Multihomed DNS server install problems

  • Thread starter Thread starter Adam Marx
  • Start date Start date
Obiwan,

Thanks for the useful information. I am planning on pulling everything
private onto a private DNS server and will take your advice.

Ace, Kevin and yourself have been a great help. I, as well as others I'm
sure, appreciate it.

2 other notes or question. I hope Ace can see this posting.

1) Do I just need to contact my ISP and ask them to include a pointer to my
DNS if my reverse resolution is to work. Is that the same as "delegate the
IP block"?

2) I still get this error when I perform the monitoring test on the DNS.
Although everything appears to be working correctly and resolving correctly
when I enable the second NIC I get the error. If I disable the second NIC
and re-run the test it passes?

Thanks,

Adam J. Marx
 
In
Adam Marx said:
Obiwan,

Thanks for the useful information. I am planning on pulling everything
private onto a private DNS server and will take your advice.

Ace, Kevin and yourself have been a great help. I, as well as others
I'm sure, appreciate it.

2 other notes or question. I hope Ace can see this posting.

1) Do I just need to contact my ISP and ask them to include a pointer
to my DNS if my reverse resolution is to work. Is that the same as
"delegate the IP block"?

2) I still get this error when I perform the monitoring test on the
DNS. Although everything appears to be working correctly and
resolving correctly when I enable the second NIC I get the error. If
I disable the second NIC and re-run the test it passes?

Thanks,

Adam J. Marx
Click to expand...
No problem for the help, that's what we're all here for!

Yes, for you to host the reverse block, you need to ask them to delegate it
to your DNS server.

I still think it's due to your binding order and what IP the thing's
listening on. It makes sense if you run throught what I mean, based on the
previous post about this.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
You're welcome, but I contributed very little here all the "grunt work"
was carried on by Ace and the other folks ... :-)

As for Ace answer .. yes, that's the usual way to do it, you should
ask them to delegate the reverse zone for your IP block to your
DNS server so that you'll handle the reverse directly from it; btw
be sure to delegate the reverse to both your local (primary) DNS
and a secondary one !!
I still think it's due to your binding order and what IP the thing's
listening on. It makes sense if you run throught what I mean, based on the
previous post about this.
Click to expand...

Yes, it's probably just a matter of NIC/IP binding order, the public NIC
should come first, before the private one, also, be sure that the DNS
machine points to its _public_ address for DNS resolution and not to
its private one; that said, I still prefer (whenever possible) avoiding to
mix/match public and private DNS on the same box; aside from any
config issue, it's a security risk too since an attacker gaining access
to the DNS will be able to see the private addressing scheme and
use it to carry the "penetration" further on, better (as I wrote) using two
separate box and forwarding the private DNS to the public one

<OT>
Ace; did you hear from NT lately ? I think he may have a whole
lot of interesting stuff to talk about and not just about DNS, in
case, just drop him (or me) a line, I think you'll be interested ;-) !
</OT>


--

* ObiWan

DNS "fail-safe" for Windows 9x, 2000 and up
http://ntcanuck.com

Support and discussions forum
http://ntcanuck.com/net/board

408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm
 
In
ObiWan said:
You're welcome, but I contributed very little here all the "grunt
work"
was carried on by Ace and the other folks ... :-)


As for Ace answer .. yes, that's the usual way to do it, you should
ask them to delegate the reverse zone for your IP block to your
DNS server so that you'll handle the reverse directly from it; btw
be sure to delegate the reverse to both your local (primary) DNS
and a secondary one !!



Yes, it's probably just a matter of NIC/IP binding order, the public
NIC should come first, before the private one, also, be sure that the
DNS machine points to its _public_ address for DNS resolution and not
to
its private one; that said, I still prefer (whenever possible)
avoiding to mix/match public and private DNS on the same box; aside
from any
config issue, it's a security risk too since an attacker gaining
access
to the DNS will be able to see the private addressing scheme and
use it to carry the "penetration" further on, better (as I wrote)
using two separate box and forwarding the private DNS to the public
one
Click to expand...

Just want to point out, Obi, if making the public NIC top in binding, and
using itself or public DNS, then we're going to assume this machine won't be
particitpating with AD or anything else internal. Reason I mentioned, I
think Adam wanted to make it a DC?? Can;'t remember now... :-) If so reverse
that, if not, go with that!

:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
ObiWan said:
<OT>
Ace; did you hear from NT lately ? I think he may have a whole
lot of interesting stuff to talk about and not just about DNS, in
case, just drop him (or me) a line, I think you'll be interested ;-) !
</OT>
Click to expand...

Hmm... No, haven't seen or heard from him lately. I'll drop him a line.
Curious what good stuff he;s been up to!
:-)




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top