Dns

[DarcyWood]

Hello,

I have a concern with a win 08 AD DNS server I have just set up, I can't access iis, exchange, vnc, or any local service from the internet but I have lan access, also my exchange and iis servers can access the local sql servers. I can access any local service only from a local system.

my forwards to my isp's dns servers work fine.
The setup looks like this

Internet:
Fortinet 60m: internal=192.168.0.1 no dhcp server
swich:
DNS: 192.168.0.1 and 192.168.0.254 to the switch
iis1: 192.168.0.20
iis2: 192.168.0.21
iis3: 192.168.0.22
exchange: 192.168.0.120
sql: for exchange1 192.168.0.140
sql2: "iis2" site 192.168.0.141
storage 192.168.0.130
dlink dir615: 192.160.0.3
Storage: 192.168.0.131
PC: 192.168.0.110
PC: 192.168.0.111
PC: 192.168.0.112
all servers are set to look for the dns at 192.168.0.2 and gateway at 102.168.0.1
systems under the dlink hit 192.168.1.1 for gateway and 192.168.0.2 for the dns

when I look on the fortinet its only showing the dns server on 192.168.0.254
I have 2 Ethernet cable from the dns server to the switch its not managed

all traffic from the net is froward to the dns server on 192.168.0.254 internet>fortinet>swich>servers>dlink>personal systems and more storage

 

[YeOldeStonecat]

What LAN IP address is your domain controller? The common approach is to have all member servers and workstation clients use the LAN IP address of your DC as their one and only DNS server. The DC looks at itself for its DNS also.

Under DNS forwarding you can choose which public DNS servers to pull from, either the root servers, your ISPs DNS servers, or my preference...I have mine and all clients servers forwarding to OpenDNSs servers for an added layer of protection.

 

[DarcyWood]

the dns server has 2 lan ips "192.168.0.2 and 192.168.0.254"
all the servers on the swich are pointing to 192.168.0.2 for dns and 192.168.0.1 for a gatweay there is a router "192.168.0.1" on that same swich thats connected to my modem. for queries my dns cant resolve it points to my isp's dns servers.

from what your saying I am to have all of the internal ip's under one dns using the same lan address say 192.168.0.2 for each server and the dns? do I then conect to my router with that same ip?

do I remove all my port forwarding on my router from individual servers to the dns server and change their gateway to the dns server also? or would it be best to put it in a dmz and point all traffic to it?

if I remove my individual ip addresses from my sql servers I will have to use the fqdn in place of the ip address?

I have done a ton of reading and playing with the dns I really never wanted to do this but with the new servers I am deploying everything I am reading is saying I will need a ADDNS server. Problem is its not even a little close to port forwards and virtual server forwards. my forward lookup zone is a dungeon of files and folders I am having problems understanding.