Announcement

Collapse
No announcement yet.

Setting for AD and DNS(Only Local IP) for internet connection

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting for AD and DNS(Only Local IP) for internet connection

    Hi everyone,

    We have a domain controller for Local Active directory with local IP (192.168.60.1), and both DNS, DHCP and AD are on that same single machine.

    But we have an internet line from ISP and we connect that via a router (Belkin).
    WAN (10.255.x.x)
    LAN (192.168.60.100)

    Prefer DNS1: 203.81.1.1
    Prefer DNS1: 203.81.1.2

    Please advise us, how is the best setting for our AD, DNS, and DHCP for both internet and non-internet users.

    I mean which parts we should check and set on AD, DNS and DHCP for the best local domain connection and Internet browsing.

    And also how should I assign for Client who will use internet

    Thank for your valued advice.

    Regards,
    Victor

  • #2
    Re: Setting for AD and DNS(Only Local IP) for internet connection

    Depends on how many clients you have.

    My network only has 30 clients, and Internet access is set up the same as yours.

    For those that require Internet access, I have set up a DHCP scope and configured it so that DNS points to the Domain Controller(s), and the gateway points to the router.

    For those clients that should not connect to the Internet (in my case, just one), I manually configure them with a static IP address and leave the Gateway entry blank.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: (Help me urgent) Setting for AD and DNS(Only Local IP) for internet connection

      Hi friend,

      Thank for your reply.

      I have around 60 client, and only management pc will use internet. Other else office users are not allowed.

      I'm sure , fixed ip is not OK for me.

      Now I setting the class id of DHCP for internet users:
      and then I set the scope options for that class, I set as follow:

      Router(gateway) :192.168.60.100
      DNS is 192.168.60.1 (our AD, DNS, DHCP Server address), and 203.81.1.1 & 2 (DNS from ISP)

      and then my internet clients are show ip as follow:
      IP: 192.168.60.22
      Subnet 24
      Gateway 192.168.60.100
      DNS 192.168.60.1, 203.81.1.1, 203.81.1.2
      class internet

      Local is OK but internet connection is very slow. I already , forwarder IP in DNS server as follow:
      203.81.1.1
      203.81.1.2

      But still slow internet connection, I sure something wrong my setting.
      Please help me urgent

      Regards,
      Victor

      Comment


      • #4
        Re: Setting for AD and DNS(Only Local IP) for internet connection

        Take the ISP DNS entries out of your settings. They are only needed by the router. Your clients only need the address of the DNS server (your domain controller).
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Setting for AD and DNS(Only Local IP) for internet connection

          Hello Blood,

          Thank you so much for your prompt reply.

          My domain controller is only with local IP. (Not with internet IP).
          If so,
          do I have to remove from client setting the two prefer DNS (from ISP)?

          Please reply your valued advice.

          one thing I also configure my Domain Controller IP as follow (Manual assigned):
          192.168.60.1
          24
          192.168.60.100(GW)
          192.168.60.1(Prefer DNS)
          203.81.1.1(Prefer DNS2)
          203.81.1.3(Prefer DNS3)

          Please advise me, it's also correct?


          Thank
          Victor

          Comment


          • #6
            Re: Setting for AD and DNS(Only Local IP) for internet connection

            Sorry One thing left to mention

            When I check dnslookup from client.

            it's fail.
            (neither show local DNS nor ISP DNS)

            it's normal or something wrong with my DNS server setting.

            Please ...
            Thank
            Victor

            Comment


            • #7
              Re: Setting for AD and DNS(Only Local IP) for internet connection

              Your router handles the Internet connections (non local DNS requests), and your domain controller handles domain requests (local DNS requests). Therefore, your clients, including your domain controller should only have the domain controller's IP address listed in the preferred DNS settings. The ISP DNS addresses should not appear at all.

              When a client makes a DNS request for a non-local address (an external address), the domain controller responds that it is unable to deal with that and the request is passed through the gateway. The gateway (your router) is configured with the ISP DNS server settings so external requests can be resolved via the ISP's DNS servers.

              Can you post an ipconfig /all from your domain controller and a client so we can see exactly how they are set up, please.
              A recent poll suggests that 6 out of 7 dwarfs are not happy

              Comment


              • #8
                Re: Setting for AD and DNS(Only Local IP) for internet connection

                Indeed, as Blood also mentioned, AD clients must only have AD-DNS configured. Your DC needs an internet connection for DNS.

                Gateway needs to be set to the router.

                If only some clients are allowed to have internet access, configure a DHCP reservation for those clients, and set an allow and deny list on the router. So everybody is denied, and the DC and ip's of allowed clients are allowed.
                gerth

                MCITP sa, ea & va, [email protected]

                Comment


                • #9
                  Re: Setting for AD and DNS(Only Local IP) for internet connection

                  Thank you Blood,

                  Please check my IP setting of DC.

                  +++++++++++++++++++++++++++++++++++++++++++
                  C:\>ipconfig -all

                  Windows IP Configuration

                  Host Name . . . . . . . . . . . . : MYPDC
                  Primary Dns Suffix . . . . . . . : ho.gdlan.com
                  Node Type . . . . . . . . . . . . : Hybrid
                  IP Routing Enabled. . . . . . . . : No
                  WINS Proxy Enabled. . . . . . . . : No
                  DNS Suffix Search List. . . . . . : ho.gdlan.com
                  gdlan.com

                  Ethernet adapter Local Area Connection:

                  Connection-specific DNS Suffix . :
                  Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabi
                  t Ethernet NIC
                  Physical Address. . . . . . . . . : 00-24-8C-94-C2-A7
                  DHCP Enabled. . . . . . . . . . . : No
                  IP Address. . . . . . . . . . . . : 192.168.60.1
                  Subnet Mask . . . . . . . . . . . : 255.255.255.0
                  Default Gateway . . . . . . . . . : 192.168.60.100
                  DNS Servers . . . . . . . . . . . : 192.168.60.1
                  192.168.60.100
                  203.81.1.1
                  203.81.1.2

                  ++++++++++++ END OF DC +++++++++++++++++++++++


                  Client setting...
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                  C:\>ipconfig -all

                  Windows IP Configuration

                  Host Name . . . . . . . . . . . . : MAINDS
                  Primary Dns Suffix . . . . . . . : ho.gdlan.com
                  Node Type . . . . . . . . . . . . : Unknown
                  IP Routing Enabled. . . . . . . . : No
                  WINS Proxy Enabled. . . . . . . . : No
                  DNS Suffix Search List. . . . . . : ho.gdlan.com
                  gdlan.com

                  Ethernet adapter LAN:

                  Connection-specific DNS Suffix . : ho.gdlan.com
                  Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
                  VBD Client)
                  Physical Address. . . . . . . . . : 00-18-8B-37-BB-27
                  DHCP Enabled. . . . . . . . . . . : Yes
                  Autoconfiguration Enabled . . . . : Yes
                  IP Address. . . . . . . . . . . . : 192.168.60.251
                  Subnet Mask . . . . . . . . . . . : 255.255.255.0
                  Default Gateway . . . . . . . . . : 192.168.60.100
                  192.168.60.105 (*****This is another router*****)
                  DHCP Class ID . . . . . . . . . . : internet
                  DHCP Server . . . . . . . . . . . : 192.168.60.1
                  DNS Servers . . . . . . . . . . . : 192.168.60.1
                  192.168.60.100
                  203.81.1.1
                  203.81.1.2
                  Lease Obtained. . . . . . . . . . : Wednesday, December 22, 2010 9:52:25 PM
                  Lease Expires . . . . . . . . . . : Thursday, December 23, 2010 9:52:25 PM

                  ^^^^^^^^^^^^^^^^^^ END OF CLIENT ^^^^^^^^^^^^^


                  Please kindly provide your advice, if you found any improper settings of mine.


                  Thank you for your valued time.

                  Victor

                  Comment


                  • #10
                    Re: Setting for AD and DNS(Only Local IP) for internet connection

                    As said, remove the 203.xxx addresses completely.

                    You have two gateways which is a configuration that I am not familiar with.

                    Was this working properly in the past?
                    A recent poll suggests that 6 out of 7 dwarfs are not happy

                    Comment


                    • #11
                      Re: Setting for AD and DNS(Only Local IP) for internet connection

                      Thank you Blood, I will do it now.

                      And also thank gerth...

                      As for me, there are more than 20 user for internet access and I also tested reservation, but it is complex for maintenance and also many steps for a new coming users.

                      And sometime, our business visitor wants to use the internet, and then that is another issue..(I have to do many step again...). wheeee...

                      so..if you have any other better way. please advise me.

                      Thank everyone...
                      Victor

                      Comment


                      • #12
                        Re: Setting for AD and DNS(Only Local IP) for internet connection

                        For guest users, we give them a wlan ticket that has a value of 1 day. Guest users connect to a different VLAN.
                        There are also routers, that can perform routing based on AD membership. That will safe you administrative effort.
                        gerth

                        MCITP sa, ea & va, [email protected]

                        Comment


                        • #13
                          Re: Setting for AD and DNS(Only Local IP) for internet connection

                          Hello gerth,

                          Thank for your advice and could you please show me step by step how to implement it. or any link for it.

                          Waiting for your valued reply.

                          Regards,
                          Victor

                          Comment


                          • #14
                            Re: Setting for AD and DNS(Only Local IP) for internet connection

                            Answer 2 may be what you are looking for by using GPO aimed at a custom OU to specify a bogus proxy. Guests would not be affected by the GPO because they would not, by default belong to the custom OU.

                            http://in.answers.yahoo.com/question...5111852AAhYvRe

                            and how to do it

                            http://www.stbernard.com/ip4kb/iPris...ers/IP0346.htm

                            Hope this helps
                            A recent poll suggests that 6 out of 7 dwarfs are not happy

                            Comment

                            Working...
                            X