Configure Windows 2003 Active Directory to Use Cornell's DNS Servers
This article applies to: DNS
Follow these steps to integrate the Windows 2000/2003 Active Directory domains with Cornell's DNS servers while still supporting the Dynamic DNS capability needed for Active Directory to function properly.
The System Admin has to run local DNS server(s) under Windows on their domain controllers to handle the SRV records. This Active Directory DNS server should be configured as the authoritative server for the domain and the Windows Domain Controllers will use this for dynamic updates of the SRV records.
The CIT DNS servers will still be the primary server for the domain and will delegate the SRV record zones to the Windows DNS server. Therefore, all clients should use CIT's DNS server for their name resolutions. CIT will not delegate out the whole Active Directory domain since all hosts need to be registered in DNSDB (aka Network Registry).
Configure DNS for Active Directory Domains
Install and configure DNS service on at least one Windows Domain Controller. For specifics on configuring DNS service, see Configure DNS server on a Windows Domain Controller.
Note: If you don't already have Active Directory running on the server, during the Active Directory install process via DCPromo, select No, I will install and configure DNS myself.
Reconfigure the preferred DNS IP address on the domain controllers to point to the local DNS server's IP address. If you have a secondary DNS server in your domain, use the Active Directory server as the Alternate DNS server. Click the Register this connection's addresses in DNS. It should be checked on.
button and select the tab and check
- On each domain controller, restart the Net Logon service from Administrative Tools --> Services. Then open a command prompt (cmd.exe) and execute this command: ipconfig /registerdns. These steps will register DNS records to the local DNS server.
From the Administrative Tools, select Forward Lookup Zones folder and check for presence of records under your domain. You should see _MSDCS, _SITES, _TCP and _UDP folders and SRV records under these folders.
. Expand the DNS server's
Once these records show up under the local DNS server, go to http://dnsdb.cit.cornell.edu/dnsdb-cgi/domain.pl, select your domain and assign your DNS server(s) for your SRV record zones. Your DNS server(s) should be added in the section titled Windows DNS Servers for SRV records for .cornell.edu. In this example, the Windows Server running DNS service is named flamenco.mydomain.cornell.edu.
- Configure all the other machines in your domain (non-domain controllers such as desktops, laptops, other network devices) to use CIT's DNS servers: 220.127.116.11, 18.104.22.168, 22.214.171.124 etc.
- Install Domain Name System (DNS) under Networking Services from Add/Remove Windows Components under Add/Remove Programs in the Control Panel.
- Select Administrative Tools. Right click on the server name and choose Configure the Server. Click . from
- Right click on server name, and select Configure a DNS server. Create next at the wizard.
- At the next screen, select Create a forward lookup zone. Click .
- Choose This server maintains the zone, and click .
- Type the name of your zone, for example, mydomain.cornell.edu.
- Select Allow both non-secure and secure dynamic updates. Press .
- On the Forwarders page, select No, it should not forward queries.
- Click .
Disable Dynamic Updates on Non-domain Controllers
For machines that do not need to send dynamic updates, such as a stand-alone server that is not a Domain Controller, a web server, it might be desirable to turn off automatic DNS updates.
- Go to the TCP/IP properties in Network Control Panel.
- Click Advanced and then click the DNS tab.
At the bottom of the page, clear the checkbox labeled Register this connection's address in DNS.
This will also prevent unnecessary error messages from getting logged in Event Viewer on those machines that do not have their IP addresses registered for dynamic update.