trying to understand..hate dns

"If you use an ADSL router or a RRAS router, you can turn off the DNS proxy function and configure it so that the clients can use your local DNS. You then configure your local DNS to forward to the DNS servive on your Internet connection. But this is not an option with ICS (or with the Shared NAT option in VPC, which works much like ICS). So the short answer is you need to replace ICS with a configurable router which can do NAT for you but will allow you to use your local (ie the one you use for your AD clients) DNS server.

So would my dns need to point to anything else other than to have it forward to the DNS service on my Internet connection
Would I need to have the DNS(if it is not installed on the DC) point to my DC as it's gateway? I know that the Defualt gateway for my DC would be my router.

If you're using AD, note that all servers and workstations should specify
*only* the internal AD-integrated DNS server's IP address in their network
settings. The AD-integrated DNS server should be set up with forwarders to
your ISP's DNS servers for external resolution. See
http://support.microsoft.com/default...b;en-us;300202 for more
info.

I don't know that you need to change anything in your router for this, but
if you have a network, get a true firewall to help protect your network at
the perimeter (between your Internet router & LAN).

noobtech wrote:
> "If you use an ADSL router or a RRAS router, you can turn off the DNS
> proxy function and configure it so that the clients can use your
> local DNS. You then configure your local DNS to forward to the DNS
> servive on your Internet connection. But this is not an option with
> ICS (or with the Shared NAT option in VPC, which works much like
> ICS). So the short answer is you need to replace ICS with a
> configurable router which can do NAT for you but will allow you to
> use your local (ie the one you use for your AD clients) DNS server."
>
> So would my dns need to point to anything else other than to have it
> forward to the DNS service on my Internet connection? Would I need to
> have the DNS(if it is not installed on the DC) point to my DC as it's
> gateway? I know that the Defualt gateway for my DC would be my
> router.

In NT the commn settings was that user's default gateway was the DC (had wins installed). Everything would go to the DC and then the DC's gateway would be the router's IP. Simpl

what i'm trying to understand is this, my DC uses the my router as it's default gateway. If my DNS is a seperate machine on my local network would it's gateway be my DC or my router? If it's the router ip then would it be nesessary for my DC to have a default gateway at all? And if it's need then what is the purpose of having a default gateway for my DC if the DNS can use my routers ip for internet resolution

You need to separate LAN topology from Domain Roles in your mind,... the two
are not directly related. The way something routes in a network has no
relationship to whether the machine is a DNS, DC, WINS or whatever. You
could be running Windows 3.11 on everything and the routing scheme would
still be the same.

From your other posts I have dealt with, I believe you have one "multi-nic"
machine sitting in the middle of your network. You then have another
machine that has a modem and it "shares" the Internet connection. Let's keep
it simple, lets call the machine with the modem the "Internet machine",
lets call the multi-nic machine your "LAN Router" because this is the job
they perform at the Layer3 Routing Level.

*All* your machines use the LAN Router as their Default Gateway. They each
use the Nic of the LAN Router that directly faces them for the Default
Gateway. The LAN Router *must* have a static IP assignment on both NICs.
Use a high number on the side facing the Internet machine such as
192.168.0.254 so that it and ICS won't bother each other.

Then the LAN Router uses the Internet Machine as *its* Default Gateway.

The Internet machine needs a Static Route entered into it so that it knows
which Gateway (the LAN Router) to use to find the subnet that is on the
opposite side of the LAN Router from where it sits.

That covers all the "routing" issues. There isn't anything else there.

Now DNS. It is pretty simple. *All* machines point to the internal DNS
running on the DC as their DNS Server. Then within the DNS Server's
settings there is a place to add Forwarders. Add your ISP's DNS to the
Forwarder's List. All done, that takes care of DNS. There is nothing else.

Issues with the Internet Machine...... This machine needs the Internal Nic
set as the primary Nic. If it is the only Nic and the only other thing is
the modem, then forget it,..it already is the primary Nic. The DNS settings
on this Nic will point to the Internal DNS just like all the rest of the
machines. The modem will take care of itself when it connects to the ISP,
so just let it do its thing and don't worry about it.

Now if there is something about ICS that I am missing then I don't know what
to tell you,...ICS is hopelessly miserable for anything but the most simple
situations and I never use it.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"noobtech" <(E-Mail Removed)> wrote in message
news:F7D63DBE-E75F-46EB-9FDB-(E-Mail Removed)...
> In NT the commn settings was that user's default gateway was the DC (had
wins installed). Everything would go to the DC and then the DC's gateway
would be the router's IP. Simple
>
> what i'm trying to understand is this, my DC uses the my router as it's
default gateway. If my DNS is a seperate machine on my local network would
it's gateway be my DC or my router? If it's the router ip then would it be
nesessary for my DC to have a default gateway at all? And if it's need then
what is the purpose of having a default gateway for my DC if the DNS can use
my routers ip for internet resolution?
>
>

I Don’t want to beat this to death but I’m truly confused with DNS and it's role in a domain. I’d take some classes but unfortunately at this point that is not an option. I’ve brought a few books but they don’t cover what I’m not understanding

if I had a basic router that could do NAT/DHCP (like a Linksys or Netgear) then all my clients on my (non domain) LAN would be pointing to the router as its default gateway. I have done this before easily in a small office where we had 5 computers that just needed internet access. In such cases all computers nic's would be pointing to the router as the default gateway. It's pretty much point A to point B.

In a domain situation it's different. Client's in a domain are not directly directed to the Lan router. Under NT they were directed to the domain controller. And from there it would go to the Router

In windows 2xxx when DNS is on a member server and not on the Domain controller. Who do the clients point to as their default gateway, DNS or Domain controller?
Who does the DNS server point to as it's default gateway? If it's not the router but the DC why
Who does the Domain controller point to as it's default gateway? if it's not DNS but the router, why?

based on what I know so far
I see a purpose for DNS server to have the lan router as it's default gateway but I don't see the purpose of having the Domain controller use the lan router as it's default gateway. Nor do i see a purpose in having the clients use the Domain controller as its default gateway.

noobtech wrote:
> I Don't want to beat this to death but I'm truly confused with DNS
> and it's role in a domain. I'd take some classes but unfortunately at
> this point that is not an option. I've brought a few books but they
> don't cover what I'm not understanding
>
> if I had a basic router that could do NAT/DHCP (like a Linksys or
> Netgear) then all my clients on my (non domain) LAN would be pointing
> to the router as its default gateway. I have done this before easily
> in a small office where we had 5 computers that just needed internet
> access. In such cases all computers nic's would be pointing to the
> router as the default gateway. It's pretty much point A to point B.
>
> In a domain situation it's different.

No it isn't.

> Client's in a domain are not
> directly directed to the Lan router.

> Under NT they were directed to
> the domain controller. And from there it would go to the Router.

Only if you were using the NT server as a router - were you running a proxy
server on the NT box?
>
> In windows 2xxx when DNS is on a member server and not on the Domain
> controller. Who do the clients point to as their default gateway, DNS
> or Domain controller?

You need AD-integrated DNS to run AD properly.

Clients and servers all point to the IP address of whatever "device"
connects them to the Internet. Either your router/firewall as you mentioned
(and if you don't have one, get one - why turn a DC into a router?) or your
server if you're multihomed and going that route, ISA, whatnot.

DNS and the domain config has absolutely nothing to do with this. :-)

> Who does the DNS server point to as it's
> default gateway? If it's not the router but the DC why? Who does the
> Domain controller point to as it's default gateway? if it's not DNS
> but the router, why?

Again - all computers - servers & workstations alike - have to point to
whatever IP gives them Internet access.
>
> based on what I know so far:
> I see a purpose for DNS server to have the lan router as it's default
> gateway but I don't see the purpose of having the Domain controller
> use the lan router as it's default gateway.

Why not?

> Nor do i see a purpose in
> having the clients use the Domain controller as its default gateway.

Well, they can't, unless you're using it as a router to get them to the
Internet.

Get a router/firewall and point all clients & servers at its internal IP as
default gateway. For DNS, again, make sure that all servers and workstations
specify *only* the internal AD-integrated DNS server's IP address in their
network settings. The AD-integrated DNS server should be set up with
forwarders to your ISP's DNS servers for external resolution. See
http://support.microsoft.com/default...b;en-us;300202 for more
info.

"noobtech" <(E-Mail Removed)> wrote in message
news:B0B784B2-BF1B-4754-B22C-(E-Mail Removed)...
> I Don't want to beat this to death but I'm truly confused with DNS and
it's role in a
> domain. I'd take some classes but unfortunately at this point that is not
an option.
> I've brought a few books but they don't cover what I'm not understanding

We are beating this to death. It doesn't matter how many times you ask, I
am still going to give the same answer. My previous post gave exactly what
you need to get it working and you don't even have to understand DNS to do
it. Just follow the steps I gave,....be confused later when you have time
after it is working. It will make more sense to you when you watch a working
system in action than it is trying to look at something that doesn't work.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I don't have DSL but I do have the network set up as if it had DSL. So based on your post and everyone's post I assume that if i used the following correct configuration all my clients within my 2003 Domain would have internet access if I had DSL

(borrowed linksys) Router: 192.168.2.5

DC = 192.168.2.1 / Subnet 255.255.255.
Defualt gateway = Empty
preffered DNS = 192.168.2.

DNS server = 192.168.2.2 / Subnet 255.255.255.
Default gateway = 192.168.2.5
preferred DNS - set to isp's DNS, to itself or leave this empty?

Client machines = IP 192.168.2.
Default gateway = 192.168.2.5
Preferred DNS = 192.168.2.2

Your design has a couple problems. I'll show the corrections, and then I
will try to display one that works with a modem and then one that looks like
what we have been discussing earlier.

Corrections:
#1. It doesn't reflect the design we've been discussing to according to my
understanding of your descritpion of it..
#2. The DC and DNS are the same machine. That is not because of
networking,...that is the way it is with Windows Domains
-----------------------------------------------------------------
With DSL:
(borrowed linksys) Router
Private side IP# = 192.168.2.50
Public side IP# = Set by ISP's DHCP

DC/DNS
IP# = 192.168.2.1 / Subnet 255.255.255.0
Default gateway = 192.168.2.50
Preffered DNS = 127.0.0.1 (loopback address, it points to itself)
DNS configuration uses Forwarders pointing to ISP's DNS

Client machines
IP# = 192.168.2.2 thru 192.168.2.254 / Subnet 255.255.255.0
Default gateway = 192.168.2.50
Preferred DNS = 192.168.2.1

----------------------------------------------------------------------
With Modem:
DC/DNS
IP# = 192.168.2.1 / Subnet 255.255.255.0
ICS enabled
Default gateway = <**NONE**> (See Modem 2 lines down)
Preffered DNS = 127.0.0.1 (loopback address, it points to itself)
DNS configuration uses Forwarders pointing to ISP's DNS
Modem (Dialup adapter) All specs set by ISP including the Default Gateway

Client machines
IP# = 192.168.2.2 thru 192.168.2.254 / Subnet 255.255.255.0
Default gateway = 192.168.2.50
Preferred DNS = 192.168.2.1

----------------------------------------------------------------------
System we been dealing with according to my understanding of your
decription:

ICS machine using Dialup Modem:
IP#= 192.168.5.1 / Subnet 255.255.255.0
ICS enabled
Default Gateway = <**NONE**> (See Modem 4 lines down)
Static Route: rt192.168.0.0 mask255.255.255.0 int192.168.5.2
metric1
<sends all traffic for 192.168.0.x to 192.168.5.2 on LAN Router Nic#1>
Preffered DNS = 192.168.0.2 (LAN's DC/DNS)
Modem (Dialup adapter) All specs set by ISP including the Default Gateway

LAN Router (duel nic machine)
Nic#1 IP# = 192.168.5.2 / Subnet 255.255.255.0
Nic#2 IP# = 192.168.0.1 / Subnet 255.255.255.0
Default Gateway = 192.168.5.1 (ICS machine)
Preferred DNS = 192.168.0.2 (LAN's DC/DNS)

DC/DNS
IP# = 192.168.0.2/ Subnet 255.255.255.0
Default gateway = 192.168.0.1 (LAN Router Nic#2)
Preffered DNS = 127.0.0.1 (loopback address, it points to itself)
DNS configuration uses Forwarders pointing to ISP's DNS

Client machines
IP# = 192.168.0.3 thru 192.168.0.254 / Subnet 255.255.255.0
Default gateway = 192.168.0.1 (LAN Router Nic #2)
Preferred DNS = 192.168.0.2 (LAN's DC/DNS)
----------------------------------------------------------------------------
----

There it is.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com




"noobtech" <(E-Mail Removed)> wrote in message
news4B41F8E-F36B-471D-937A-(E-Mail Removed)...
> I don't have DSL but I do have the network set up as if it had DSL. So
based on your post and everyone's post I assume that if i used the following
correct configuration all my clients within my 2003 Domain would have
internet access if I had DSL:
>
> (borrowed linksys) Router: 192.168.2.50
>
> DC = 192.168.2.1 / Subnet 255.255.255.0
> Defualt gateway = Empty?
> preffered DNS = 192.168.2.2
>
> DNS server = 192.168.2.2 / Subnet 255.255.255.0
> Default gateway = 192.168.2.50
> preferred DNS - set to isp's DNS, to itself or leave this empty?
>
> Client machines = IP 192.168.2.5
> Default gateway = 192.168.2.50
> Preferred DNS = 192.168.2.2
>