0

Here's the issue: Your connection to the internet is over a cheap circuit that doesn't provide a static IP address or public static DNS servers. Your LAN is NATed behind a firewall appliance. You want to set up Active Directory and accordingly need to configure DNS and assign a static (NATed) IP address to the server. Once you assign the static IP address however, your server no longer receives the addresses of public DNS servers from the router/gateway. How do you configure your server to pick up the DNS servers issued up via DHCP from your router/gateway?

Rhett
  • 83
  • 1
  • 8

2 Answers2

2

Don't bother with using your ISP's DNS. You're going to run a DNS server on your DC anyway, so just leave the DNS server configured to use root hints (as it is by default).

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
1

  1. If you're installing AD\DNS on the server, it should use a static RFC1918 address and not use a DHCP assigned address.

  2. The AD\DNS server should point to itself for DNS.

  3. All other internal clients should point to the AD\DNS server for DNS.

  4. You don't need to set up the AD\DNS server to use forwarders. You can configure it to use only the root hint servers (which is what I recommend). You also don't need to and shouldn't configure the AD\DNS server to use the DNS servers from the router or from your ISP.

If I'm understanding your question, I have the same setup at home and I suspect many of the admins here do as well. I have an internal AD\DNS server with a static RFC1918 ip address. The server points to itself for DNS and is configured to use the root hint servers and not forwarders for external DNS resolution. All internal clients point to the AD\DNS server for DNS. My router has a single dynamic public ip address from my ISP. I host email and web sites for my domains on my server. I use a dynamic DNS client and service to keep my dynamic ISP ip address synchronized with my public DNS records for incoming email and web visitors. I have port forwarding set up on my router to forward web and email traffic to the internal RFC1918 ip address of my server.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • root hints it is--I was looking at it from a forwarding point of view. – Rhett Dec 01 '09 at 03:51
  • I prefer to use just the root hints for the reason that if you use forwarders and the forwarders have problems it will affect the ability of your internal clients to get external DNS records resolved. We all know that ISP's are not always on top of their game when it comes to stability, reliability, etc. – joeqwerty Dec 01 '09 at 03:55