Listening IPs

[Kevin Vaughn]

When I take out an irrelevant listening IP, my DNS breaks.

My DNS server has two separate IP addresses tied to the same adapter. One
of them is an IP I have mapped to the outside world. The other is strictly
for my primary internal DNS server.

I noticed the other day that I had both IP addresses listed on the
Interfaces tab under properties. I took the external IP out of the list.
Nobody, to my knowledge, is pointing to this external IP for DNS lookups.
All of my clients are configured to use the internal address.

The next day after I made the change, I got errors about failed zone
transfers from my secondary DNS server. After a minute of looking around, I
went to the monitoring tab and tried some test lookups. The recursive
queries were passing and the simple queries were failing. I did the same
thing on my primary server and both tests failed! I restarted the DNS
service on my secondary and both test lookups started working again, but
when I restarted the DNS service on my primary both test lookups were still
failing. I finally figured out that if I put my external IP back into the
listening list that the problem finally goes away.

Here are some more details:
- Running Win2k SP3 on both servers
- The external IP is actually an internal IP that is mapped to external (or
real-world) IP via NAT

I wonder why that IP address has to be in the DNS config for things to work
right. Any help you could offer would be much appreciated.

-Kevin

 

[Kevin D. Goodknecht Sr. [MVP]]

In

When I take out an irrelevant listening IP, my DNS breaks.

My DNS server has two separate IP addresses tied to the same adapter.
One of them is an IP I have mapped to the outside world. The other
is strictly for my primary internal DNS server.

I noticed the other day that I had both IP addresses listed on the
Interfaces tab under properties. I took the external IP out of the
list. Nobody, to my knowledge, is pointing to this external IP for
DNS lookups. All of my clients are configured to use the internal
address.

The next day after I made the change, I got errors about failed zone
transfers from my secondary DNS server. After a minute of looking
around, I went to the monitoring tab and tried some test lookups.
The recursive queries were passing and the simple queries were
failing. I did the same thing on my primary server and both tests
failed! I restarted the DNS service on my secondary and both test
lookups started working again, but when I restarted the DNS service
on my primary both test lookups were still failing. I finally
figured out that if I put my external IP back into the listening list
that the problem finally goes away.

Here are some more details:
- Running Win2k SP3 on both servers
- The external IP is actually an internal IP that is mapped to
external (or real-world) IP via NAT

I wonder why that IP address has to be in the DNS config for things
to work right. Any help you could offer would be much appreciated.

-Kevin

Can you post an ipconfig /all you could just have a gateway problem run
netdiag /v /fix

 

[Ace Fekay, MVP]

When I take out an irrelevant listening IP, my DNS breaks.

My DNS server has two separate IP addresses tied to the same adapter. One
of them is an IP I have mapped to the outside world. The other is strictly
for my primary internal DNS server.

I noticed the other day that I had both IP addresses listed on the
Interfaces tab under properties. I took the external IP out of the list.
Nobody, to my knowledge, is pointing to this external IP for DNS lookups.
All of my clients are configured to use the internal address.

The next day after I made the change, I got errors about failed zone
transfers from my secondary DNS server. After a minute of looking around, I
went to the monitoring tab and tried some test lookups. The recursive
queries were passing and the simple queries were failing. I did the same
thing on my primary server and both tests failed! I restarted the DNS
service on my secondary and both test lookups started working again, but
when I restarted the DNS service on my primary both test lookups were still
failing. I finally figured out that if I put my external IP back into the
listening list that the problem finally goes away.

Here are some more details:
- Running Win2k SP3 on both servers
- The external IP is actually an internal IP that is mapped to external (or
real-world) IP via NAT

I wonder why that IP address has to be in the DNS config for things to work
right. Any help you could offer would be much appreciated.

-Kevin

..
Anytime there is a dual NIC setup with DNS involved, takes a little care on
the config to get it to work correctly.

Run what Kevin suggested. Also, do you use a forwarder? Use a forwarder.
If forwarding is grayed out, delete your root zone.

On both NIC properties, do they both point ONLY to this DNS server? Make
both NICs IP Properties only point to the internal IP.

Listeners just says it will listen to requests on that interface (IP). It
really shouldn't have anything to do with "breaking" DNS. As for zone
transfers, what IP is set as the Master IP on the machine holding the
secondary zone?

Testing for queries, either authorative or recursive hopefully means that
both NICs point to itself and forwarders are enabled.

Also, in Network and Dialup Settings, Adv menu, Adv settings, make sure the
internal interface is at the TOP of the binding order and not the bottom.
That's important for the machine to always check with the internal card
first.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin Vaughn]

Kind of confusing when you say you're teaming the NICs but one is used

internally and one for external. Usually teaming them (whatever manuf
software used) is for load balancing on one network, not two. So not
entirely sure the way you stated it.

The two IPs are bound to the same NIC. They are both internal IPs, but one
of them serves external traffic coming in through the firewall. The two IPs
are on the same segment (10.5.1.x). I hope that clears it up. I'm sorry
I'm not doing very well at explaining my setup.

5627 errors deal with zone transfers failing. Maybe the confusion with the
NICs? Not sure, but confusing since you said it's been working.
http://www.eventid.net/display.asp?eventid=6527

Yeah, I was having these errors exactly 24 hours after I restarted the DNS
server on my secondary. I finally remedied the problem by making my
secondary server into a primary. So now I'm running two primary DNS
servers. The way I maintenance things, I don't really need zone transfers
anyway.

For what it's worth, I tried blowing away everything and starting over. One
peculiar thing I noticed, while I was backing up everything in preparation,
was that my zones were stored in the wrong place. Everything was still
under the HKLM/SYSTEM/CCS/SERVICES/DNS key. As you know, the zones should
have moved with the installation of SP1 to the SOFTWARE key. The zones were
in the correct place on my primary server. I think that there was something
fundamentally screwed up on my secondary. I didn't test a secondary server
after I fixed the problem - I just turned it into a primary, but you may
want to keep that in mind if you're helping other people in my situation.

Thanks for your help.

-Kevin

 

[Ace Fekay [MVP]]

In

The two IPs are bound to the same NIC. They are both internal IPs,
but one of them serves external traffic coming in through the
firewall. The two IPs are on the same segment (10.5.1.x). I hope
that clears it up. I'm sorry I'm not doing very well at explaining
my setup.

I see, that makes a LOT more sense!

Yeah, I was having these errors exactly 24 hours after I restarted
the DNS server on my secondary. I finally remedied the problem by
making my secondary server into a primary. So now I'm running two
primary DNS servers. The way I maintenance things, I don't really
need zone transfers anyway.

For what it's worth, I tried blowing away everything and starting
over. One peculiar thing I noticed, while I was backing up
everything in preparation, was that my zones were stored in the wrong
place. Everything was still under the HKLM/SYSTEM/CCS/SERVICES/DNS
key. As you know, the zones should have moved with the installation
of SP1 to the SOFTWARE key. The zones were in the correct place on
my primary server. I think that there was something fundamentally
screwed up on my secondary. I didn't test a secondary server after I
fixed the problem - I just turned it into a primary, but you may want
to keep that in mind if you're helping other people in my situation.

Thanks for your help.

-Kevin

Interesting to know. Thanks for the headsup and I will keep that in mind.

Maybe there was a corruption in the DNS service, where you may have had to
delete it completely and reinstall it from a later SP sourced i386 to have a
clean install. But glad you got it going.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory