setting up a DC with ddns?

[tobe1424]

So I just promoted a 2008 standard server to a DC. I am a newbie when it comes to DNS configuration. I am setting a up a DC for a company that owns a domain name but since they don't want to pay an extra dime for a static IP block, their IT manager requested to configure it with a DDNS service like dyndns.com

She want to be able to manage the DC remotely. Is this feasible?

I am also having issues joining clients to the domain. I receive a message stating " the domain controller for the domain hq.linkfrastructure.com could not be contacted"...


I know these are like baby steps but desperately need help. Any feedback would be highly appreciated.

[tobe1424]

Just to remind you that they are using a hosting service. They just want to have an additional DC at office for testing and educational functions.

Thanks

[YeOldeStonecat]

What is the setup of the network, including the router/firewall at the edge?

[tobe1424]

thanks for a response.

Nothing robust.. just an all in one netopia modem/router/switch to the client computers and server. I happen to also have the same setup at home but I don't mind paying extra for a static IP or a block. How would I proceed in either scenario? thanks again.

[YeOldeStonecat]

Well, when you say clients cannot connect to the domain...they MUST be using the IP address of the DC when you're trying to join the domain.
Lets say the servers LAN IP is 192.168.1.11, workstations should be getting it and ONLY it for the DNS server via DHCP. Hopefully you have DHCP running from the DC?
I'm assuming the DC is local..onsite, on this network?
The internet connection type from your ISP is totally irrelevant of this. Which raises the question, for what purpose do you want a static IP account from your ISP? E-Mail?

[tobe1424]

I have not enabled DHCP on the server. I will give that a shot. However the one particular machine that I was trying to join had a static IP. Would that matter?

The manager wants to be able to manage permissions and just access the server from where ever she is. That is why I thought we might need a static IP. Any other remedies?

[YeOldeStonecat]

First...separate your ISP connection...be it static or dynamic, from your internal network and its static or dynamic.

Now..lets assume that your Netopia router has a LAN IP address of 192.168.1.254, subnet mask of 255.255.255.0
And your DC has an IP of 192.168.1.11
Now you have a workstation that for some reason was setup static, lets say it's 192.168.1.100, subnet of 192.168.1.254, it must..MUST..have its DNS server set to 192.168.1.11.

I'm going to guess that your router is running DHCP, and that it's handing out itself for DNS...or your ISPs DNS server. No wonder the workstation cannot find your DC!!!

Now, if your support person wants to remote access your server...there are tons of choices....many don't even need anything done to your firewall or don't require you to know the public IP address from your ISP. Services like LogMeIn...which has a free version. Or..setup a dynamic dns service, forward port 3389 to the server (pinhole in Netopia terms)...and your remote access will be done by typing in whatever DNS alias you give your account into MSTSC

[tobe1424]

Cool. Thanks for the options...

I do have the workstation static DNS pointing towards the servers IP. I'm still disabling DHCP correct? By separating the ISP connection from internal LAN do you mean adding another device such as a router?

I am also having trouble setting up the DNS forwarding and reverse lookup and all those peripherals. How should they be configured?

Thanks a million for the feedback.

[YeOldeStonecat]

You don't need to disable DHCP if you want to assign static IPs to some workstations, just make sure you use IPs for the statics that are outside of the DHCP pool.

Is the server multi-homed or single NIC?
I'm assuming that your Netopia is running NAT and your LAN has a private IP range.

[tobe1424]

Single NIC. And yes NATing with a private IP range. I just tried enabling DHCP and when I tried to validate the DNS during the process I receive a message saying that the server is not authoritative for the zone. I'm not sure what other things I should configure. Could it be the host records and PTR that is not configured right?

Again I am a newbie at DNS so my apologies for driving anyone nuts.

[YeOldeStonecat]

Right click and make it authoritative...that's normal. Make sure routers DHCP is disabled first, Windows DHCP service won't start if it detects another DHCP service on the network.

Is the server using itself..and nothing else...for DNS, in TCP properties?

[tobe1424]

That is correct. How ever I still get a message saying the domain controller can't be contacted when trying to join a client.

Do you think my resource records could be incorrect?

Thanks,
-Rob

[tobe1424]

What do u mean by right click and make it authoritative?

[YeOldeStonecat]

That is correct. How ever I still get a message saying the domain controller can't be contacted when trying to join a client.

Do you think my resource records could be incorrect?

Thanks,
-Rob

I would check even viewer on the server for problems..and I would see if the DNS lookup zones appear to be populated. Possibly DNS service isn't working or it's tanked somehow.

[YeOldeStonecat]

What do u mean by right click and make it authoritative?

DHCP manager...actually maybe it's not a right click..but in the File drop down menu of MMC for DHCP.

[tobe1424]

I think the issue was resolved. I was using an internet top level domain name that wasn't registered. How I created an internal one lfras.lab. Is this still accessible by creating a DDNS account creating the NAT rule(pin hole) and just RDP into the server to manage it?

thanks again.

[tobe1424]

...got that working too..it only works with the IP. I guess the reverse lookup zone needs to be configured?

[tobe1424]

Never mind. Everything is working. Thanks for all the help.

-Rob