· If the server is the first domain controller that you installed in the domain, and the server runs DNS, configure the DNS client settings to point to that first server's IP address. Do not list any other DNS server.
· Configure additional domain controllers that have DNS installed to
point to the first domain controller that was installed in the domain and that
runs DNS. Configure these additional domain controllers to point to themselves
as secondary.
· Do not configure the DNS client settings on the domain controllers
to point to your Internet Service Provider's (ISP's) DNS servers . If you configure
the DNS client settings to point to your ISP's DNS servers, the Netlogon service
on the domain controllers does not register the correct records for the Active
Directory directory service . With these records, other domain controllers and
computers can find Active Directory-related information . The domain controller
must register its records with its own DNS server .
· To forward external DNS requests, add the ISP's DNS servers as DNS
forwarders in the DNS management console. If you do not configure forwarders,
use the default root hints servers. In both cases, if you want the internal
DNS server to forward to an Internet DNS server, you also must delete the root
"." (also known as "dot") zone in the DNS management console
in the Forward Lookup Zones folder.
· ..For each additional server running DNS added to your domain, the
preferred DNS IP address is the parent DNS IP address. The IP address of the
added server running DNS is placed in the Alternate IP Address text box.
· ..During AD installation and setup, if you created a domain name with a (domain name).local extension, delete the ".(zone)" listed under Forward Lookup Zones. Otherwise, clients might have external name resolution problems on the Internet.
· If your DNS server is behind a proxy server or firewall, make sure to open UDP and TCP port 53 on the proxy server or firewall.
· If your DC is also a DNS server, make sure that your domain controller is pointing to itself for all DNS resolution. Otherwise, just make sure that it is pointing to an internal DNS server. Pointing to an ISP DNS server, for example, would result in inaccurate registered records in the Netlogon service. Your TCP/OldSite/ip network properties dialog box, in other 1 words, should list only your DNS server as the preferred DNS.
· ..If your internal and registered external domain names are the same,
make sure to add a Host (A) record and an Mail Exchange (MX) record to your
DNS server forward lookup zone. Otherwise, users will not be able to browse
your company's Internet Web site home page and related links.
The most common mistakes are:
The domain controller is not pointing to itself for DNS resolution on all network
interfaces.
The "." zone exists under forward lookup zones in DNS. As long as
the "." zone does not exist under forward lookup zones in DNS, the
DNS service uses the root hint servers. The root hint servers are well-known
servers on the Internet that help all DNS servers resolve name queries.
Other computers on the local area network (LAN) do not point to the Windows
2000 or Windows Server 2003 DNS server for DNS.
If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 domain controller running DNS. If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.
If you are able to query the ISP's DNS servers from behind the proxy server
or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query
the root hint servers. UDP and TCP Port 53 should be open on the proxy server
or firewall