Help with learning SOHO setup

Hi All,

I am new to networking, and I am hoping you can help me better understand
several things. I would appreciate your feedback.

I want to create a fully functional Windows domain to learn and apply
networking administration functions in a way that would be practical to apply
in a SOHO. I read an article that indicated it would better to install DNS
first and separate from AD. I did this, followed with DCPROMO, and finished
by installing and configuring DHCP.

I have a router, Windows 2003 server, and a couple of Windows XP clients.
I registered a domain name of: kelly.net

Installed 2003 Server
Setup my domain controller with:
Static IP address = 192.168.2.10
Subnet = 255.255.255.0
Gateway = 192.168.2.1
DNS Server = 192.168.2.10

Setup DNS
Created forward lookup zone
Zone name = office.kelly.net
Zone file = office.kelly.net.dns
Chose to not allow dynamic updates
Setup a forwarded to my ISP’s DNS

Ran DCPROMO
Full DNS = office.kelly.net
Netbios = OFFICE

Setup DHCP
Name = office scope
Range = 192.168.2.50 – 192.168.2.254
Subnet – 255.255.255.0
No exclusions
Default gateway = 192.168.2.1
DNS parent domain = office.kelly.net
DNS server = 192.168.2.10
No WINS
\


What do you think of my overall strategy?
What do I need to change?
Is my order of operations fine: 1. assign IP static IP addressing, 2. Setup
DNS 3. Run DCPROMO 4. Setup DHCP?

Would it be correct to say that my DNS server is authoritative for the
“office� zone, while my ISP will be authoritative for the “Kelly.net� zone?

Thanks!

Let me add to this, If I want to host my own email server, web server, and
FTP server should I setup my domain name to match my registered domain? So in
other words should I make my domain name kelly.net? If I forwarded my
registered domain to my name server IP, would this make my DNS server the
authority for kelly.net? I would then also create a forward pointer to my ISP
DNS to resolve names that my name server cannot?

Is this close to making sense?

"kelly" wrote:

> Hi All,
>
> I am new to networking, and I am hoping you can help me better understand
> several things. I would appreciate your feedback.
>
> I want to create a fully functional Windows domain to learn and apply
> networking administration functions in a way that would be practical to apply
> in a SOHO. I read an article that indicated it would better to install DNS
> first and separate from AD. I did this, followed with DCPROMO, and finished
> by installing and configuring DHCP.
>
> I have a router, Windows 2003 server, and a couple of Windows XP clients.
> I registered a domain name of: kelly.net
>
> Installed 2003 Server
> Setup my domain controller with:
> Static IP address = 192.168.2.10
> Subnet = 255.255.255.0
> Gateway = 192.168.2.1
> DNS Server = 192.168.2.10
>
> Setup DNS
> Created forward lookup zone
> Zone name = office.kelly.net
> Zone file = office.kelly.net.dns
> Chose to not allow dynamic updates
> Setup a forwarded to my ISP’s DNS
>
> Ran DCPROMO
> Full DNS = office.kelly.net
> Netbios = OFFICE
>
> Setup DHCP
> Name = office scope
> Range = 192.168.2.50 – 192.168.2.254
> Subnet – 255.255.255.0
> No exclusions
> Default gateway = 192.168.2.1
> DNS parent domain = office.kelly.net
> DNS server = 192.168.2.10
> No WINS
> \
>
>
> What do you think of my overall strategy?
> What do I need to change?
> Is my order of operations fine: 1. assign IP static IP addressing, 2. Setup
> DNS 3. Run DCPROMO 4. Setup DHCP?
>
> Would it be correct to say that my DNS server is authoritative for the
> “office� zone, while my ISP will be authoritative for the “Kelly.net� zone?
>
> Thanks!
>

Aloha Kelly,

Sounds pretty good to me. I'm not sure why you'd want to keep DNS separate
from AD in that case however. I'm a little tired (it's been a long day)
but I think we've always tried to keep them tied together because your AD
and DNS need to work together for best effect.

-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenote.html

> Hi All,
>
> I am new to networking, and I am hoping you can help me better
> understand several things. I would appreciate your feedback.
>
> I want to create a fully functional Windows domain to learn and apply
> networking administration functions in a way that would be practical
> to apply in a SOHO. I read an article that indicated it would better
> to install DNS first and separate from AD. I did this, followed with
> DCPROMO, and finished by installing and configuring DHCP.
>
> I have a router, Windows 2003 server, and a couple of Windows XP
> clients. I registered a domain name of: kelly.net
>
> Installed 2003 Server
> Setup my domain controller with:
> Static IP address = 192.168.2.10
> Subnet = 255.255.255.0
> Gateway = 192.168.2.1
> DNS Server = 192.168.2.10
> Setup DNS
> Created forward lookup zone
> Zone name = office.kelly.net
> Zone file = office.kelly.net.dns
> Chose to not allow dynamic updates
> Setup a forwarded to my ISP’s DNS
> Ran DCPROMO
> Full DNS = office.kelly.net
> Netbios = OFFICE
> Setup DHCP
> Name = office scope
> Range = 192.168.2.50 – 192.168.2.254
> Subnet – 255.255.255.0
> No exclusions
> Default gateway = 192.168.2.1
> DNS parent domain = office.kelly.net
> DNS server = 192.168.2.10
> No WINS
> \
> What do you think of my overall strategy? What do I need to change? Is
> my order of operations fine: 1. assign IP static IP addressing, 2.
> Setup DNS 3. Run DCPROMO 4. Setup DHCP?
>
> Would it be correct to say that my DNS server is authoritative for the
> “office� zone, while my ISP will be authoritative for the “Kelly.net�
> zone?
>
> Thanks!
>

"kelly" <(E-Mail Removed)> wrote in message
news:0A0A722E-B9B8-4175-BDA0-(E-Mail Removed)...
> Setup DNS
> Created forward lookup zone
> Zone name = office.kelly.net
> Zone file = office.kelly.net.dns
> Chose to not allow dynamic updates
> Setup a forwarded to my ISP's DNS

You would not need to configure DNS,..only install it. The DCPromo process
will configure the DNS according to what it needs. It will prompt you during
the process and you would just tell it yes. In fact it will even install DNS
if it is not already installed.

I would not have "office" as a child domain of kelly.net, which is what the
forward Zone implies. There should only be one "dot" in the name.

There should be no relationship between the Public Internet Domain name and
the internal AD Domain name. They exist for completely and totally
different reasons and have nothing to do with each other. The only thing
they have in common is that they are called "domains". I typically use a
TLD that is never used on the Internet as to avoid any possibility of a
conflict. Typically I use ".loc",...so yours could be "office.loc". In my
test labs I always use "lab.loc",..so a webserver in the lab would be
"machinename.lab.loc" with an alias of www.lab.loc.

For external Internet naming to work, you either let your DNS use RootHints
(should be automatic) or configure your ISP's DNS as a "Forwarder" in the
Forewarders List in the config of your DNS Server.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

kelly wrote:
> Hi All,
>
> I am new to networking, and I am hoping you can help me better
> understand several things. I would appreciate your feedback.
>
> I want to create a fully functional Windows domain to learn and apply
> networking administration functions in a way that would be practical
> to apply in a SOHO. I read an article that indicated it would better
> to install DNS first and separate from AD. I did this, followed with
> DCPROMO, and finished by installing and configuring DHCP.
>
> I have a router, Windows 2003 server, and a couple of Windows XP
> clients.
> I registered a domain name of: kelly.net
>
> Installed 2003 Server
> Setup my domain controller with:
> Static IP address = 192.168.2.10
> Subnet = 255.255.255.0
> Gateway = 192.168.2.1
> DNS Server = 192.168.2.10
>
> Setup DNS
> Created forward lookup zone
> Zone name = office.kelly.net
> Zone file = office.kelly.net.dns
> Chose to not allow dynamic updates
> Setup a forwarded to my ISP's DNS
>
> Ran DCPROMO
> Full DNS = office.kelly.net
> Netbios = OFFICE
>
> Setup DHCP
> Name = office scope
> Range = 192.168.2.50 - 192.168.2.254
> Subnet - 255.255.255.0
> No exclusions
> Default gateway = 192.168.2.1
> DNS parent domain = office.kelly.net
> DNS server = 192.168.2.10
> No WINS
> \
>
>
> What do you think of my overall strategy?
> What do I need to change?
> Is my order of operations fine: 1. assign IP static IP addressing, 2.
> Setup DNS 3. Run DCPROMO 4. Setup DHCP?
>
> Would it be correct to say that my DNS server is authoritative for the
> "office" zone, while my ISP will be authoritative for the "Kelly.net"
> zone?
>
> Thanks!

As others have said the plan seems sound with a few minor tweaks.

I have used child domains of public domains before. It works OK but as
stated elsewhere in the thread usually you are better to use a completely
separated domain as in .local or .internal. These can also cause some
problems but of a minor nature that have many documented ways to overcome
the problems.

Don't set up DNS first. DCPROMO will do what's needed for DNS, although you
may have to add a reverse zone later.

I would also recommend using DHCP. If you want static IP's you can reserve
them. DHCP makes it much easier to change things like the DNS server, add a
WINS server etc. without changing each machine individually.

Personally for SOHO I'd recommend you look at Small Business Server 2003
rather than Server 2003. It's better fit for SOHO and cheaper.


--
Kerry
MS-MVP Windows - Shell/User

"Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
news:(E-Mail Removed)...
> I have used child domains of public domains before. It works OK but as
> stated elsewhere in the thread usually you are better to use a completely
> separated domain as in .local or .internal. These can also cause some
> problems but of a minor nature that have many documented ways to overcome
> the problems.

Yea. Some non-Windows OS will choke on a TLD that is more than three
characters long, so I avoid the longer names in favor of ".loc" or ".int" .
The MACs were one that had a problem with it, but I don't know if it effects
the lastest MAC OS since it is based on Linux now.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Alright I assume I am going to need to read alot more about DNS. Can you help
me understand the DNS query?

If an person with an Internet connection types in "www.kelly.net", their DNS
resolver looks to their local cache, then to their preferred DNS server, from
there it goes on a recursive search that is based on the root hints contained
on the preferred DNS server. The root hints point to authoratative name
servers that are relevant to the namespace queried. Is this correct?

Can I have my DNS server authoratative for all kelly.net queries? So if the
user wants access to www.kelly.net, the query goes to ns1.kelly.net (my name
server) which then resolves the name for the user?

Thanks,
Kelly

"Phillip Windell" wrote:

> "kelly" <(E-Mail Removed)> wrote in message
> news:0A0A722E-B9B8-4175-BDA0-(E-Mail Removed)...
> > Setup DNS
> > Created forward lookup zone
> > Zone name = office.kelly.net
> > Zone file = office.kelly.net.dns
> > Chose to not allow dynamic updates
> > Setup a forwarded to my ISP's DNS
>
> You would not need to configure DNS,..only install it. The DCPromo process
> will configure the DNS according to what it needs. It will prompt you during
> the process and you would just tell it yes. In fact it will even install DNS
> if it is not already installed.
>
> I would not have "office" as a child domain of kelly.net, which is what the
> forward Zone implies. There should only be one "dot" in the name.
>
> There should be no relationship between the Public Internet Domain name and
> the internal AD Domain name. They exist for completely and totally
> different reasons and have nothing to do with each other. The only thing
> they have in common is that they are called "domains". I typically use a
> TLD that is never used on the Internet as to avoid any possibility of a
> conflict. Typically I use ".loc",...so yours could be "office.loc". In my
> test labs I always use "lab.loc",..so a webserver in the lab would be
> "machinename.lab.loc" with an alias of www.lab.loc.
>
> For external Internet naming to work, you either let your DNS use RootHints
> (should be automatic) or configure your ISP's DNS as a "Forwarder" in the
> Forewarders List in the config of your DNS Server.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>

"kelly" <(E-Mail Removed)> wrote in message
news:24216CFA-EBD6-4E34-83C1-(E-Mail Removed)...
> Alright I assume I am going to need to read alot more about DNS. Can you
help
> me understand the DNS query?
>
> If an person with an Internet connection types in "www.kelly.net", their
DNS
> resolver looks to their local cache, then to their preferred DNS server,
from
> there it goes on a recursive search that is based on the root hints
contained
> on the preferred DNS server. The root hints point to authoratative name
> servers that are relevant to the namespace queried. Is this correct?

The best thing to do with DNS is let DCPromo configure it, then stay away
from DNS. The purpose of your DNS to exist is for Active Directory, not
the Internet. That is why I often refer to it by AD/DNS. The purpose for
your ISP's DNS to exist is for the Internet, not your Active Directory
(notice they are exact opposties here).

Active Directory is based on DNS. The same way that your AD/FQDN has nothing
to do with your Internet FQDN,...your AD/DNS has nothing to do with the
Internet and your ISP's DNS,...two different things for two different
reasons.

> Can I have my DNS server authoratative for all kelly.net queries? So if
the
> user wants access to www.kelly.net, the query goes to ns1.kelly.net (my
name
> server) which then resolves the name for the user?

Theoreically, if you work it out with your ISP,..yes,...would I do it? No.
In all the years I have fooled with this stuff I would not even consider it.
I do my job,...I let the ISP's do their job,..that is what they are there
for.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Ok.

So after reading your feedback, let me re-summarize my steps:

Install 2003 Server
Assign static IP to server
Setup DNS with DCPROMO
Setup DHCP with scope

I will make my FQDN kelly.loc and my DNS server will be authoratative for
kelly.loc

What is a quick and simple way to verify my local DNS is working correctly?
Ping by FQDN?

Now if I wanted to host my own mail server or web server, do I enter that as
a record in my hosting site's DNS admin panel and point it to.........

Thanks for all the help!




"Phillip Windell" wrote:

> "kelly" <(E-Mail Removed)> wrote in message
> news:24216CFA-EBD6-4E34-83C1-(E-Mail Removed)...
> > Alright I assume I am going to need to read alot more about DNS. Can you
> help
> > me understand the DNS query?
> >
> > If an person with an Internet connection types in "www.kelly.net", their
> DNS
> > resolver looks to their local cache, then to their preferred DNS server,
> from
> > there it goes on a recursive search that is based on the root hints
> contained
> > on the preferred DNS server. The root hints point to authoratative name
> > servers that are relevant to the namespace queried. Is this correct?
>
> The best thing to do with DNS is let DCPromo configure it, then stay away
> from DNS. The purpose of your DNS to exist is for Active Directory, not
> the Internet. That is why I often refer to it by AD/DNS. The purpose for
> your ISP's DNS to exist is for the Internet, not your Active Directory
> (notice they are exact opposties here).
>
> Active Directory is based on DNS. The same way that your AD/FQDN has nothing
> to do with your Internet FQDN,...your AD/DNS has nothing to do with the
> Internet and your ISP's DNS,...two different things for two different
> reasons.
>
> > Can I have my DNS server authoratative for all kelly.net queries? So if
> the
> > user wants access to www.kelly.net, the query goes to ns1.kelly.net (my
> name
> > server) which then resolves the name for the user?
>
> Theoreically, if you work it out with your ISP,..yes,...would I do it? No.
> In all the years I have fooled with this stuff I would not even consider it.
> I do my job,...I let the ISP's do their job,..that is what they are there
> for.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>

"kelly" <(E-Mail Removed)> wrote in message
news:5BFA337A-CB5A-4086-8B48-(E-Mail Removed)...
> Install 2003 Server
> Assign static IP to server
> Setup DNS with DCPROMO
> Setup DHCP with scope
>
> I will make my FQDN kelly.loc and my DNS server will be authoratative for
> kelly.loc

Perfect.

> What is a quick and simple way to verify my local DNS is working
correctly?
> Ping by FQDN?

AD won't work without it,..so it would be pretty obvious. Yes you can ping
by the AD/FQDN as a test if you like.

> Now if I wanted to host my own mail server or web server, do I enter that
as
> a record in my hosting site's DNS admin panel and point it to.........

Your ISP does that. It is also a violation of your account with some
accounts with some ISPs. You have to clear it all with them.

1. For Web they just create a host record for "www" which automatically will
fall under kelly.net making it www.kelly.net

2. For mail you tell the ISP what name you want to use. Typically it is
"mail". They then create a host record for "mail" which automatically will
become "mail.kelly.net" . Then the ISP would create an MX Record. The MX
Record will point to the previously establish host record of "mail". Any
email addresses you create on the mail server will be of the pattern
*@kelly.net .

You don't do anything on the LAN or in AD at all for these,...it is 100% the
ISP. When you access the mail server from within your LAN you will use the
Name it is known by in AD on the LAN, *not* the Public name. The Public
name is for,..the Public.

You could create in AD/DNS an additonal DNS Zone manually for kelly.net and
manually create the records for "www" and "mail" that resolve to the
*private* IP#s (not the public IP#s) so when you are inside the LAN you can
connect properly to the resources. But to me it is a bunch of work for
something you don't need anyway.
You do *not* want to try to do a "U-turn" at the firewall by using the
public IP#. This usually causes a conflict at the firewall whereby the MAC
address for the source and destination inside the packet is the same
address,...it then just kinda shoots itself in the head and fails.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com