DNS Service

On the server that is hosting or will host DNS, first ensure that the DNS service is
installed:

Click Start, point to Programs, point to Administrative Tools, and then

click DNS to start the DNS Server console.

If the DNS shortcut does not appear on the Start menu, you must install the DNS service.
If it is already installed, skip to the Forward Lookup Zones

Install the DNS Service on an existing Windows 2000 Server-based computer:

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove Windows
Components.
3. In the Windows Component Wizard, click Networking Services in the
Components box, and then click Details.
4. In the Networking Services dialog box, click to select the Domain Name
System (DNS) check box if it is not already selected, and then click OK.
5. In the Windows Components Wizard, click Next to start Windows 2000 Setup.
Insert the Windows 2000 Server installation CD-ROM into the CD drive if you are
prompted to do so. Setup copies the DNS service and tool files to your computer.
6. When Setup is complete, click Finish.

Forward Lookup Zones

After we know that the DNS service is installed on your DNS server, ensure that you
have the appropriate forward lookup zone(s) configured.

On your internal DNS server (that you selected in step I)

1. Click Start, point to Programs, point to Administrative Tools, and then click
DNS to start the DNS Server console.
2. Under DNS, expand "<Server name>" (where <Server name> is the host name
of the DNS server).
3. Expand Forward Lookup Zones.

If a forward lookup zone does not appear with a name that matches the domain name,
you must continue to the Create a New Forward Lookup Zone section. If the
zone already exists, skip to the Configuring Forward Lookup Zone Properties
section.

Create a new forward lookup zone:

This process guides you through the creation of a forward lookup zone for your Active
Directory namespace.
 1. Start the DNS snap-in. To do so, click Start, point to Programs, point to
Administrative Tools, and then click DNS.
2. Under DNS, expand "<Server name>" (where <Server name> is the host name
of the DNS server).
3. Expand Forward Lookup Zones.
4. Right-click Forward Lookup Zones, and then click New Zone. The New Zone
Wizard starts. Click Next to continue.
5. Click Standard primary, and then click Next.
6. In the Name box, type your domain name. For example, type “corp.contoso.com”
(without the quotation marks), and then click Next.

NOTE: This should be the same as the domain name that you noted
in the Network Identification tab of the properties of My Computer
on the domain controller.

7. On the Zone File page, click Next, and then click Finish.

Configuring the Forward Lookup Zone Properties

This process guides you through enabling dynamic updates for the zone.

1. Start the DNS snap-in. To do so, click Start, point to Programs, point to
Administrative Tools, and then click DNS.
2. Under DNS, expand "<Server name>" (where <Server name> is the host name
of the DNS server).
3. Expand Forward Lookup Zones.
4. Under Forward Lookup Zones, right-click the zone with the name of your
domain (for example, "corp.contoso.com"), and then click Properties.
5. In the Allow dynamic updates box, click Yes.
6. Click Apply, and then click OK.

Resource Record Registration

On your internal DNS server (that you selected in step 1)

1. Click Start, point to Programs, click Administrative Tools, and then click DNS
to start the DNS Server console.
2. Under DNS, expand "<Server name>" (where <Server name> is the host name
of the DNS server).
3. Expand Forward Lookup Zones.
4.Expand the zone with the name of your domain name (for example
"corp.contoso.com")
5.Examine the records in the right pane. You must have at least the following
entries:

Resource Records

SOA
Points to the Primary DNS Server(s). If you created
the zone by using the instructions in this document, it
 will point to the name of the server that you are
configuring.
NS
Points to the DNS Server(s) that host the zone. If you
created the zone by using the instructions in this
document, it will only point to the name of the server
that you are configuring.
A
Each domain controller should have registered a
single host (A) record for their hostname that points
to their IP address.
*If multiple records are registered, delete any
incorrect or outdated entries.
**If the domain controller is multi-homed, you must
fully understand all of the ramifications of multi-
homed domain controllers before you continue. For
more information about multi-homed domain
controllers, see the "Multi-homed Domain Controllers"
section of this article.

SRV Record "Subfolders"

Each of the following "subfolders" must be present in

the DNS zone. There will be DNS Service (SRV)
records in these "subfolders".
_MSDCS
_SITES
_TCP
_UDP

Domain Controller DNS Client Configuration and Registration

An Active Directory domain controller must have its TCP/IP settings configured properly
to register its services for the domain. TCP/IP settings on Active Directory members
(workstations, servers, and domain controllers) must be configured to point to a DNS
server that is hosting DNS for the domain namespace.

To view the current IP configuration, type ipconfig /all at a command prompt and then
press ENTER to display the details.

If the domain controller is not already configured to point to the DNS server that you
have chosen earlier in this document, you must modify the DNS configuration so that it
matches.

To modify the DNS configuration:

1. Right-click My Network Places, and then click Properties.

2. Right-click Local Area Connection, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then click the DNS tab. Configure the DNS information as:
 1. Configure the DNS server addresses to point to the DNS server that you
configured in the previous steps.

The DNS server can be the domain controller’s own IP address. This is most
likely to happen if it is the first server or if no dedicated DNS server will be
configured.
2. Verify that the Register this connection's addresses in DNS check box
is selected.
5.Purge the cache and force the registration of the host (A) records. At a command
prompt, type the following commands, pressing ENTER after each command:

 ipconfig /flushdns
 ipconfig /registerdns
If the ipconfig /registerdns command generates the following error message

Error: The system cannot find the file specified.

: Refreshing DNS names

start and enable the DHCP Client service on this computer, and then run the
ipconfig /registerdns command again.

 Restart the Netlogon service to register the SRV records. At a command

prompt, type the following commands, pressing ENTER after each command:
 net stop netlogon
 net start netlogon
 Verify that the host (A) record and SRV "subfolders" appear in the DNS
forward lookup zone that you created or verified earlier in this document. You can
use the F5 key to refresh the DNS Server tool's view of the database.

If the records do not appear as you expect, review and then double check the DNS Server
settings on the DNS server that you configured or verified earlier. Also review and
double check the DNS client settings. After any change in client or server settings, force
the re-registration, and then check the registration with the preceding steps.

III. Ensure that the "Client" Computer

Points to this DNS Server for DNS
Resolution
Workstation or Server DNS Client Configuration and Registration

Windows 2000 and Windows XP clients in an Active Directory domain must have its
TCP/IP settings configured properly to find the registered domain services that are
provided by the Active Directory domain controllers. TCP/IP settings on Active
Directory members (workstations, servers, and domain controllers) must be configured to
point to a DNS server that is hosting DNS for the domain namespace.

To view the current IP configuration, type ipconfig /all at a command prompt and then
press ENTER to display the details. To modify the DNS configuration:
 1. Right-click My Network Places, and then click Properties.
2. Right-click Local Area Connection, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then click the DNS tab. Configure the DNS server addresses
to point to the DNS server that you configured in previous steps.
5. Force the registration of the host (A) records. At a command prompt, type
ipconfig /flushdns and then press ENTER to purge the DNS resolver cache. Type
ipconfig /registerdns and then press ENTER to register the DNS resource records.

If the ipconfig /registerdns command generates the following error message

Error: The system cannot find the file specified. :

Refreshing DNS names

start and turn on the DHCP Client service on this computer, and then run the
ipconfig /registerdns command again.

IV. Test and Verify DNS Resolution

1. Refresh the view (press F5) in the DNS Management console. The Active Directory
DNS records are then listed. If they do not appear after you refresh the view, check
the settings, and then repeat the preceding steps. See the Resource Record
Registration section for information about how to verify that the records exist.
2.Retry the domain join operation.

V. (Optional) Troubleshoot External DNS

Resolution
To enable resolution for DNS names that are outside of your Active Directory
namespace, see Configuring DNS External (Internet) Resolution.

Conclusion
Once you have verified that internal and external DNS resolution work and the Domain
Join Operation succeeds, you should consider evaluating your DNS design.

There are many possible working designs. For best practices and design examples, see
the "Best Practice Active Directory Design for Managing Windows Networks" section in
the Additional Resources at the end of at the end of this document.

If you are still having difficulties with your Active Directory domain after following the
processes in this article and verifying that your DNS configuration is correct, please refer
to:

Q260371 Troubleshooting