Home webserver...
Chris Judah
I've been just mucking my way around this stuff right now trying to
learn as I go. Here is the setup I have:
1) Cable connetion
2) Linksys WRT54G Wireless Router
3) One Windows Server 2003 Box that I want to both be my webserver and
DNS server.
4) Domain of swvoice.com.au
What I have done first was configured the computer's suffix to use my
domain which is swvoice.com.au and the host name of the computer is
ns1. I then continue to configure the box with a static IP address of
192.168.1.252 and also configure the primary DNS as 192.168.1.252, as
it will be acting as the DNS server. In the DNS settings tab under
advanced I have "Append primary and connection specific DNS suffixes"
selected and "appened parent suffixes of the primary DNS suffix"
checked; I also have "register this connection's addresses in dns"
checked.
Next I configured the DNS server by installing it and I set up the
forward lookup zone first. Created as a primary zone with the name of
swvoice.com.au. I left the new zone filename as it's default
(swvoice.com.au.dns) and accepted both secure and nonsecure dynamic
updates. DNS snapin showing A records for everything.
After this I go in and enable DNS forwarding: I right click the server
object (ns1) and click on the fowarders tab then I input two of my
ISP's DNS servers.
Next step was to create a standard primary reverse lookup zone which I
input as 192.168.1.x.
After that I ran the dcpromo command in the run dialog and it began the
AD installation. I chose Domain Controller and create a new domain
forest. For the full DNS name I entered swvoice.com.au and I accept
the NetBIOS name of SWVOICE. Database, log file, and sysvol folders
are all default and when I finished I got this message:
Diagnostic Results
The registration diagnostic has been run 1 times.
DNS registration support for this domain controller has been verified.
To continue, click next.
Details
The primary DNS server tested was: ns1.swvoice.com.au (192.168.1.252)
The zone was swvoice.com.au
The test for dynamic DNS update support returned:
"The operation complete successfully."
So I assumed all was well and continued the setup:
Accepted permissions compatible with only windows 2000 and windows
server 2003, I then entered the restore mode password and finished
setup.
I've checked all the AD stuff to make sure it was installed correct,
which it appears to be. Created the four SRV records and everything.
I am able to ping domains and it will like resolve the IP address but I
still get Destination host unreachable by both domain and ip address.
When running an nslookup command to google I get this back:
Server: ns1.swvoice.com.au
Address: 192.168.1.252
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:Addresses: 72.14.203.104, 72.14.203.99
Aliases: www.google.com
Just wondering is everything set up correctly or is it just me? I have
provided the domain registar ns1.swvoice.com.au for the DNS server.
Any help and I would be very pleased.
Herb Martin
news:1159990173.2...@e3g2000cwe.googlegroups.com...
> Okay, I'm kinda new at all of this stuff. I've dabbled in a little and
> I've been just mucking my way around this stuff right now trying to
> learn as I go. Here is the setup I have:
We will help without jumping on you. <grin> Just realize
whenever we correct something that we are only giving
you better information....
> 1) Cable connetion
> 2) Linksys WRT54G Wireless Router
> 3) One Windows Server 2003 Box that I want to both be my webserver and
> DNS server.
Outbound (your internal clients) or Public (for helping
those on the Internet find your Server)? Both?
These are really two SEPARATE jobs and if you wish to
be really good at DNS you will burn this into your thinking,
because even if the same server does both you DESIGN
and TROUBLESHOOT the two jobs differently.
"Both" is a TERRIBLE idea, especially if you are new to this
stuff.
"Public" is generally a poor idea anyway -- leave the PUBLIC
DNS at your REGISTRAR (GoDaddy, Register.com, or the
Aussie equivalent etc) IF they support that.
Usually it is a FREE (paid for when you registered the name).
> 4) Domain of swvoice.com.au
>
> What I have done first was configured the computer's suffix to use my
> domain which is swvoice.com.au and the host name of the computer is
> ns1.
This is GOOD but irrelevant to the functioning of the DNS server.
That setting is for the "Client", i.e., when that server is itself
resolving names as a client would, NOT when it is acting as the
DNS server (for itself or other client machines).
> I then continue to configure the box with a static IP address of
> 192.168.1.252 and also configure the primary DNS as 192.168.1.252, as
> it will be acting as the DNS server.
That's good. And from this we must conclude you are ONLY
doing this for your INTERNAL clients -- not the Public Internet
-- since those addresses are in a privately administered range.
> In the DNS settings tab under
> advanced I have "Append primary and connection specific DNS suffixes"
> selected and "appened parent suffixes of the primary DNS suffix"
> checked; I also have "register this connection's addresses in dns"
> checked.
Again, totally irrelevant to the function of the machine AS A DNS
Server. Registering is GOOD if you have an INTERNAL ONLY
DNS Zone which is set to allow dynamic registrations but not
relevant to the DNS server function either.
> Next I configured the DNS server by installing it and I set up the
> forward lookup zone first. Created as a primary zone with the name of
> swvoice.com.au. I left the new zone filename as it's default
> (swvoice.com.au.dns) and accepted both secure and nonsecure dynamic
> updates. DNS snapin showing A records for everything.
Non-Secure is bad UNLESS you must do this. NEVER put such a
DNS server "on the Internet". If all of your machines are "Domain
members" then move the zone to AD Integrated (you chance change
it's type on the properties) and make it SECURE ONLY.
Did you create all of the records you need in the zone or
are you depending on Dynamic registration to do everything?
For instance, unless you server is NAMED "www" it isn't
going to register the www.swvoice.com.au. but only the
SERVER_NAME.swvoice.com.au. record.
> After this I go in and enable DNS forwarding: I right click the server
> object (ns1) and click on the fowarders tab then I input two of my
> ISP's DNS servers.
Reasonable.
> Next step was to create a standard primary reverse lookup zone which I
> input as 192.168.1.x.
Likely irrelevant -- but not harmful. Reverse zones have
little utility for internal networks, especially if they are very
small.
On the Internet, reverse records are important for SMTP (email)
servers -- but the reverse zones almost always "belong to" the
ISPs so you just have to get them to register those for you.
> After that I ran the dcpromo command in the run dialog and it began the
> AD installation. I chose Domain Controller and create a new domain
> forest. For the full DNS name I entered swvoice.com.au and I accept
> the NetBIOS name of SWVOICE. Database, log file, and sysvol folders
> are all default and when I finished I got this message:
Reasonably, but I would have told you to do this before the
DNS server install -- and let the DCPromo offer to install
and configure DNS for you.
Now it is a DC so you can make that zone (both zones) AD Integrated
and use "Secure only updates."
> Diagnostic Results
> The registration diagnostic has been run 1 times.
> DNS registration support for this domain controller has been verified.
> To continue, click next.
>
> Details
> The primary DNS server tested was: ns1.swvoice.com.au (192.168.1.252)
> The zone was swvoice.com.au
>
> The test for dynamic DNS update support returned:
> "The operation complete successfully."
DCDiag (from the server CDROM Support Tools) is the
best quick check. Send output to a text file (there is a lot
of output) and search for FAIL, WARN, ERROR.
> So I assumed all was well and continued the setup:
>
> Accepted permissions compatible with only windows 2000 and windows
> server 2003, I then entered the restore mode password and finished
> setup.
>
> I've checked all the AD stuff to make sure it was installed correct,
> which it appears to be. Created the four SRV records and everything.
>
> I am able to ping domains and it will like resolve the IP address but I
> still get Destination host unreachable by both domain and ip address.
> When running an nslookup command to google I get this back:
>
> Server: ns1.swvoice.com.au
> Address: 192.168.1.252
>
> DNS request timed out.
> timeout was 2 seconds.
Above part doesn't matter much for most checking as LONG
AS YOU get results below to the ACTUAL question:
> Non-authoritative answer:Addresses: 72.14.203.104, 72.14.203.99
> Aliases: www.google.com
Make sure you do NOT have the ISP listed on the "client
NIC settings" (above you indicated only the internal Server
was there and that is CORRECT.)
You can always test with NSLookup SPECIFICALLY by
providing a DNS server to check:
nslookup www.google.com 192.168.1.252
nslookup www.google.com IP.Address.ISP.DNSServer
You can also use the "-time=10" (or whatever) to avoid
simple timeout errors:
nslookup -time=10 www.google.com IP.Address.ISP.DNSServer
If the first one works you don't really need the second one
probably but it the first fails you are proving whether or
not you can even get DNS packets out/back through any
firewalls/routing.
> Just wondering is everything set up correctly or is it just me? I have
> provided the domain registar ns1.swvoice.com.au for the DNS server.
How did you do that? The address you used above is PRIVATE
so NO ONE on the Internet will be able to route to it with that
address?
swvoice.com.au is not properly registered ON the Internet
(with the parent zone com.au), as far as I can tell (i.e.):
nslookup -time=20 swvoice.com.au 4.2.2.1
..or by checking http://www.dnsreport.com/
DNSReport is probably the best way a newcomer to DNS
can check PUBLIC DNS functionality.
Generally you should have the PUBLIC DNS at the registar....
> Any help and I would be very pleased.
Work through the above and ask us more questions.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]