Ask the Expert

Setting up an internal DNS server

I have three Windows 2000 servers that will be in the domain. Presently they are workgroup servers. I am going to convert to Active Directory and need to set up DNS. The fourth server is a Web server (has DNS installed) that sits off the DMZ (de-militarized zone) and is named (not the real name). When I set up the internal DNS and Active Directory, should I use the same domain name with server name "," or should I create another domain for the internal network? Is there anything special to watch out for in DCPROMO? I am assuming that I need to have DNS set up first, then run DCPROMO.

Requires Free Membership to View

Generally, you will want to set up DNS first and then run DCPROMO. Of course, DCPROMO will run the DNS setup if it cannot find an appropriate DNS server. Typically, you do not want this to happen. As for the name of the DNS zone -? it is really up to you. Creating another name for the internal network generally keeps things a little cleaner and adds to security.

If you have Exchange servers on the internal network, you will have a slight additional amount of work to do for the Exchange. This is nothing huge, just a little adjustment for the fact that the Exchange server is not sitting in the same domain that is publicly addressable.

Also, I'm assuming that you will not want your Web server to be part of the internal domain. This is fairly typically as you generally do not want the DMZ machines to have access to internal resources. If you are going to use the DMZ Web server as the DNS server, you will want to make sure that the traffic from the systems is permitted. It may be more secure to have a separate DNS server that is serving the internal customers. But the one in the DMZ will work.

This was first published in December 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: