Wrong interface respond at ping request on win2000 server

  • Thread starter Thread starter Costin
  • Start date Start date
C

Costin

I have a windows2000server PDC and dns server installed on
it.
There are 2 network interfaces, 1 for local network and 1
for internet connection.
At ping request:
ping server
from the local server, instead of
reply from 192.168....
I receive
reply from 82.... (the external interface)
This lead to another trouble: I cannot limit the dns
server to respond only to internal request, because it
does not respond at all anymore (it responds only if i let
it listen the external interface). It seems that there is
a way to change "the order" of responding interfaces
(first local, than external) but i do not know how to make
it.
I did not install the routing yet.

Thanks.

Costin
 
:
: I have a windows2000server PDC and dns server installed on
: it.
: There are 2 network interfaces, 1 for local network and 1
: for internet connection.
: At ping request:
: ping server
: from the local server, instead of
: reply from 192.168....
: I receive
: reply from 82.... (the external interface)
: This lead to another trouble: I cannot limit the dns
: server to respond only to internal request, because it
: does not respond at all anymore (it responds only if i let
: it listen the external interface). It seems that there is
: a way to change "the order" of responding interfaces
: (first local, than external) but i do not know how to make
: it.

The internal network should not know anything about the external network.
Clients should only point to the DNS on the server and the DNS on the server
should not have any information related to the external network unless you
have a forwarder set.

The local DNS server should only have a primary DNS set to itself. The
workstations and other servers on the private network should be the same
way. There should not be a root entry "." in the forward zone of the DNS
server settings. As I mentioned, if you have a forwarder to your ISPs DNS
server, this is the only place you would reference the external network DNS.
If you do not have one then the root hint servers will be used for the
server and all other systems on the local network when trying to resolve a
name on the external network.

--
Roland

This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose.
-Technet Knowledge Base-
http://support.microsoft.com/default.aspx?scid=fh;EN-US;kbhowto&sd=TECH&ln=EN-US&FR=0
-Technet Script Center-
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
-WSH 5.6 documentation download-
http://www.microsoft.com/downloads/details.aspx?FamilyId=01592C48-207D-4BE1-
8A76-1C4099D7BBB9&displaylang=en
-MSDN Library-
http://msdn.microsoft.com/library/default.asp
 
Thank you Roland, I knew all of these, but maybe I was not
very explicit.
The internal network (internal clients) are working
troubleless, with the local dns server.
The problem is with the server ITSELF, when is resolving
his own address. The server resolves his own address to
the external interface ONLY. The settings of the external
interface DNS I think are correct (first dns in list is
the local ip, then the provider's).
I would like to put the dns server to listen only to the
internal IP interface, but if I do this, practicaly dns
server does not work anymore. This is most probably
because the server query his own dns on the external
interface (blocked now in the dns server program), and
this because it resolves his own address to the external
interface only.
There are other troubles related to this behaviour, for
example I need to keep file sharing activated on the
external interface, or the server cannot read the group
policy on itself.
The funny thing is that if I disable the external
interface, the server resolves his name to the local
interface and everything run smooth...
Yes, there are forwarders, to solve further queries, but
I'm sure this is not the problem. And BTW, I have this
configuration at other clients, and everything is fine
(but there, the server respond to "itself ping" with the
local interface)

Thank you,

Costin
 
C> The settings of the external interface DNS I think are
C> correct (first dns in list is the local ip, then the provider's).

What you think of as being "correct" is almost certainly wrong.

<URL:http://homepages.tesco.net./~J.deBo...nt-all-proxies-must-provide-same-service.html>

C> This is most probably because the server query his own
C> dns on the external interface (blocked now in the dns
C> server program), and this because it resolves his own
C> address to the external interface only.

It's nothing to do with "resolving addresses" (which is meaningless,
because IP addresses aren't resolved). It's to do with the IP address
list that you have configured in the DNS Client on that machine.
Since all that you've told us is that the first address is "local IP",
since your machine has several "local" IP addresses, and since we
aren't clairvoyant, only you can know what is actually going on.
 
In Costin <[email protected]> posted a question
Then Kevin replied below:
: Thank you Roland, I knew all of these, but maybe I was not
: very explicit.
: The internal network (internal clients) are working
: troubleless, with the local dns server.
: The problem is with the server ITSELF, when is resolving
: his own address. The server resolves his own address to
: the external interface ONLY. The settings of the external
: interface DNS I think are correct (first dns in list is
: the local ip, then the provider's).
: I would like to put the dns server to listen only to the
: internal IP interface, but if I do this, practicaly dns
: server does not work anymore. This is most probably
: because the server query his own dns on the external
: interface (blocked now in the dns server program), and
: this because it resolves his own address to the external
: interface only.
: There are other troubles related to this behaviour, for
: example I need to keep file sharing activated on the
: external interface, or the server cannot read the group
: policy on itself.
: The funny thing is that if I disable the external
: interface, the server resolves his name to the local
: interface and everything run smooth...
: Yes, there are forwarders, to solve further queries, but
: I'm sure this is not the problem. And BTW, I have this
: configuration at other clients, and everything is fine
: (but there, the server respond to "itself ping" with the
: local interface)
:
: Thank you,

I think what your problem here is the Binding order of your interfaces. DNS
should only be listening on the internal interface but the internal
interface should also be at the top of the binding order.
Click on the Properties of Network Places, in the Advanced Menu choose
Advanced Settings, In the connections pane move the internal interface to
the top of the list.
In the Bindings pane make sure Client for MS Networks and File sharing or
only bound to the internal interface.

You are probably getting some USERENV errors that you did not mention.
 
In
Kevin D. Goodknecht said:
In

I think what your problem here is the Binding order of your
interfaces. DNS should only be listening on the internal interface
but the internal interface should also be at the top of the binding
order.
Click on the Properties of Network Places, in the Advanced Menu choose
Advanced Settings, In the connections pane move the internal
interface to the top of the list.
In the Bindings pane make sure Client for MS Networks and File
sharing or only bound to the internal interface.

You are probably getting some USERENV errors that you did not mention.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...

There are many posts concerning issues with mutlihomed DCs and DNS servers.
It's tricky to get them working correctly. I agree Kevin that the binding
order is one of the first places to look. Then other issues develop if it's
a DC too (in regards to the LdapIPAddress and GcIpAddress, etc), etc.

All good reasons to not mutlihome a DC or a DNS server.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thanks to all of you, especially Kevin.
Yes, userenv was another touble related to this.
I've solved the problem, and your advices was helpful.
There were some misunderstandings in some replies here,
the wrong server interface responded at ping requests
from THE SERVER ITSELF not from stations.
There were two solutions, both worked for me:
1. DNS server set with no forwarders, but all the
internal workstations set with 2 dns in list: first the
internal dns, second the external. This way, I was able
to bind the internal dns server only to local interface
(but the key is NO FORWARDERS).
2. I simply changed the interfaces one with the other
(!!) I mean I've changed the settings of each interface
with the settings of the other one, and of course I've
changed the cables. The local interface became the
external one and the external one became internal. In
fact, I've forced the order of responding interfaces (for
example the order of appearing in "ipconfig /all"
command). The local stations have only one dns set - the
local one, and the local dns HAS forwarders.
In both cases, all errors are gone.
The second solution is somehow strange, this must be
digged further... Probably there is a way to do this in
registry (to force a specific interface to be "the first"
in list - in "ipconfig /all"). This "first" interface
will always be the one answering at ping requests from
the same machine (the server itself).

Thank you, any further ideas or advices are greatly
appreciated.

Costin
 
In
Costin said:
Thanks to all of you, especially Kevin.
Yes, userenv was another touble related to this.
I've solved the problem, and your advices was helpful.
There were some misunderstandings in some replies here,
the wrong server interface responded at ping requests
from THE SERVER ITSELF not from stations.
There were two solutions, both worked for me:
1. DNS server set with no forwarders, but all the
internal workstations set with 2 dns in list: first the
internal dns, second the external. This way, I was able
to bind the internal dns server only to local interface
(but the key is NO FORWARDERS).
2. I simply changed the interfaces one with the other
(!!) I mean I've changed the settings of each interface
with the settings of the other one, and of course I've
changed the cables. The local interface became the
external one and the external one became internal. In
fact, I've forced the order of responding interfaces (for
example the order of appearing in "ipconfig /all"
command). The local stations have only one dns set - the
local one, and the local dns HAS forwarders.
In both cases, all errors are gone.
Click to expand...
The second solution is somehow strange, this must be
digged further... Probably there is a way to do this in
registry (to force a specific interface to be "the first"
in list - in "ipconfig /all"). This "first" interface
will always be the one answering at ping requests from
the same machine (the server itself).

Thank you, any further ideas or advices are greatly
appreciated.

Costin
Click to expand...

It's suggested to use forwarders for efficient Internet resolution.

As for your "second solution", there is not magic reg entry for this to
"make" the one interface to be first. It's rather very *easily* accomplished
just by changing the binding order, as Kevin already gave you a step-by-step
on how to do it in Nertwork & Dialup Connections.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Costin <[email protected]> posted a question
Then Kevin replied below:
: Thanks to all of you, especially Kevin.
: Yes, userenv was another touble related to this.
: I've solved the problem, and your advices was helpful.
: There were some misunderstandings in some replies here,
: the wrong server interface responded at ping requests
: from THE SERVER ITSELF not from stations.
: There were two solutions, both worked for me:
: 1. DNS server set with no forwarders, but all the
: internal workstations set with 2 dns in list: first the
: internal dns, second the external. This way, I was able
: to bind the internal dns server only to local interface
: (but the key is NO FORWARDERS).
: 2. I simply changed the interfaces one with the other
: (!!) I mean I've changed the settings of each interface
: with the settings of the other one, and of course I've
: changed the cables. The local interface became the
: external one and the external one became internal. In
: fact, I've forced the order of responding interfaces (for
: example the order of appearing in "ipconfig /all"
: command). The local stations have only one dns set - the
: local one, and the local dns HAS forwarders.
: In both cases, all errors are gone.
: The second solution is somehow strange, this must be
: digged further... Probably there is a way to do this in
: registry (to force a specific interface to be "the first"
: in list - in "ipconfig /all"). This "first" interface
: will always be the one answering at ping requests from
: the same machine (the server itself).
:
: Thank you, any further ideas or advices are greatly
: appreciated.
:

There is one more thing you need to do to your DC that is multihomed.
Multihomed DCs are a problem, You notice that you have a (same as parent
folder) record for all IP on you DC. This blank record must point to the
internal IP that file sharing is bound to. You can work around the problem
by adding these registry entries using regedt32.
After you add this entry run ipconfig /registerdns and add a blank record
for the internal address DNS is listening and that file sharing is bound in
the 'domain.com' zone and in the 'gc._msdcs.domain.com' subzone.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress
 
Back
Top