DNS/ ISA and NIC configuration

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I just wanted to check on the configuration planned for an installation as on
testing I was getting the NETLOGON error 5774:
"Registration of the DNS record 'xxxxx._msdcs.domain.com. 600 IN CNAME
comp.domain.com.' failed with the following error"

On this server there is:
DNS serving internal perimeter domain (intdom.com)
ISA

The NICs were configured as:
external NIC had ISP dns set
internal nic had server dns set

Dns configured so that forwarders enabled to isp dns, no zone transfers and
internal and external addresses as name servers

To resolve the errors I have set the external NIC dns to be 127.0.0.1.
This appears to have stopped the problem in a test environment and browsing
from clients still ok.
So, if someone could confirm this is the correct config, I would be very
grateful.
Cheers
 
Rob said:
I just wanted to check on the configuration planned for an installation as
on
testing I was getting the NETLOGON error 5774:
"Registration of the DNS record 'xxxxx._msdcs.domain.com. 600 IN CNAME
comp.domain.com.' failed with the following error"

On this server there is:
DNS serving internal perimeter domain (intdom.com) ISA
Click to expand...

Is the server a DC? Normally only a DC would register this record.
Or is this the DNS server and you are seeing this failure due to another
(different) server failing to register?
The NICs were configured as: external NIC had ISP dns set
internal nic had server dns set
Click to expand...

A machine cannot use to different DNS "sets", even on differnt NICs.
reliably.

As an ISA machine this computer likely needs to be a domain member
and thus MUST be an INTERNAL DNS client.

Internal DNS clients must use STRICTLY INTERNAL DNS servers on
all NIC->IP Properties.
Dns configured so that forwarders enabled to isp dns, no zone transfers
and
internal and external addresses as name servers
Click to expand...

That would (almost always) be wrong.
To resolve the errors I have set the external NIC dns to be 127.0.0.1.
Click to expand...

That or the actual (internal) IP would work better.

If the external NIC is "DHCP assigned" then you first remember the ISP
DNS (before removing it) to use as a Forwarder.
This appears to have stopped the problem in a test environment and
browsing
from clients still ok.
So, if someone could confirm this is the correct config, I would be very
grateful.
Click to expand...

Sounds right given your DNS server placement. It is actually more common
for the gateway/firewall (running ISA) to be a caching only DNS server,
and thus NEITHER NIC would then be set to it - both would be set to
the actual (true) INTERNAL DNS servers which would then forward to
the firewall/gateway.
 
Oopss I did miss out some info I guesss but you've answered my question well
enough thank you.
 
Back
Top