Multihomed DNS server install problems

[Kevin D. Goodknecht [MVP]]

In

Kevin, hello again we've spoken before.

I am extremely eager to clear this up.

2 things,

1. You are correct about webajm.com I believe and now know that it is
setup incorrectly. When I run a test from DNSreport.com it points
w2k.ajm1.webajm.com to a public IP? why? I mean isn't that correct?
How did you get a private IP? The server is behind a router and is
essentially using a private IP.

It is getting this IP address from the parent gTLD .com servers. But when it
goes and asks you DNS server to resolve the name, it answers with a private
address.
Since you are using your server as authoritative for webajm.com all I needed
to do was ask your nameserver to resolve the name. Which is what any DNS
server will do.

If I add a record called NS1 in the zone Webajm.com and point it a
public IP will I then need to register it as NS1.webajm.com with my
registrar?

Yes, exactly.

and I can leave my AD naming convention alone or does it

also need to be changed? can you walk me through the resolution of
the site webajm.com if someone were looking for it?

Do not mix your AD domain or any host in your AD domain in with you public
domain. Your AD domain must resolve to private addresses or your internal
domain will break

2. I'm actually trying to set up a new domain (correctly)
hostingky.com which is where I am having my problem that is almost
resolved. I am going to assume that it also is setup incorrectly from
you post.

If you are using the host name of your AD DNS server as an NS in any domain
that needs to be resolved publicly you are going to have very inconsistant
behavior.
Use a different host name for your public NS record, one that only resolves
to a public address from the public side of your router.

 

[Kevin D. Goodknecht [MVP]]

In

Kevin,

When I register my domain name with my registrar it asks for a
NameServer (FQDN). I took that to mean the FQDN of my server running
DNS.

From my interpretation of your posting you are saying not to register
my FQDN of my server but to register my FQDN of the NameServer and by
adding the record in my DNS in zone webajm.com "NS1" this will
essentially be creating the FQDN of "NS1.webajm.com"? correct?

This is correct.
Then you can use that name for this and any future domains you register as
one of its DNS servers.
You will also need to use this name as the primary name server on the SOA
record, this is so any secondary servers can update their zones correctly.

 

[Adam Marx]

When I try to update the record at my registrar it say's "Sorry, nameserver
is not a registered nameserver"?

 

[Ace Fekay [MVP]]

In

When I try to update the record at my registrar it say's "Sorry,
nameserver is not a registered nameserver"?

You can create them once you're logged into your account at the registrar.
If Network Solutions, I believe there's a link to "other services" or
"hostname servers" (forget which). Not sure about the other companies that
offer registrar services.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Adam Marx]

I added the DNS host record NS1 and pointed it to my public IP, I logged in
to DirectNic and changed the nameserver to NS1.webajm.com and then I
recieved the error? What am I missing?


"Ace Fekay [MVP]"

 

[Adam Marx]

Kevin,

Because I am running behind a router that is forwarding DNS requests and my
Server is physically using an internal IP 192.168.x.x then isn't nslookup
correct when it states that the DNS server is on a private IP? I think I
already know the answer to that question and if the answer is what I think
will be then DNS is essentially not linked directly to the servers physical
IP?

 

[Adam Marx]

Alex, sorry I posted that a bit premature. I was able to enter both the DNS
record on my server and change my NS at my registrar (DirectNic).

I know that it will take a bit for the records to resolve so I'll drop this
post until I can verify whether I'm still having a problem or not.

Many thanks for yours and Kevin's patience while dealing with people like
myself that are struggling to learn from people such as yourself.

Sincerely,

Adam J. Marx

p.s. I'm still getting the error while trying to test the DNS server.


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Alex, sorry I posted that a bit premature. I was able to enter both
the DNS record on my server and change my NS at my registrar
(DirectNic).

I know that it will take a bit for the records to resolve so I'll
drop this post until I can verify whether I'm still having a problem
or not.

Many thanks for yours and Kevin's patience while dealing with people
like myself that are struggling to learn from people such as yourself.

Sincerely,

Adam J. Marx

p.s. I'm still getting the error while trying to test the DNS server.

Alex? You mean Ace?

Yes, there's propogation time. Give it about 24-72 hours.

As for the errors, you mean when hitting the test button? Usually a
forwarder will clean that up.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Adam Marx]

My apologies, Ace.


"Ace Fekay [MVP]"

In


Alex? You mean Ace?

Yes, there's propogation time. Give it about 24-72 hours.

As for the errors, you mean when hitting the test button? Usually a
forwarder will clean that up.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

My apologies, Ace.

Don't worry about it. Just want to get you straightened out with the issues.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In

When I try to update the record at my registrar it say's "Sorry,
nameserver is not a registered nameserver"?

You will have to first register the host name as a nameserver. Then it could
take a day or so before you can use it on the gTLD record as a nameserver.

 

[Adam Marx]

Ace, I ran a test from DNSReport today and I think things may have cleared
up for Hostingky.com. I'm still dealing with the Pass/Fail issue but I think
the DNS is operating correctly?





"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace, I ran a test from DNSReport today and I think things may have
cleared up for Hostingky.com. I'm still dealing with the Pass/Fail
issue but I think the DNS is operating correctly?

Hmm, I don't see it cleared up yet, and I'm querying YOUR server. Look
below, notice how after I typed in nslookup, I then typed your server
address by typing in "server 64.253.110.74" ? That tells nslookup to use
YOUR server instread of my DNS server, so the record is coming straight from
the source. It's still returning your private IP for w2k.ajm1.webajm.com.

DNSreport is using zonedit's since they are the first ones in the nameserver
list. They will start at the first and work their way down if the first in
the list doesn't respond, as which they are listed as SOA for your zone. So
if it ever gets to your server, the wrong IP will return.

So it looks like you still have your private IP address for
w2k.ajm1.webajm.com in that DNS server. I thought you changed that??

C:\>nslookup
Default Server: london.nwtraders.msft
Address: 192.168.5.200

server 64.253.110.74

Default Server: loudsl01.4.0.6.104.a.iglou.com
Address: 64.253.110.74

w2k.ajm1.webajm.com

Server: loudsl01.4.0.6.104.a.iglou.com
Address: 64.253.110.74

Name: w2k.ajm1.webajm.com
Address: 192.168.1.100


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Adam Marx]

Try the 64.253.110.75 address that's the new server (hostingky) the
64.253.110.74 is webajm.

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Try the 64.253.110.75 address that's the new server (hostingky) the
64.253.110.74 is webajm.

Ok, that worked. So you changed the 64.253.110.74 to 64.253.110.75? That
will take a couple days to propogate.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Adam Marx]

No, Kevin kind of got things confused while trying to help resolve my DNS
issue he thought we were refering to my current host associated with my
e-mail which is different than the DNS I was working on (hostingky.com).
That's where the 2 IP's came into play I have more than 1 staticIP. The
64.253.110.75 is what we should be concerned about.

So, based on the 64.253.110.75 did everything seem to resolve correctly? I
am assuming there still is a reverse DNS issue? How can I clear that up, by
asking my ISP to put in a forwarder?

Thanks, sorry about the confusion.


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

No, Kevin kind of got things confused while trying to help resolve my
DNS issue he thought we were refering to my current host associated
with my e-mail which is different than the DNS I was working on
(hostingky.com). That's where the 2 IP's came into play I have more
than 1 staticIP. The
64.253.110.75 is what we should be concerned about.

So, based on the 64.253.110.75 did everything seem to resolve
correctly? I am assuming there still is a reverse DNS issue? How can
I clear that up, by asking my ISP to put in a forwarder?

Thanks, sorry about the confusion.

Kevin was going by your webajm.com domain, which is using 64.253.110.74,
which has incorrect records. Probably would have been alot easier and less
confusing if the actual names and IPs were posted earlier in the thread.


As far as hostingky.com, yes, it seems ok. See below, it's actually the
third listed. But it would probably never get to your server anyway,
considering zoneedit.com's servers are up all the time. When a query comes
in, it checks the first in the list, if it doesn't respond, it works it's
way down. That's why they ask you what order you want them in.

set type=ns
hostingky.com

Server: [64.253.110.75]
Address: 64.253.110.75

hostingky.com nameserver = ns14.zoneedit.com
hostingky.com nameserver = ns15.zoneedit.com
hostingky.com nameserver = ns1.hostingky.com
ns14.zoneedit.com internet address = 209.126.159.80
ns15.zoneedit.com internet address = 69.10.134.195
ns1.hostingky.com internet address = 64.253.110.75

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Adam Marx]

Yeah, sorry about the late posting of IP's and other info. I had hoped to
not post most of that info. but it helps in diagnosis and willpost it in the
future if needed. I guess it realy doesn't matter now...

The order in which the NS are listed is that at my registrar or myDNS?


"Ace Fekay [MVP]"

In

No, Kevin kind of got things confused while trying to help resolve my
DNS issue he thought we were refering to my current host associated
with my e-mail which is different than the DNS I was working on
(hostingky.com). That's where the 2 IP's came into play I have more
than 1 staticIP. The
64.253.110.75 is what we should be concerned about.

So, based on the 64.253.110.75 did everything seem to resolve
correctly? I am assuming there still is a reverse DNS issue? How can
I clear that up, by asking my ISP to put in a forwarder?

Thanks, sorry about the confusion.

Kevin was going by your webajm.com domain, which is using 64.253.110.74,
which has incorrect records. Probably would have been alot easier and less
confusing if the actual names and IPs were posted earlier in the thread.


As far as hostingky.com, yes, it seems ok. See below, it's actually the
third listed. But it would probably never get to your server anyway,
considering zoneedit.com's servers are up all the time. When a query comes
in, it checks the first in the list, if it doesn't respond, it works it's
way down. That's why they ask you what order you want them in.

set type=ns
hostingky.com

Server: [64.253.110.75]
Address: 64.253.110.75

hostingky.com nameserver = ns14.zoneedit.com
hostingky.com nameserver = ns15.zoneedit.com
hostingky.com nameserver = ns1.hostingky.com
ns14.zoneedit.com internet address = 209.126.159.80
ns15.zoneedit.com internet address = 69.10.134.195
ns1.hostingky.com internet address = 64.253.110.75

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Yeah, sorry about the late posting of IP's and other info. I had
hoped to not post most of that info. but it helps in diagnosis and
willpost it in the future if needed. I guess it realy doesn't matter
now...

Don't worry about it.... Many folks do it.

The order in which the NS are listed is that at my registrar or myDNS?

As listed at the registrar.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[ObiWan]

Awesome tag! "ObiWan"...

Thanks

I'm a tad confused, as usual. I have 2 NIC's
in this box 1 is private and 1 is public.

In my SOA do I need to list both IP's or only the
public IP that will be recieving requests for DNS
information?

Hm .. if I understand it correctly the DNS is serving
addresses to the outside, so .. it isn't a good idea
adding "private" addresses to it, that may cause
problems, btw you'll still need a reverse zone for
the public address(es) and if possible you should
ask your carrier/isp to delegate the IP block you
use to your DNS so that you'll be able to handle
the reverse resolution through your DNS too

About the "nslookup" error, that's due to the fact that
nslookup tries to perform a reverse lookup on the
dns IP it uses and if the reverse doesn't work (as in
your case) it will "barf"

As a final note (if possible) I'd setup a "private only"
DNS forwarding external requests to the other DNS
(your current one) and I'd move this latter into a DMZ
to avoid security problems; this way the public DNS
will only handle public addresses while the private
one only private addresses and this will allow you
to setup a correct "private" reverse zone on the
private DNS... just to be more clear

Internet
|
firewall---dmz----- public DNS
|
lan ---- private DNS
|
clients

so the private DNS will have all your private IPs and
so on and it will forward any external resolution to the
public DNS which in turn will also serve all your public
IPs to the internet, now, if you're using the _same_
domain for both your LAN and the internet things will
become somewhat tricky since you'll need to setup
both DNS as primary for your domain and to add the
public (DMZ) hosts IP addresses to the LAN dns too
to avoid resolution problems; another solution (if it's
possible btw) may be using a "sub-domain" for your
LAN, so you may have a public "acme.com" domain
and a private "lan.acme.com" one

Hope it helps


--

* ObiWan

DNS "fail-safe" for Windows 2000 and 9X clients.
http://ntcanuck.com

Support and discussions forum
http://ntcanuck.com/net/board

408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm