Setting up an internal DNS server
I have three Windows 2000 servers that will be in the domain. Presently they are workgroup servers. I am going to convert to Active Directory and need to set up DNS. The fourth server is a Web server (has DNS installed) that sits off the DMZ (de-militarized zone) and is named CompanyName.net (not the real name). When I set up the internal DNS and Active Directory, should I use the same domain name with server name "ServerName.CompanyName.net," or should I create another domain for the internal network? Is there anything special to watch out for in DCPROMO? I am assuming that I need to have DNS set up first, then run DCPROMO.
Generally, you will want to set up DNS first and then run DCPROMO. Of course, DCPROMO will run the DNS setup if it cannot find an appropriate DNS server. Typically, you do not want this to happen. As for the name of the DNS zone -? it is really up to you. Creating another name for the internal network generally keeps things a little cleaner and adds to security.
If you have Exchange servers on the internal network, you will have a slight additional amount of work to do for the Exchange. This is nothing huge, just a little adjustment for the fact that the Exchange server is not sitting in the same domain that is publicly addressable.
Also, I'm assuming that you will not want your Web server to be part of the internal domain. This is fairly typically as you generally do not want the DMZ machines to have access to internal resources. If you are going to use the DMZ Web server as the DNS server, you will want to make sure that the traffic from the systems is permitted. It may be more secure to have a separate DNS server that is serving the internal customers. But the one in the DMZ will work.
This was first published in December 2002