HELP

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

Hello,

I am trying to figure out how to correctly setup DNS.
Here is my situation:

1. I am hosting a website and mail server on AD, DNS
seems running and works ok, except when i do nslookup
from outside network i see both private and public ip
address. If i remove host (private ip address) from DNS,
after i restart dns it apears again. I want to AD DNS
leave as an internal DNS and I installed another stand
alone server to host exrternal DNS. I added all records
like www, mx and so. However, still i am having the same
probelm. I know i am doing something wrong here.

Any help greatly appreciated.
 
A DC will automatically register all interfaces withing DNS. To prevent this, reference: 317590 HOW TO: Configure DNS
Dynamic Update in Windows 2000 http://support.microsoft.com/?id=317590

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
In
Tom said:
Hello,

I am trying to figure out how to correctly setup DNS.
Here is my situation:

1. I am hosting a website and mail server on AD, DNS
seems running and works ok, except when i do nslookup
from outside network i see both private and public ip
address. If i remove host (private ip address) from DNS,
after i restart dns it apears again. I want to AD DNS
leave as an internal DNS and I installed another stand
alone server to host exrternal DNS. I added all records
like www, mx and so. However, still i am having the same
probelm. I know i am doing something wrong here.

Any help greatly appreciated.
Click to expand...

Are you forwarding port 53 UDP & TCP to the stand alone server?
Do not point any internal machines to the stand alone DNS for DNS
Set allow dynamic updates on the standalone public zone to "No".
 
Thank you for the reply. Yes i am forwarding port 53 to
the stand alone server. May be if this helps to resolve
my problem, here is ipconfig /all on stand alone server.

Default Gateway . . . . . . . . . : 10.0.0.254
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:0
3 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03
AM

C:\WINNT\Profiles\Administrator.SPI_TS.000>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : spits
Primary DNS Suffix . . . . . . . : spitrans.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : spitrans.com
spimain

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : spimain
Description . . . . . . . . . . . : SMC EZ Card
10/100 (SMC1211TX)
Physical Address. . . . . . . . . : 00-04-E2-03-
3F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.95
Subnet Mask . . . . . . . . . . . : 255.0.0.0
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:03 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03 AM

The Stand alone server's private ip is 10.0.0.95 and the
AD server DNS is 10.0.0.1

Thank you again for the help.
 
In
Tom said:
Thank you for the reply. Yes i am forwarding port 53 to
the stand alone server. May be if this helps to resolve
my problem, here is ipconfig /all on stand alone server.

Default Gateway . . . . . . . . . : 10.0.0.254
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:0
3 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03
AM

C:\WINNT\Profiles\Administrator.SPI_TS.000>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : spits
Primary DNS Suffix . . . . . . . : spitrans.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : spitrans.com
spimain

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : spimain
Description . . . . . . . . . . . : SMC EZ Card
10/100 (SMC1211TX)
Physical Address. . . . . . . . . : 00-04-E2-03-
3F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.95
Subnet Mask . . . . . . . . . . . : 255.0.0.0
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:03 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03 AM

The Stand alone server's private ip is 10.0.0.95 and the
AD server DNS is 10.0.0.1

Thank you again for the help.
Click to expand...
The problem is this, the stand alone server has the public zone on it and
the DC will register its addresses in all DNS servers it points to.
Do *NOT* point any internal machines to the stand alone DNS server for DNS.
Completely remove it from the ipconfig on all machines then delete the
private records and make sure it only has NS records in it for the public
domain.
They are:
Name Server: NS2.PRIMESIGNAL.COM
Name Server: FIREWALL.SPITRANS.COM
Your NS records at your nameservers are:
ns2.primesignal.com. [TTL=3600]
spimain.spitrans.com. [TTL=3600]
Delete the spimain.spitrans.com NS record.
add a host named firewall with IP 24.207.7.96 then crate an NS record for
it.

You also need to delete the www CNAME record and make that a host with the
public IP
I'm assuming the ns2.primesignal.com nameserver is your ISP?
That is OK if they are going to host the secondary zone but right now it is
lame.
Take a look at this:
http://www.dnsreport.com/tools/dnsreport.ch?domain=SPITRANS.COM
 
I think the dns report you got is not from the stand
alone server, it is from the AD server.If i stop dns on
stand alone server and run the report i am getting the
same report. Ok, according to your suggestion, i did
configure the stand alone server. What about the AD
server which is internal dns? What record should be there
on AD DNS server?

Thank you again.
-----Original Message-----
In Tom <[email protected]> posted a question
Then Kevin replied below:
Thank you for the reply. Yes i am forwarding port 53 to
the stand alone server. May be if this helps to resolve
my problem, here is ipconfig /all on stand alone server.

Default Gateway . . . . . . . . . : 10.0.0.254
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:0
3 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03
AM

C:\WINNT\Profiles\Administrator.SPI_TS.000>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : spits
Primary DNS Suffix . . . . . . . : spitrans.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : spitrans.com
spimain

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : spimain
Description . . . . . . . . . . . : SMC EZ Card
10/100 (SMC1211TX)
Physical Address. . . . . . . . . : 00-04-E2- 03-
3F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.95
Subnet Mask . . . . . . . . . . . : 255.0.0.0
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.95
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Wednesday,
November 12, 2003 09:50:03 AM
Lease Expires . . . . . . . . . . : Thursday,
November 20, 2003 09:50:03 AM

The Stand alone server's private ip is 10.0.0.95 and the
AD server DNS is 10.0.0.1

Thank you again for the help.
Click to expand...
The problem is this, the stand alone server has the public zone on it and
the DC will register its addresses in all DNS servers it points to.
Do *NOT* point any internal machines to the stand alone DNS server for DNS.
Completely remove it from the ipconfig on all machines then delete the
private records and make sure it only has NS records in it for the public
domain.
They are:
Name Server: NS2.PRIMESIGNAL.COM
Name Server: FIREWALL.SPITRANS.COM
Your NS records at your nameservers are:
ns2.primesignal.com. [TTL=3600]
spimain.spitrans.com. [TTL=3600]
Delete the spimain.spitrans.com NS record.
add a host named firewall with IP 24.207.7.96 then crate an NS record for
it.

You also need to delete the www CNAME record and make that a host with the
public IP
I'm assuming the ns2.primesignal.com nameserver is your ISP?
That is OK if they are going to host the secondary zone but right now it is
lame.
Take a look at this:
http://www.dnsreport.com/tools/dnsreport.ch? domain=SPITRANS.COM




.
Click to expand...
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
I think the dns report you got is not from the stand
alone server, it is from the AD server.If i stop dns on
stand alone server and run the report i am getting the
same report. Ok, according to your suggestion, i did
configure the stand alone server. What about the AD
server which is internal dns? What record should be there
on AD DNS server?
Click to expand...

The internal DNS server Which I assume is your DC should only have an NS
record for itself, an of course the SOA record should be itself but the DC
will take care of that record.
 
Thank you so much for the help. The info you gave me very
helpful. But if i may i have one more question. As i
stated first the AD hosts mail server, if i add mx record
on stand alone server ( 10.0.0.95), do i need to add mx
on AD servr which is 10.0.0.1 hosts mail server?

-----Original Message-----
In (e-mail address removed)
Click to expand...
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
Thank you so much for the help. The info you gave me very
helpful. But if i may i have one more question. As i
stated first the AD hosts mail server, if i add mx record
on stand alone server ( 10.0.0.95), do i need to add mx
on AD servr which is 10.0.0.1 hosts mail server?
Click to expand...

Do you want this to work?

You are not listening to me you must remove all private records from your
zone. Your MX record is pointing to a host that has a private IP
You did not add the correct NS records all of this stuf has to be right or
it will not work and your mail will go to la la land.
And now you have made a separate zone name www.spitrans.com.
You need to delete all that and start over
Create a Forward lookup zone named spitrans.com.
Create a host named firewall in that zone with the IP 24.207.7.96
delete the host named spimain delete the NS record with that name.
If you are going to use the MX pointing to spitrans.com you need a blank
record with its IP.
put a host named www in the zone with this IP 24.207.7.96

All you have to do is look at your DNS report and follow it to fix the
errors you cannot have even one record in it with a private IP.
 
Back
Top