For starters, you should probably review the DNS discussion I had in the Preparation section...I'm going to be a little light on explanation here. But this is how to set up your server to run DNS in order to later run Active Directory (that is, be a Domain Controller).
First, you need to give your server a static IP address - click the "Configure Networking" link in the "Initial Server Configuration" window and a new screen will open up with all your network cards in it. Right-click your NIC and choose "Properties". Now highlight the Internet Protocol Version 4 (TCP/IP v4) item and click the "Properties" button. Fill in your static IP address, subnet mask and default gateway, then point the primary DNS server to the same address as your static IP address with no secondary DNS server.
If you try to go to any websites, you'll probably notice that you can't seem to get there - all the domains cannot be found. No worries, we're about to fix that.
In the "Initial Server Configuration" window, click "Add Role". Read through the first window, then you can probably check "Don't show this again" and continue. The role you want to add first is "DNS Server". Once that's done, your browser will be able to find all your websites again (but seriously, don't make it a habit of surfing on your server).
Now, click Start, expand "Administrative Tools" and open "DNS"
At the top of the tree on the left side, you'll see your server. Expand that (if it's not already) and you'll see, among other items, "Forward Lookup". Highlight that, then right-click it and choose "New Zone".
In the wizard that opens, it's first going to ask for the type of zone. We're going to set up a Primary Zone (that is, the "root" of your domain). When it asks for the zone itself, give it the same domain name as you'll use for your network, including .com or .local or whatever. It will prompt you to name the new file for storing the configuration, the default name should be fine.
Now it will prompt you if you want to allow dynamic updates or not. This can be a nice feature if you want it, but it's totally optional. If you allow dynamic updates, then whenever one of the computers on your network gets assigned an IP address, it will log that address in to your DNS server automatically. That way, if your domain is companyname.com and Bob's computer is named "bob", you know that, from within your network, you'll always be able to get to his computer by using the address "bob.companyname.com".
The wizard will warn you that there's a security risk in allowing both secure and non-secure dynamic updates, but we'll fix that once we're running a real domain, so just ignore the warning for now and allow the updates. Click "Finish" to close the wizard.
Great. Now when you go to create your domain, your server will be asking itself for permission, which it will grant. You've just nipped the biggest headache with domains in the bud!
Now, if you've read my "Ahead-of-time Preparations" entry about DNS Configuration, you know that if your website and/or e-mail addresses are the same name as your network domain (and the DNS zone you just set up), you're the only person in the world who can't communicate with those servers. Ironic, huh? Fortunately, it's an easy fix.
You need to get the DNS entries on the "real" nameserver for that public domain, and copy them into your private DNS server configuration. The big ones to look for are, of course, www and any MX-type records (which are the e-mail servers).
You don't have to copy any SOA records, but all the "A" type records, "CNAME" type records (www should be one of these) and "MX" type records are going to be the important records to copy. Note that, when setting records on the root of the domain itself (mostly the "A" type records), you just leave the "Name" field blank.
No comments:
Post a Comment