Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Active Directory and DNS


  • Please log in to reply

#1
chbrules

chbrules

    New Member

  • Member
  • Pip
  • 5 posts
I'm not sure of the best way to set this scenario up. I have a bunch of new Dell servers with server 2003 standard. I want to host a domain on the network; the website for the public internet (IIS 6), public/private mail server (Exchange 2003), Active Directory, and some other services for the network.

I've currently run into an issue running a test situation like this behind a NAT/PAT router. I have a dual Xeon server I built running win server 2003 standard to test these kinds of things out on before I impliment them. I own a domain which I've registered through godaddy.com and have properly pointed the nameservers to my server. I've forwarded port 53 and 80 on my router to my server. Before I set up active directory, I properly setup the DNS and IIS and people and myself can reach the page fine.

The only problem there is that it takes 20+ seconds to resolve the name! I'm running the connection off a pretty reliable cable line through a wireless connection to my server which gets a great signal. The DNS resolves the name pretty fast behind my router though.

Well here's where the problem comes in, it's with Active Directory. I install the active directory on my server, and all goes fine and dandy, I can still resolve the domain behind my router, but now no one on the outside can. I go and check my host entries, they've all changed to private IPs on my LAN. So I go to change them, but active directory changes them right back!

The only thing I can think of to solve this issue is having a dedicated web/DNS server for the domain, then having the Active Directory server on a seperate box as a secondary zone for the domain just for the LAN. Is that the best way to solve this problem, or is there a good way to configure it to work properly on one system? I imagine keeping the services on different servers would be best.

Thank you! :whistling:
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
it's best NOT to have a webserver on your DC (domain controller..the one where ypu're putting AD on)....in SAFE practice it's best not to have your webserver actually on the internal network..but in a DMZ (demilitarized zone)...but that's n ot always practicle either...now...it's pefectly fine to have your DNS server on your DC as well...i haven't set up a system such as what you describe but...you may need to have two DNS zones..one for the private network and one for the public (webserver)..both forward and reverse
  • 0

#3
chbrules

chbrules

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

it's best NOT to have a webserver on your DC (domain controller..the one where ypu're putting AD on)....in SAFE practice it's best not to have your webserver actually on the internal network..but in a DMZ (demilitarized zone)...but that's n ot always practicle either...now...it's pefectly fine to have your DNS server on your DC as well...i haven't set up a system such as what you describe but...you may need to have two DNS zones..one for the private network and one for the public (webserver)..both forward and reverse


Does the web server really need to be in the DMZ? Why not just forward port 80 and 53? I won't be using SSL or anything else besides SMTP and POP3 on another server.

I'm just wondering if having a secondary DNS zone on the AD server and having the primary DNS on the public web server would be a good idea?

Would it be a better option to just make two totally different primary DNS zones? I'm going to be using VPN to connect another AD slave server to the main one at this main office, but I guess that doesn't really matter since it will seemingly be a LAN.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP