Skip to main content

Configure Windows 2003 Active Directory to Use Cornell's DNS Servers

This article applies to: DNS


This procedure is only used if you are running your own Active Directory server. 

Follow these steps to integrate the Windows 2000/2003 Active Directory domains with Cornell's DNS servers while still supporting the Dynamic DNS capability needed for Active Directory to function properly.

The System Admin has to run local DNS server(s) under Windows on their domain controllers to handle the SRV records. This Active Directory DNS server should be configured as the authoritative server for the domain and the Windows Domain Controllers will use this for dynamic updates of the SRV records. 

The CIT DNS servers will still be the primary server for the domain and will delegate the SRV record zones to the Windows DNS server. Therefore, all clients should use CIT's DNS server for their name resolutions. CIT will not delegate out the whole Active Directory domain since all hosts need to be registered in DNSDB (aka Network Registry).

Configure DNS for Active Directory Domains 

  1. Install and configure DNS service on at least one Windows Domain Controller. For specifics on configuring DNS service, see Configure DNS server on a Windows Domain Controller.
    Note: If you don't already have Active Directory running on the server, during the Active Directory install process via DCPromo, select No, I will install and configure DNS myself.
  2. Reconfigure the preferred DNS IP address on the domain controllers to point to the local DNS server's IP address. If you have a secondary DNS server in your domain, use the Active Directory server as the Alternate DNS server. Click the Advanced button and select the DNS tab and check Register this connection's addresses in DNS. It should be checked on.


     
  3. On each domain controller, restart the Net Logon service from Administrative Tools --> Services. Then open a command prompt (cmd.exe) and execute this command: ipconfig /registerdns. These steps will register DNS records to the local DNS server.
  4. From the Administrative Tools, select DNS. Expand the DNS server's Forward Lookup Zones folder and check for presence of records under your domain. You should see _MSDCS, _SITES, _TCP and _UDP folders and SRV records under these folders.


     
  5. Once these records show up under the local DNS server, go to http://dnsdb.cit.cornell.edu/dnsdb-cgi/domain.pl, select your domain and assign your DNS server(s) for your SRV record zones. Your DNS server(s) should be added in the section titled Windows DNS Servers for SRV records for .cornell.edu. In this example, the Windows Server running DNS service is named flamenco.mydomain.cornell.edu.


     
  6. Configure all the other machines in your domain (non-domain controllers such as desktops, laptops, other network devices) to use CIT's DNS servers: 132.236.56.250, 128.253.180.2, 192.35.82.50 etc.

Configure DNS services on a Windows Domain Controller: Windows Server 2003

  1. Install Domain Name System (DNS) under Networking Services from Add/Remove Windows Components under Add/Remove Programs in the Control Panel.
  2. Select DNS from Administrative Tools. Right click on the server name and choose Configure the Server. Click Next.
  3. Right click on server name, and select Configure a DNS server. Create next at the wizard.
  4. At the next screen, select Create a forward lookup zone. Click Next.
  5. Choose This server maintains the zone, and click Next.
  6. Type the name of your zone, for example, mydomain.cornell.edu.
  7. Select Allow both non-secure and secure dynamic updates. Press Next.
  8. On the Forwarders page, select No, it should not forward queries.
  9. Click Finish.

Disable Dynamic Updates on Non-domain Controllers

For machines that do not need to send dynamic updates, such as a stand-alone server that is not a Domain Controller, a web server, it might be desirable to turn off automatic DNS updates. 

  1. Go to the TCP/IP properties in Network Control Panel.
  2. Click Advanced and then click the DNS tab.
  3. At the bottom of the page, clear the checkbox labeled Register this connection's address in DNS.


     

This will also prevent unnecessary error messages from getting logged in Event Viewer on those machines that do not have their IP addresses registered for dynamic update.

You must NOT have this disabled on your domain controllers.

About this Article

Last updated: 

Friday, July 10, 2020 - 2:26pm

Audience: 

IT Professionals

Was this page helpful?

Your feedback helps improve the site.

Comments?