
only internal network (dns, AD)?

As for the external server ip ill explain better;

The router does have NAT, and i have it enabled, i have setup the nat
so all dns request goes directly to the server internal ip, but it
doesnt seem to work like i intendend cause when request for the
Authorituve servers of the domain you will et has a response the
internal ip, instead of the external ip (cause AD updates the machine
ip).

The way i had it before AD, was;
I setup the A record to "say" that SERVER Ip was the external ip,
while not being that at all, but it worked cause when the another
machine asked what were the authoritive hosts for the the domain we
host, it would get the external ip has a response, and then when it
tried to connect, the router nat would come in action. Making all goe
smooth.
Ad changes this by solely updating SERVEr ip to its true ip, (meaning,
the internal ip).
>
> "PauloPT" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> > Hi,
> >
> > heres my problem;
> >
> > I have a single server (SERVER) to handle the following jobs (IIS,
> > DNS, AC, EMAIL, Fileserver, PrintServer)
> >
> > The problem lays with DNS and AC
> >
> > The network is as following;
> >
> > 1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
> > request to SERVER by the means of SERVER internal ip) -> SERVER
> >
> > a- With DNS if i dont integrate it with AC and then attribute the
> > external ip (recgonized by the Router) to be the A Host (SERVER), i
> > have no problem with DNS..IIS etc... but seems to be a problem with AC
> > external connectivity.. (it seems that i need to have DNS integradet
> > with AC for AC to fully function).
> >
> > b-When i integrate the DNS zone with AC (to solve the problem above)
> > even if i choose to do not allow updates, the IP of SERVER (that i
> > configured to be the external making no reference to this machine
> > internal ip) will be updated to its real IP, the internal. Resulting
> > in complete failure to connection from internet to this machine.
> >
> >
> > Tanks in advance.
> >

No, you do not need an additional server to do DNS. Configure all of your
LAN machines, including the server itself, to use the local server for DNS.

On your DNS server, set it up to forward to a public DNS service. You
can use the one which your router uses if you like.

Now all DNS requests will go to your local DNS server, not to your
router. If the request is for a local machine or AD resource, your DNS will
respond directly. If it is for an external resource (such as a URL) your
server will forward the request to the external DNS server, then relay the
reply to the original requesting machine.

You are still using the router as your default gateway, but you are not
using it as a DNS relay. You are handling DNS yourself through your DC. DNS
relay is not compatible with AD.

"PauloPT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
>
> Bill Grant escreveu:
>> You cannot use the router for DNS if you are running AD. All AD machines
>> (including the DC itself) should be using the local DNS. To allow
>> machines
>> on the private LAN to access external machines by name, set your local
>> DNS
>> server to forward to a public DNS service. Then your local DNS can
>> resolve
>> both private and public names.
>>
>> I do not understand what you say about the server's external address.
>> If
>> you are using NAT on the router, the server should not have an external
>> address. Only the router should have one.
>
> So you mean i have to get a second machine to serve DNS linked
> directly to the outside world so i can use the actual one to serve
> only internal network (dns, AD)?
>
> As for the external server ip ill explain better;
>
> The router does have NAT, and i have it enabled, i have setup the nat
> so all dns request goes directly to the server internal ip, but it
> doesnt seem to work like i intendend cause when request for the
> Authorituve servers of the domain you will et has a response the
> internal ip, instead of the external ip (cause AD updates the machine
> ip).
>
> The way i had it before AD, was;
> I setup the A record to "say" that SERVER Ip was the external ip,
> while not being that at all, but it worked cause when the another
> machine asked what were the authoritive hosts for the the domain we
> host, it would get the external ip has a response, and then when it
> tried to connect, the router nat would come in action. Making all goe
> smooth.
> Ad changes this by solely updating SERVEr ip to its true ip, (meaning,
> the internal ip).
>>
>> "PauloPT" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>> > Hi,
>> >
>> > heres my problem;
>> >
>> > I have a single server (SERVER) to handle the following jobs (IIS,
>> > DNS, AC, EMAIL, Fileserver, PrintServer)
>> >
>> > The problem lays with DNS and AC
>> >
>> > The network is as following;
>> >
>> > 1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
>> > request to SERVER by the means of SERVER internal ip) -> SERVER
>> >
>> > a- With DNS if i dont integrate it with AC and then attribute the
>> > external ip (recgonized by the Router) to be the A Host (SERVER), i
>> > have no problem with DNS..IIS etc... but seems to be a problem with AC
>> > external connectivity.. (it seems that i need to have DNS integradet
>> > with AC for AC to fully function).
>> >
>> > b-When i integrate the DNS zone with AC (to solve the problem above)
>> > even if i choose to do not allow updates, the IP of SERVER (that i
>> > configured to be the external making no reference to this machine
>> > internal ip) will be updated to its real IP, the internal. Resulting
>> > in complete failure to connection from internet to this machine.
>> >
>> >
>> > Tanks in advance.
>> >
>

Bill Grant escreveu:
> No, you do not need an additional server to do DNS. Configure all of your
> LAN machines, including the server itself, to use the local server for DNS.
>
> On your DNS server, set it up to forward to a public DNS service. You
> can use the one which your router uses if you like.
>
> Now all DNS requests will go to your local DNS server, not to your
> router. If the request is for a local machine or AD resource, your DNS will
> respond directly. If it is for an external resource (such as a URL) your
> server will forward the request to the external DNS server, then relay the
> reply to the original requesting machine.
>
> You are still using the router as your default gateway, but you are not
> using it as a DNS relay. You are handling DNS yourself through your DC. DNS
> relay is not compatible with AD.

Heres the thing, that didnt solve the external requests to this server
services... AD is not able to receive any outside requests, it only
work within the local network. The problem still stick with everyone
else trying to connect to this machine (outside local network) will
receive this machine local ip instead of the external (so the router
could use nat to redirect to the machine), so unable to connect to it
from the internet.

Example:
SERVER
External IP. 81.100.100.100
Internal IP. 129.0.0.0

Now any local machine will be able to connect to the server using
129.0.0.0 (this is the ip registered in DNS)

External requests:
When any external machine request the Autoritive server for
example.com so it can connect to it, it will receive as an answer
129.0.0.0, making any connection impossible.

----

I did found a way.. but it may bring me some problems idk;

I set 2 IP´s (same network card) on the connection used by the server
to the router, being them the real ip (internal) and the external ip.
For DNS the 2 are valid so the machine is registered in DNS as having
those 2 IPS, on the example above the diference is that now, when
requesting the auhoritive servers for example.com the machine that
made the request will receive as response, 129.0.0.0 and
81.100.100.100 (seems to be always on this order). Now i guess that
the machine that made the request when failing to connect to 129.0.0.0
will always try 81.100.100.100 getting then a sucessfull connection,
but this may not be true. Any input would be greatly appreaciated,
again thanks for help.

>
> "PauloPT" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ps.com...
> >
> > Bill Grant escreveu:
> >> You cannot use the router for DNS if you are running AD. All AD machines
> >> (including the DC itself) should be using the local DNS. To allow
> >> machines
> >> on the private LAN to access external machines by name, set your local
> >> DNS
> >> server to forward to a public DNS service. Then your local DNS can
> >> resolve
> >> both private and public names.
> >>
> >> I do not understand what you say about the server's external address.
> >> If
> >> you are using NAT on the router, the server should not have an external
> >> address. Only the router should have one.
> >
> > So you mean i have to get a second machine to serve DNS linked
> > directly to the outside world so i can use the actual one to serve
> > only internal network (dns, AD)?
> >
> > As for the external server ip ill explain better;
> >
> > The router does have NAT, and i have it enabled, i have setup the nat
> > so all dns request goes directly to the server internal ip, but it
> > doesnt seem to work like i intendend cause when request for the
> > Authorituve servers of the domain you will et has a response the
> > internal ip, instead of the external ip (cause AD updates the machine
> > ip).
> >
> > The way i had it before AD, was;
> > I setup the A record to "say" that SERVER Ip was the external ip,
> > while not being that at all, but it worked cause when the another
> > machine asked what were the authoritive hosts for the the domain we
> > host, it would get the external ip has a response, and then when it
> > tried to connect, the router nat would come in action. Making all goe
> > smooth.
> > Ad changes this by solely updating SERVEr ip to its true ip, (meaning,
> > the internal ip).
> >>
> >> "PauloPT" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed) oups.com...
> >> > Hi,
> >> >
> >> > heres my problem;
> >> >
> >> > I have a single server (SERVER) to handle the following jobs (IIS,
> >> > DNS, AC, EMAIL, Fileserver, PrintServer)
> >> >
> >> > The problem lays with DNS and AC
> >> >
> >> > The network is as following;
> >> >
> >> > 1 cable modem (static IP) -> Router (with Nat, suposed to pass all DNS
> >> > request to SERVER by the means of SERVER internal ip) -> SERVER
> >> >
> >> > a- With DNS if i dont integrate it with AC and then attribute the
> >> > external ip (recgonized by the Router) to be the A Host (SERVER), i
> >> > have no problem with DNS..IIS etc... but seems to be a problem with AC
> >> > external connectivity.. (it seems that i need to have DNS integradet
> >> > with AC for AC to fully function).
> >> >
> >> > b-When i integrate the DNS zone with AC (to solve the problem above)
> >> > even if i choose to do not allow updates, the IP of SERVER (that i
> >> > configured to be the external making no reference to this machine
> >> > internal ip) will be updated to its real IP, the internal. Resulting
> >> > in complete failure to connection from internet to this machine.
> >> >
> >> >
> >> > Tanks in advance.
> >> >
> >

On Mar 7, 5:51 pm, "PauloPT" <ebe...@sapo.pt> wrote:
> Bill Grant escreveu:
>
> > No, you do not need an additional server to doDNS.Configureall of your
> > LAN machines, including the server itself, to use the local server forDNS.
>
> > On yourDNSserver, set it up to forward to a publicDNSservice. You
> > can use the one which your router uses if you like.
>
> > Now allDNSrequests will go to your localDNSserver, not to your
> > router. If the request is for a local machine or AD resource, yourDNSwill
> > respond directly. If it is for an external resource (such as a URL) your
> > server will forward the request to the externalDNSserver, then relay the
> > reply to the original requesting machine.
>
> > You are still using the router as your default gateway, but you arenot
> > using it as aDNSrelay. You are handlingDNSyourself through your DC.DNS
> > relay is not compatible with AD.
>
> Heres the thing, that didnt solve the external requests to this server
> services... AD is not able to receive any outside requests, it only
> work within the local network. The problem still stick with everyone
> else trying to connect to this machine (outside local network) will
> receive this machine local ip instead of the external (so the router
> could use nat to redirect to the machine), so unable to connect to it
> from the internet.
>
> Example:
> SERVER
> External IP. 81.100.100.100
> Internal IP. 129.0.0.0
>
> Now any local machine will be able to connect to the server using
> 129.0.0.0 (this is the ip registered inDNS)
>
> External requests:
> When any external machine request the Autoritive server for
> example.com so it can connect to it, it will receive as an answer
> 129.0.0.0, making any connection impossible.
>
> ----
>
> I did found a way.. but it may bring me some problems idk;
>
> I set 2 IP´s (same network card) on the connection used by the server
> to the router, being them the real ip (internal) and the external ip.
> ForDNSthe 2 are valid so the machine is registered inDNSas having
> those 2 IPS, on the example above the diference is that now, when
> requesting the auhoritive servers for example.com the machine that
> made the request will receive as response, 129.0.0.0 and
> 81.100.100.100 (seems to be always on this order). Now i guess that
> the machine that made the request when failing to connect to 129.0.0.0
> will always try 81.100.100.100 getting then a sucessfull connection,
> but this may not be true. Any input would be greatly appreaciated,
> again thanks for help.
>
>
>
>
>
> > "PauloPT" <ebe...@sapo.pt> wrote in message
> >news:(E-Mail Removed) ups.com...
>
> > > Bill Grant escreveu:
> > >> You cannot use the router forDNSif you are running AD. All AD machines
> > >> (including the DC itself) should be using the localDNS. To allow
> > >> machines
> > >> on the private LAN to access external machines by name, set your local
> > >>DNS
> > >> server to forward to a publicDNSservice. Then your localDNScan
> > >> resolve
> > >> both private and public names.
>
> > >> I do not understand what you say about the server's external address.
> > >> If
> > >> you are using NAT on the router, the server should not have an external
> > >> address. Only the router should have one.
>
> > > So you mean i have to get a second machine to serveDNSlinked
> > > directly to the outside world so i can use the actual one to serve
> > > only internal network (dns, AD)?
>
> > > As for the external server ip ill explain better;
>
> > > The router does have NAT, and i have it enabled, i have setup the nat
> > > so alldnsrequest goes directly to the server internal ip, but it
> > > doesnt seem to work like i intendend cause when request for the
> > > Authorituve servers of the domain you will et has a response the
> > > internal ip, instead of the external ip (cause AD updates the machine
> > > ip).
>
> > > The way i had it before AD, was;
> > > I setup the A record to "say" that SERVER Ip was the external ip,
> > > while not being that at all, but it worked cause when the another
> > > machine asked what were the authoritive hosts for the the domain we
> > > host, it would get the external ip has a response, and then when it
> > > tried to connect, the router nat would come in action. Making all goe
> > > smooth.
> > > Ad changes this by solely updating SERVEr ip to its true ip, (meaning,
> > > the internal ip).
>
> > >> "PauloPT" <ebe...@sapo.pt> wrote in message
> > >>news:(E-Mail Removed) groups.com...
> > >> > Hi,
>
> > >> > heres my problem;
>
> > >> > I have a single server (SERVER) to handle the following jobs (IIS,
> > >> >DNS, AC, EMAIL, Fileserver, PrintServer)
>
> > >> > The problem lays withDNSand AC
>
> > >> > The network is as following;
>
> > >> > 1 cable modem (static IP) -> Router (with Nat, suposed to pass allDNS
> > >> > request to SERVER by the means of SERVER internal ip) -> SERVER
>
> > >> > a- WithDNSif i dont integrate it with AC and then attribute the
> > >> > external ip (recgonized by the Router) to be the A Host (SERVER), i
> > >> > have no problem withDNS..IIS etc... but seems to be a problem withAC
> > >> > external connectivity.. (it seems that i need to haveDNSintegradet
> > >> > with AC for AC to fully function).
>
> > >> > b-When i integrate theDNSzone with AC (to solve the problem above)
> > >> > even if i choose to do not allow updates, the IP of SERVER (that i
> > >> > configured to be the external making no reference to this machine
> > >> > internal ip) will be updated to its real IP, the internal. Resulting
> > >> > in complete failure to connection from internet to this machine.
>
> > >> > Tanks in advance.- Hide quoted text -
>
> - Show quoted text -

hi
i want step by step configuration how to configure dns in 2k3 server