UC Davis Active Directory Project (05/08/2003)

 

 

DDNS Setup on Campus (Generic)

 

This document covers the setup of DDNS for use with Active Directory on campus.  It does not go into advanced features of DDNS, but only covers a basic setup that will get your Active Directory up and running.

 

Requirements for this step:

            Domain Administrator

 

 

Installation Steps

 

01] Install Active Directory | Automatic DDNS setup

02] Configure the Active Directory Integrated Forward Lookup Zone

03] Setup Active Directory as a Delegated Sub-Domain in the campus DNS

04] Troubleshooting DDNS issues

 

 

 

INSTALL ACTIVE DIRECTORY | AUTOMATIC DDNS SETUP       

 

When you promote your first domain controller for you new domain, it will prompt you to install DDNS.  Choose to let the DCPROMO wizard install DDNS for you.  This should give you a basic DDNS setup that will work for your Active Directory.

 

IMPORTANT:  Your domain controller must point to the DDNS server you setup for your domain.  In most cases, this means that in the TCP/IP settings, the first DNS server listed will be the IP address of the domain controller itself.  Also, you should check the box for Register this connection’s address in DNS.

 

If you wish to have a delegated DNS sub-domain (see below), you need to name your domain <domain>.ucdavis.edu.

 

 

CONFIGURE THE ACTIVE DIRECTORY INTEGRATED FORWARD LOOKUP ZONE

 

01] Logon onto the machine as a Domain Administrator.  Once you have logged in, open the DNS management console, or open a new MMC consoler, and add the DNS plug-in.

 

                       

 

02] Select the Forward Lookup Zone folder.  INFORMATION:  A forward lookup zone is used to lookup an ip address given the hostname of the computer.  Windows 2000 Active Directory also uses these zones to hold service information, such as Kerberos servers, and domain controllers.

 

                       

 

03] At this point, we are going to create a new forward lookup zone.  If you already have a forward lookup zone for your Active Directory, skip to the next step.

 

Right-click, and choose New Zone….

 

                       

 

            The New Zone Wizard will begin.  Press the Next button.

 

                       

 

            Select Active Directory-integrated for the Zone Type.

 

                       

 

For the Zone Name, enter the Fully Qualified Domain Name for your domain.  This will likely be something like <domain>.ucdavis.edu.

 

                       

 

            You are now done.  Press Finish to complete the wizard.

 

                       

 

04] Select the new zone, right-click and choose Properties.

 

                       

 

05] Under the General tab, look at the type of the zone.  For our purposes, we will be using an Active Directory-integrated zone.  This will replicate the forward lookup zone between DNS servers running in this mode in the active directory.  Make sure the Allow dynamic updates? box is set to Only secure updates.  This will prevent computer not in your active directory from writing entries in your DNS.

 

                       

 

06] Under the Name Servers tab you should see the name of each of the DNS servers running in Active Directory-integrated mode in your domain.  If you machine is multi-homed (More them one NIC, more then one IP), make sure to enter all of the addresses for the servers here.  Hit OK when you are done.

 

                       

 

07] Now, right-click on the server name and choose Properties.

 

                       

 

08] Under the Interfaces tab, select All UP addresses.  The DNS server will listen on all available IP addresses.

 

                       

 

09] On the Forwarders tab, select Enable forwarders.  Now enter the campus DNS server addresses and hit Add after each one.  INFORMATION: Forwarders will forwards DNS requests that the server does not know how to handle.  If you do not have forwarders, then when a request for something outside your domain occurs, the lookup will fail.

 

                       

 

10] Now we are done configuring our DDNS server.  We need to register the computer information in the server.  Open a command prompt by typing cmd into the Run window (Start | Run).

 

                       

 

11] Type in ipconfig /registerdns at the command prompt.  This will force the computer to register itself in the DDNS.

 

                       

 

12] After a short time (up to 15 minutes), the forward lookup zone should contain entries for the server and the domain (See Image).

 

                       

 

 

 

SETUP ACTIVE DIRECTORY AS A DELEGATED SUB-DOMAIN IN THE CAMPUS DNS

 

If you want your Active Directory domain to be reachable from outside of your domain, you will need to setup your DNS as a delegated DNS sub-domain.  This will allow anyone doing a nslookup of <your domain>.ucdavis.edu to see the ip-addresses. 

 

01] Make sure you use the syntax <domain>.ucdavis.edu for your domain name.

 

02] Send an email to hostclerk@ucdavis.edu requesting a DNS sub-domain.  Include your information (name, email, phone, etc..), the name of the domain, and the IP addresses of the DDNS servers for your domain.

 

 

 

TROUBLESHOOTING DDNS ISSUES

 

For troubleshooting, http://www.microsoft.com/ or http://www.eventid.net/  both offer good information.  You can also contact the TSP-Share email list ( tsp-share@ucdavis.edu ) or contact Desktop Enterprise Solutions ( http://desktop.ucdavis.edu ).