Restricted DNS Server

  • Thread starter Thread starter Tony
  • Start date Start date
T

Tony

Hi,

I have a W2K DNS server that only has entries that we want our outlet stores
to get to by creating the . (root.dns) zone and then forward zones for the
different sites. So far it's working great but we've come across a site that
they need to get to that is utilizing a load balancer. Depending on the
amount of traffic hitting this site, it fails over to different IP
addresses. How can I address this issue? Is there a way for me to set up our
DNS so that when any of our stores hit the site xyz.com, it'll get to it no
matter what? Including other sites off of it like money.xyz.com or
things.xyz.com? Thanks in advance.

Tony
 
Network load balancing, clustering, or some third party device like a
Cisco "net director" are the possible answers.

As long as you have a failing IP address, SOME clients will get sent
there. You need some automated fail over mechanism like the services
above provide.
 
In Tony <[email protected]> posted a question
Then Kevin replied below:
: Hi,
:
: I have a W2K DNS server that only has entries that we want our outlet
: stores to get to by creating the . (root.dns) zone and then forward
: zones for the different sites. So far it's working great but we've
: come across a site that they need to get to that is utilizing a load
: balancer. Depending on the amount of traffic hitting this site, it
: fails over to different IP addresses. How can I address this issue?
: Is there a way for me to set up our DNS so that when any of our
: stores hit the site xyz.com, it'll get to it no matter what?
: Including other sites off of it like money.xyz.com or things.xyz.com?
: Thanks in advance.
:
: Tony

Since you are using a root zone for doing this, have you created a com sub
domain?
If you do not have the com sub zone, create it then, in the com sub-zone
create a new delegation, name the delegation "xyz" then it is just a matter
of giving the delegation the Authoritative DNS servers that are holding the
"xyz.com" public zone. If you do not know what the Authoritative DNS servers
are, do a whois lookup at www.internic.net for xyz.com, it will give you the
servers holding the authoritative zone. This method is much better than
creating the actual records and trying to keep them current and it won't
matter what name they need in xyz.com.
You can also use this method on any domain you need to resolve.
 
In Kevin D. Goodknecht [MVP] <[email protected]> posted a question
Then Kevin replied below:
: In : Tony <[email protected]> posted a question
: Then Kevin replied below:
:: Hi,
::
:: I have a W2K DNS server that only has entries that we want our outlet
:: stores to get to by creating the . (root.dns) zone and then forward
:: zones for the different sites. So far it's working great but we've
:: come across a site that they need to get to that is utilizing a load
:: balancer. Depending on the amount of traffic hitting this site, it
:: fails over to different IP addresses. How can I address this issue?
:: Is there a way for me to set up our DNS so that when any of our
:: stores hit the site xyz.com, it'll get to it no matter what?
:: Including other sites off of it like money.xyz.com or things.xyz.com?
:: Thanks in advance.
::
:: Tony
:
: Since you are using a root zone for doing this, have you created a
: com sub domain?
: If you do not have the com sub zone, create it then, in the com
: sub-zone create a new delegation, name the delegation "xyz" then it
: is just a matter of giving the delegation the Authoritative DNS
: servers that are holding the "xyz.com" public zone. If you do not
: know what the Authoritative DNS servers are, do a whois lookup at
: www.internic.net for xyz.com, it will give you the servers holding
: the authoritative zone. This method is much better than creating the
: actual records and trying to keep them current and it won't matter
: what name they need in xyz.com.
: You can also use this method on any domain you need to resolve.

Just to add if the delegation loses it IP on the NS records for the
delegation, create zones with the name of the name servers, i.e.
"ns.xyz.com" then in that zone create one blank host (leave the host field
blank) give it the IP of the name servers. It will bark at you saying (same
as parent folder) is not a valid host name, click OK create the record
anyway. You'll be set unless the nameservers change.
 
T> How can I address this issue?

* Explicitly delegate the relevant subdomains to the public content DNS
servers for each subdomain.

* Use "stub" "zones".
 
Hi Kevin,

Thanks for the insight. I did not have the com sub-domain of . I have since
created the sub-domain 'com'. I then right-clicked on it and seleted 'New
Delegation'. I typed in the site I wanted which was taxwise. I then looked
up the Name Server for it and found utsdns2.universalsystems.com. I added
that name in the wizard and choose Resolve, which it did. The wizard
finished so I thought I was good to go but it's not working. If I create a
new zone for taxwise.com, it works no problem. Is there a step that I've
missed? Maybe the config for the DNS server itslf is wrong? Thanks in
advance again!

Tony
 
In Tony <[email protected]> posted a question
Then Kevin replied below:
: Hi Kevin,
:
: Thanks for the insight. I did not have the com sub-domain of . I have
: since created the sub-domain 'com'. I then right-clicked on it and
: seleted 'New Delegation'. I typed in the site I wanted which was
: taxwise. I then looked up the Name Server for it and found
: utsdns2.universalsystems.com. I added that name in the wizard and
: choose Resolve, which it did. The wizard finished so I thought I was
: good to go but it's not working. If I create a new zone for
: taxwise.com, it works no problem. Is there a step that I've missed?
: Maybe the config for the DNS server itslf is wrong? Thanks in advance
: again!
:
: Tony

This should have worked but you may have to run ipconfig /flushdns, and
verify that on the Advanced tab that "Disable recursion" is NOT checked.
You will need recursion to work, but since you are using a root zone you
won't be able to access the root hint servers, you will have to delegate
every name you want accessed. Setting it up this way is not going to be easy
because if anywhere in the hierarchy someone is using a CNAME you will have
to delegate the name the CNAME points to.
However properly done it will put you in full control of the names DNS can
resolve.

Delegate taxwise.com to these two nameservers:
Name Server: UTSDNS2.UNIVERSALSYSTEMS.COM 65.199.215.12
Name Server: BKDNS2.UNIVERSALSYSTEMS.COM 65.199.215.11
Then you should create a glue record by doing this:
In your 'com' FLZ create these two sub zones:
UTSDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP
65.199.215.12
BKDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP 65.199.215.11
 
Hi Kevin,

I did run the ipconfig /flushdns before and 'Disable Recursion' is
definitely not checked under the server properties in the Advanced Tab. I
did add the root hints servers but I'm sure it can't access them because of
the .

As for your steps you provided - I added the New Delegation for taxwise and
have both of it's NS in there (looks like a text file with the entries in
there). I'm not sure of your next step though -
In your 'com' FLZ create these two sub zones:
UTSDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP
65.199.215.12
BKDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP
Click to expand...
65.199.215.11

Am I right-clicking on the 'com' and choosing New Domain? If I do, I can't
type past utsdns2. because as soon as I put the. in there, the OK button
greys out. Thanks for all your help so far!

Tony
 
In Tony <[email protected]> posted a question
Then Kevin replied below:
: Hi Kevin,
:
: I did run the ipconfig /flushdns before and 'Disable Recursion' is
: definitely not checked under the server properties in the Advanced
: Tab. I did add the root hints servers but I'm sure it can't access
: them because of the .

You would not want to add the root hint servers if you do that there is no
need for the root zone.

:
: As for your steps you provided - I added the New Delegation for
: taxwise and have both of it's NS in there (looks like a text file
: with the entries in there). I'm not sure of your next step though -
:: In your 'com' FLZ create these two sub zones:
:: UTSDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP
:: 65.199.215.12
:: BKDNS2.UNIVERSALSYSTEMS with a blank record in it with this IP
:: 65.199.215.11
:
: Am I right-clicking on the 'com' and choosing New Domain? If I do, I
: can't type past utsdns2. because as soon as I put the. in there, the
: OK button greys out. Thanks for all your help so far!
:

Your right it does do that, OK Do it this way make a new domain named
"universalsystems" then a delegation named UTSDNS2 and BKDNS2 point the
delegation to this own server's name and IP.
Then create forward lookup zones named:
UTSDNS2.UNIVERSALSYSTEMS.COM with a blank record in it with this IP
65.199.215.12
BKDNS2.UNIVERSALSYSTEMS.COM with a blank record in it with this IP
65.199.215.11

This should help YOUR DNS resolve this.
 
You know what... I just went and added a new DNS server and started from
scratch following your suggestions. I was able to create the Delegations, no
problem, same as before only this time it worked. I then went back to the
original server and removed the . zone. I re-created it and added in the
taxwise info and it connected up right away so it looks like I'm all fixed
up. Thanks for all your help, much appreciated!

Tony
 
In Tony <[email protected]> posted a question
Then Kevin replied below:
: You know what... I just went and added a new DNS server and started
: from scratch following your suggestions. I was able to create the
: Delegations, no problem, same as before only this time it worked. I
: then went back to the original server and removed the . zone. I
: re-created it and added in the taxwise info and it connected up right
: away so it looks like I'm all fixed up. Thanks for all your help,
: much appreciated!
:
Thasagooddeal! I'm glad to have been able to help. :-)
 
One last one, if I could. You mentioned that I might have a problem if
somone uses a CNAME. I'm having a problem adding the domain of lovelace.com
for HR purposes as well as microsoft.com. Almost all other sites I've added
work perfectly except for lovelace.com and microsoft.com. Any ideas where to
start looking? Thanks again!

Tony
 
Back
Top