From: Johan Strange
<JohanStrange@discussions.microsoft.com>
To:
none
Subject:
RE: Scavenging Configuration Question
Date:
09/25/2007 04:32:02
because
these are AD Intergrated zones you only need to do scavenging on one
machine.
--
Johan
Strange
_______________________________
MCSE,
MCSA + Messaging, CompA+
Logic42
Computer Solutions - The answer to everything
"tman"
wrote:
>
I have two DNS servers. Each of them is a DC. The zones are AD
>
integrated. I have my forward lookup zone and three of my eight
>
reverse lookup zones configured for aging/scavenging. The other zones
>
have statically assigned IP addresses. I have configured the zones on
>
both servers for aging/scavenging. Is this correct or should I just
>
configure the zones on one of the servers for aging/scavenging and let
>
replication take care of the other server.
>
>
Thanks
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: Scavenging Configuration Question
Date:
09/25/2007 14:11:25
Hi
I
already heard people having problems by setting up more than 1 DNS server
to
do aging/scavenging.
So
as Johan said you should be fine setting up only 1 server to do
aging/scavenging.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"tman"
<naves.tom@gmail.com> wrote in message
news:1190680113.721920.138710@k79g2000hse.googlegroups.com...
>I
have two DNS servers. Each of them is a DC. The zones are AD
>
integrated. I have my forward lookup zone and three of my eight
>
reverse lookup zones configured for aging/scavenging. The other zones
>
have statically assigned IP addresses. I have configured the zones on
>
both servers for aging/scavenging. Is this correct or should I just
>
configure the zones on one of the servers for aging/scavenging and let
>
replication take care of the other server.
>
>
Thanks
>
Top
From: tman <naves.tom@gmail.com>
To:
none
Subject:
Re: Scavenging Configuration Question
Date:
09/26/2007 13:45:02
On
Sep 25, 12:11 pm,
"Jorge Silva" <jorgesilva...@hotmail.com> wrote:
>
Hi
>
I already heard people having problems by setting up more than 1 DNS server
>
to do aging/scavenging.
>
So as Johan said you should be fine setting up only 1 server to do
>
aging/scavenging.
>
>
--
>
I hope that the information above helps you.
>
Have a Nice day.
>
>
Jorge Silva
>
MCSE, MVP Directory Services"tman" <naves....@gmail.com>
wrote in message
>
>
news:1190680113.721920.138710@k79g2000hse.googlegroups.com...
>
>
>
>
>I have two DNS servers. Each of them is a DC. The zones are
AD
>
> integrated. I have my forward lookup zone and three of my eight
>
> reverse lookup zones configured for aging/scavenging. The other
zones
>
> have statically assigned IP addresses. I have configured the
zones on
>
> both servers for aging/scavenging. Is this correct or should I
just
>
> configure the zones on one of the servers for aging/scavenging and let
>
> replication take care of the other server.
>
>
> Thanks- Hide quoted text -
>
>
- Show quoted text -
Per
your suggestions, I unchecked the boxes for aging/scavenging on
the
second DNS server and ran a scavenge. It did not scavenge any
records.
I looked on the first server and found that the disabling of
aging/scavenging
on the second server replcated to the first server,
thus
no zones on the first server were configured for aging
scavenging.
Sigh!
So
I enabled aging/scavenging on the the zones of the first server
that
I want to scavenge, it replicated to the second server. It set
the
time afterwhich the zones can be scavenged to October 3rd. Sigh!
Top
From: Jorge Silva <jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: Scavenging Configuration Question
Date:
09/26/2007 18:49:53
The
settings for the zone are replicated, but to scavenging work in a given
DNS
server the setting "Enable automatic scavenging of stale records"
in DNS
properties
(Not zone properties) Advanced tab must be enabled, and yhat
isn't
replicated, it must be set manually.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"tman"
<naves.tom@gmail.com> wrote in message
news:1190832302.686751.206810@y42g2000hsy.googlegroups.com...
>
On Sep 25, 12:11 pm,
"Jorge Silva" <jorgesilva...@hotmail.com> wrote:
>>
Hi
>>
I already heard people having problems by setting up more than 1 DNS
>>
server
>>
to do aging/scavenging.
>>
So as Johan said you should be fine setting up only 1 server to do
>>
aging/scavenging.
>>
>>
--
>>
I hope that the information above helps you.
>>
Have a Nice day.
>>
>>
Jorge Silva
>>
MCSE, MVP Directory Services"tman" <naves....@gmail.com>
wrote in message
>>
>>
news:1190680113.721920.138710@k79g2000hse.googlegroups.com...
>>
>>
>>
>>
>I have two DNS servers. Each of them is a DC. The zones are
AD
>>
> integrated. I have my forward lookup zone and three of my eight
>>
> reverse lookup zones configured for aging/scavenging. The other
zones
>>
> have statically assigned IP addresses. I have configured the
zones on
>>
> both servers for aging/scavenging. Is this correct or should I
just
>>
> configure the zones on one of the servers for aging/scavenging and let
>>
> replication take care of the other server.
>>
>>
> Thanks- Hide quoted text -
>>
>>
- Show quoted text -
>
>
Per your suggestions, I unchecked the boxes for aging/scavenging on
>
the second DNS server and ran a scavenge. It did not scavenge any
>
records. I looked on the first server and found that the disabling of
>
aging/scavenging on the second server replcated to the first server,
>
thus no zones on the first server were configured for aging
>
scavenging. Sigh!
>
>
So I enabled aging/scavenging on the the zones of the first server
>
that I want to scavenge, it replicated to the second server. It set
>
the time afterwhich the zones can be scavenged to October 3rd. Sigh!
>
>
Top
From: Kevin D. Goodknecht Sr. [MVP]
<admin@nospam.WFTX.US>
To:
none
Subject:
Re: secondary server..
Date:
09/18/2007 15:28:53
Read
inline please.
In
news:1190143076.981449.189700@50g2000hsm.googlegroups.com,
mndshayeb@gmail.com
<mndshayeb@gmail.com> typed:
>
Hi,
>
>
In the following page
>
>
http://technet2.microsoft.com/windowsserver/en/library/54572f43-7c5f-4600-b8ff-3c91cf0541ed1033.mspx?mfr=true
>
>
there is a sentence says: "For standard, primary zones, a secondary
>
server is required to add and configure the zone so that it appears to
>
other DNS servers in the network."
The
Statement is unclear without the context of the Previous sentence.
"Domain
Name System (DNS) design specifications recommend that at least two
DNS
servers be used to host each zone. For standard, primary zones, a
secondary
server is required to add and configure the zone so that it
appears
to other DNS servers in the network"
It
means that if you use two DNS servers, and if you use a Standard Primary
zone,
additional DNS servers must have secondary zones configured.
It
is further clarified by the followup sentence:
"For
directory-integrated, primary zones, secondary servers are supported
but
not required for this purpose. For example, two DNS servers running on
domain
controllers can be redundant primary servers for a zone. They can
provide
the same benefits as adding a secondary server while also providing
additional
benefits."
>
>
My question is what they mean by "..so that it appears to other DNS
>
servers in the network." ?
>
Do they mean that without a secondary sever the DNS server could not
>
be used by other DNS servers in the network. The senetnce is not
>
clear ?
>
>
Thank you,
>
>
Regards
>
moon
--
Best
regards,
Kevin
D. Goodknecht Sr. [MVP]
Hope
This Helps
===================================
When
responding to posts, please "Reply to Group"
via
your newsreader so that others may learn and
benefit
from your issue, to respond directly to
me
remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use
Outlook Express?... Get OE_Quotefix:
It
will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep
a back up of your OE settings and folders
with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Should I setup a new DNS scheme on the new server?
Date:
09/16/2007 11:39:19
Hello
istreamo,
Check
out this one for upgrading:
http://www.microsoft.com/windowsserver2003/sbs/upgrade/default.mspx
And
maybe better post in microsoft.public.windows.server.sbs
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
Current
>
>
Backoffice SBS 4.5 w/ compname.com (server is failing
hardware
>
issue)
>
>
Future new server
>
>
SBS 2003 (prepare to setup to replace the SBS 4.5)
>
>
Should I create an entirely new DNS with compname.local?
>
>
I would prefer compname.local over say newdomainname.local but the
>
NETBIOS is the same as the old one and I wonder of conflicts on
>
existing clients.
>
>
http://forums.techarena.in
>
Top
From: Ace Fekay [MVP]
<PleaseAskMe@SomeDomain.com>
To:
none
Subject:
Re: split DNS
Date:
09/22/2007 17:29:54
In
news:219C895A-FD50-464D-A351-61C5E7B86101@microsoft.com,
yasser
<yasser@discussions.microsoft.com> typed:
>
HI,
>
>
i want to know what is the benfits for makking split DNS
>
>
and when i should i make split DNS
Split
DNS just means you have the same zone name on two separate DNS
servers.
One possibly for public view with puiblic IP addresses and the
other
DNS server only for internal private use with their private IP
addresses.
Therefore,
tt depends on your scenario. Can you elaborate on your scenario
and
possibly your objectives?
Is
your internal DNS domain name the same as your external domain name?
Thanks,
--
Regards,
Ace
This
posting is provided "AS-IS" with no warranties or guarantees and
confers
no rights.
Ace
Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP
Microsoft MVP - Directory Services
Microsoft
Certified Trainer
Infinite
Diversities in Infinite Combinations
Having
difficulty reading or finding responses to your post?
Try
using Outlook Express or any other newsreader, configure a news
account,
and point it to news.microsoft.com. Anonymous access. It's
easy
and it's free:
How
to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
"Life
isn't like a box of chocolates or a bowl of cherries or
peaches...
Life is more like a jar of jalapenos. What you do today
may
burn your butt tomorrow." - Garfield
Top
From: ObiWan [MVP] <obiwan@mvps.org>
To:
none
Subject:
Re: split DNS
Date:
09/24/2007 10:28:32
>
Split DNS just means you have the same zone name on two
>
separate DNS servers. One possibly for public view with puiblic
>
IP addresses and the other DNS server only for internal private
>
use with their private IP addresses.
exact;
the idea is that you may have the same machine, sitting on
a
"local" network and visible locally as (e.g.) 192.168.200.100 and
from
the WAN as 81.11.22.33; a split DNS will allow you to serve the
first
address to the internal clients and the second one to the others
(OT:
hi Ace, nice to e-see you !)
--
*
ObiWan
Microsoft
MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://italy.mvps.org
Top
From: Ace Fekay [MVP]
<PleaseAskMe@SomeDomain.com>
To:
none
Subject:
Re: split DNS (Off Topic)
Date:
09/25/2007 22:40:37
In
news:eA4IS%23r$HHA.4836@TK2MSFTNGP06.phx.gbl,
ObiWan
[MVP] <obiwan@mvps.org> typed:
>
exact; the idea is that you may have the same machine, sitting on
>
a "local" network and visible locally as (e.g.) 192.168.200.100
and
>
from the WAN as 81.11.22.33; a split DNS will allow you to serve the
>
first address to the internal clients and the second one to the others
>
>
(OT: hi Ace, nice to e-see you !)
"E-see
you", I like that term! Same here, Obi,!! :-)
Ace
Top
From: timeshell
<timeshell.2xhdfe@DoNotSpam.com>
To:
none
Subject:
Re: System 2221 Error Mapping Drive
Date:
09/25/2007 13:30:26
While
logging into the domain with my user. However, logging into
another
computer works fine. Domain admin also works. Suggestions?
--
timeshell
------------------------------------------------------------------------
timeshell's
Profile: http://forums.techarena.in/member.php?userid=31740
View
this thread: http://forums.techarena.in/showthread.php?t=75255
http://forums.techarena.in
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Two DCs - DNS settings...
Date:
09/28/2007 01:49:29
Hello
Jake,
Best
practices for DNS client settings in Windows 2000 Server and in Windows
Server
2003
http://support.microsoft.com/kb/825036
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
Hi,
>
>
We have two DCs on a domain. GC on both. Each DC's NIC
properties
>
has its own IP as the only DNS server and a forwarder entry to our
>
ISP's name servers for non-internal resources.
>
>
However when rebooting they seem to hang for minutes at 'Preparing
>
network connections...' Should I enter the other DC's IP as the
>
second DNS server address at each DC's NIC properties to avoid this
>
startup delay?
>
>
What is the correct DNS setup for a two DC simple domain scenario?
>
>
jake
>
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: uninstalled DNS
Date:
09/20/2007 02:08:12
Hello
tke402,
Except
from the DNS errors, was the demoting succesful? How are the DNS settings
from
the demoted server? Pointing to another DC/DNS or was it the last DC?
Also
would be nice if you post the complete errors.
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
Hi,
>
>
I demoted a domain controller that was also a DNS server (we use AD
>
intergrated zones). I dcpromoed it down and I noticed many DNS errors.
>
Well it made sense since it's AD Intergrated and now it doesn't have
>
AD. So I uninstalled DNS through the add remove Windows components.
>
Now the netlogon service and windows time service do not start. Also,
>
I still see the DNS event logs and directory service logs when I check
>
the event logs. Did I miss a step when I uninstalled DNS or demoted
>
the server?
>
>
Thanks
>
>
TKE402
>
Top
From: tke402 <tke402@discussions.microsoft.com>
To:
none
Subject:
Re: uninstalled DNS
Date:
09/20/2007 10:58:00
Yes
the demotion was successfull the wizard showed no errors. The demoted
server
does not have the ip of it's self for DNS. It has the ip of the other
DNS
server (which is running fine). No there is one more DC in the forest
this
one was not the last one.
Here's
the latest: I noticed that even after uninstalling DNS the server
still
had NS record. I removed that record and will reboot later to day to
see
if that is what's causing the error.
"Meinolf
Weber" wrote:
>
Hello tke402,
>
>
Except from the DNS errors, was the demoting succesful? How are the DNS
settings
>
from the demoted server? Pointing to another DC/DNS or was it the last DC?
>
Also would be nice if you post the complete errors.
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers
>
no rights.
>
>
> Hi,
>
>
>
> I demoted a domain controller that was also a DNS server (we use AD
>
> intergrated zones). I dcpromoed it down and I noticed many DNS errors.
>
> Well it made sense since it's AD Intergrated and now it doesn't have
>
> AD. So I uninstalled DNS through the add remove Windows components.
>
> Now the netlogon service and windows time service do not start. Also,
>
> I still see the DNS event logs and directory service logs when I check
>
> the event logs. Did I miss a step when I uninstalled DNS or demoted
>
> the server?
>
>
>
> Thanks
>
>
>
> TKE402
>
>
>
>
>
Top
From: George Schneider
<georgedschneider@news.postalias>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 09:22:06
you
want me to setup the forwarder to my ISP's DNS server
"Anthony"
wrote:
>
Is your DNS set up the way I described?
>
Anthony,
>
http://www.airdesk.co.uk
>
>
>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>
news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>
>a local computer will resolve to the VPN IP address of the server I'm
>
>trying
>
> to resolve.
>
>
>
>
>
> "Anthony" wrote:
>
>
>
>> OK, if you forget about the VPN for a moment, what happens if a
local
>
>> client
>
>> on your LAN uses that DNS server?
>
>> There are really only two things you need to set up to make the
DNS
>
>> server
>
>> work:
>
>> - a forwarder to an external DNS server, run by your ISP
>
>> - an internal zone, that the local resources are in.
>
>> Anthony,
>
>> http://www.airdesk.co.uk
>
>>
>
>>
>
>>
>
>>
>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>
>> > thats correct our VPN clients are set to use an IP address
and DNS and
>
>> > wins
>
>> > server. The problem is that the dns server is not
resolving any names
>
>> > correctly. I can ping the dns server correctly across
the connection
>
>> > by
>
>> > ip
>
>> > address as well as all the servers I'm trying to reach.
I'm wondering
>
>> > if
>
>> > I
>
>> > set the dns server up wrong. I'm trying to create a
zone just for the
>
>> > VPN
>
>> > resolution.
>
>> >
>
>> > "Anthony" wrote:
>
>> >
>
>> >> Hi George,
>
>> >> I am not quite sure what you can mean.
>
>> >> What VPN method are you using? Normally the VPN
connection assigns an
>
>> >> IP
>
>> >> address and a DNS server to the VPN client,
>
>> >> Anthony,
>
>> >> http://www.airdesk.co.uk
>
>> >>
>
>> >>
>
>> >>
>
>> >>
>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> >>
news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>
>> >> >I want to setup a DNS server to resolve names for our
VPN clients.
>
>> >> >Any
>
>> >> > suggestions on how to do this? I believe I set
it up right but none
>
>> >> > of
>
>> >> > the
>
>> >> > names can be resolved. Everything is working
correctly via iP
>
>> >> > though.
>
>> >> > Is
>
>> >> > there anythign special I need to do to allow
resolution from the
>
>> >> > VPN
>
>> >> > cleints
>
>> >> > since the cleints have different network address
than our internal
>
>> >> > network.
>
>> >>
>
>> >>
>
>> >>
>
>>
>
>>
>
>>
>
>
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 09:26:47
You
haven't given any details of your LAN, but in general your DNS server
should:
-
contain a zone for your internal resources
-
have a forwarder to the ISP's DSN server for all other resources.
Anthony,
http://www.airdesk.com
"George
Schneider" <georgedschneider@news.postalias> wrote in message
news:CA5C679F-5972-41F7-BC37-17BF8F5EA55C@microsoft.com...
>
you want me to setup the forwarder to my ISP's DNS server
>
>
"Anthony" wrote:
>
>>
Is your DNS set up the way I described?
>>
Anthony,
>>
http://www.airdesk.co.uk
>>
>>
>>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>>
news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>>
>a local computer will resolve to the VPN IP address of the server I'm
>>
>trying
>>
> to resolve.
>>
>
>>
>
>>
> "Anthony" wrote:
>>
>
>>
>> OK, if you forget about the VPN for a moment, what happens if a
local
>>
>> client
>>
>> on your LAN uses that DNS server?
>>
>> There are really only two things you need to set up to make the
DNS
>>
>> server
>>
>> work:
>>
>> - a forwarder to an external DNS server, run by your ISP
>>
>> - an internal zone, that the local resources are in.
>>
>> Anthony,
>>
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>>
>> news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>>
>> > thats correct our VPN clients are set to use an IP address
and DNS
>>
>> > and
>>
>> > wins
>>
>> > server. The problem is that the dns server is not
resolving any
>>
>> > names
>>
>> > correctly. I can ping the dns server correctly across
the
>>
>> > connection
>>
>> > by
>>
>> > ip
>>
>> > address as well as all the servers I'm trying to reach.
I'm
>>
>> > wondering
>>
>> > if
>>
>> > I
>>
>> > set the dns server up wrong. I'm trying to create a
zone just for
>>
>> > the
>>
>> > VPN
>>
>> > resolution.
>>
>> >
>>
>> > "Anthony" wrote:
>>
>> >
>>
>> >> Hi George,
>>
>> >> I am not quite sure what you can mean.
>>
>> >> What VPN method are you using? Normally the VPN
connection assigns
>>
>> >> an
>>
>> >> IP
>>
>> >> address and a DNS server to the VPN client,
>>
>> >> Anthony,
>>
>> >> http://www.airdesk.co.uk
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> message
>>
>> >>
news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>>
>> >> >I want to setup a DNS server to resolve names for our
VPN clients.
>>
>> >> >Any
>>
>> >> > suggestions on how to do this? I believe I set
it up right but
>>
>> >> > none
>>
>> >> > of
>>
>> >> > the
>>
>> >> > names can be resolved. Everything is working
correctly via iP
>>
>> >> > though.
>>
>> >> > Is
>>
>> >> > there anythign special I need to do to allow
resolution from the
>>
>> >> > VPN
>>
>> >> > cleints
>>
>> >> > since the cleints have different network address
than our
>>
>> >> > internal
>>
>> >> > network.
>>
>> >>
>>
>> >>
>>
>> >>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Top
From: George Schneider <georgedschneider@news.postalias>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 13:30:02
this
is a specialized DNS server I'm trying to use for the specific purpose
of
resolving names on the vpn connection. The server will not need to
resolve
name outside of the local resources i've specified. The IP address
of
the server is a local lan address. Do I have specify for the server
to
answer
queries from a different network such as the vpn network? If so how
would
i do this?
"Anthony"
wrote:
>
You haven't given any details of your LAN, but in general your DNS server
>
should:
>
- contain a zone for your internal resources
>
- have a forwarder to the ISP's DSN server for all other resources.
>
Anthony,
>
http://www.airdesk.com
>
>
>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>
news:CA5C679F-5972-41F7-BC37-17BF8F5EA55C@microsoft.com...
>
> you want me to setup the forwarder to my ISP's DNS server
>
>
>
> "Anthony" wrote:
>
>
>
>> Is your DNS set up the way I described?
>
>> Anthony,
>
>> http://www.airdesk.co.uk
>
>>
>
>>
>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>
>> >a local computer will resolve to the VPN IP address of the
server I'm
>
>> >trying
>
>> > to resolve.
>
>> >
>
>> >
>
>> > "Anthony" wrote:
>
>> >
>
>> >> OK, if you forget about the VPN for a moment, what
happens if a local
>
>> >> client
>
>> >> on your LAN uses that DNS server?
>
>> >> There are really only two things you need to set up to
make the DNS
>
>> >> server
>
>> >> work:
>
>> >> - a forwarder to an external DNS server, run by your ISP
>
>> >> - an internal zone, that the local resources are in.
>
>> >> Anthony,
>
>> >> http://www.airdesk.co.uk
>
>> >>
>
>> >>
>
>> >>
>
>> >>
>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> >>
news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>
>> >> > thats correct our VPN clients are set to use an IP address
and DNS
>
>> >> > and
>
>> >> > wins
>
>> >> > server. The problem is that the dns server is
not resolving any
>
>> >> > names
>
>> >> > correctly. I can ping the dns server correctly
across the
>
>> >> > connection
>
>> >> > by
>
>> >> > ip
>
>> >> > address as well as all the servers I'm trying to
reach. I'm
>
>> >> > wondering
>
>> >> > if
>
>> >> > I
>
>> >> > set the dns server up wrong. I'm trying to
create a zone just for
>
>> >> > the
>
>> >> > VPN
>
>> >> > resolution.
>
>> >> >
>
>> >> > "Anthony" wrote:
>
>> >> >
>
>> >> >> Hi George,
>
>> >> >> I am not quite sure what you can mean.
>
>> >> >> What VPN method are you using? Normally the VPN
connection assigns
>
>> >> >> an
>
>> >> >> IP
>
>> >> >> address and a DNS server to the VPN client,
>
>> >> >> Anthony,
>
>> >> >> http://www.airdesk.co.uk
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>
>> >> >> message
>
>> >> >> news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>
>> >> >> >I want to setup a DNS server to resolve
names for our VPN clients.
>
>> >> >> >Any
>
>> >> >> > suggestions on how to do this? I
believe I set it up right but
>
>> >> >> > none
>
>> >> >> > of
>
>> >> >> > the
>
>> >> >> > names can be resolved. Everything is
working correctly via iP
>
>> >> >> > though.
>
>> >> >> > Is
>
>> >> >> > there anythign special I need to do
to allow resolution from the
>
>> >> >> > VPN
>
>> >> >> > cleints
>
>> >> >> > since the cleints have different network
address than our
>
>> >> >> > internal
>
>> >> >> > network.
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >>
>
>> >>
>
>> >>
>
>>
>
>>
>
>>
>
>
>
Top
From: Anthony <anthony.spam@spammedout.com>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 13:57:07
No,
the DNS server will respond to anyone who asks,
Anthony.
http://www.airdesk.co.uk
"George
Schneider" <georgedschneider@news.postalias> wrote in message
news:D7C25B2C-A5F3-411E-BAB3-25B013CA9350@microsoft.com...
>
this is a specialized DNS server I'm trying to use for the specific
>
purpose
>
of resolving names on the vpn connection. The server will not need to
>
resolve name outside of the local resources i've specified. The IP
>
address
>
of the server is a local lan address. Do I have specify for the
server to
>
answer queries from a different network such as the vpn network? If so how
>
would i do this?
>
>
"Anthony" wrote:
>
>>
You haven't given any details of your LAN, but in general your DNS server
>>
should:
>>
- contain a zone for your internal resources
>>
- have a forwarder to the ISP's DSN server for all other resources.
>>
Anthony,
>>
http://www.airdesk.com
>>
>>
>>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>>
news:CA5C679F-5972-41F7-BC37-17BF8F5EA55C@microsoft.com...
>>
> you want me to setup the forwarder to my ISP's DNS server
>>
>
>>
> "Anthony" wrote:
>>
>
>>
>> Is your DNS set up the way I described?
>>
>> Anthony,
>>
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>>
>> news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>>
>> >a local computer will resolve to the VPN IP address of the
server I'm
>>
>> >trying
>>
>> > to resolve.
>>
>> >
>>
>> >
>>
>> > "Anthony" wrote:
>>
>> >
>>
>> >> OK, if you forget about the VPN for a moment, what
happens if a
>>
>> >> local
>>
>> >> client
>>
>> >> on your LAN uses that DNS server?
>>
>> >> There are really only two things you need to set up to
make the DNS
>>
>> >> server
>>
>> >> work:
>>
>> >> - a forwarder to an external DNS server, run by your ISP
>>
>> >> - an internal zone, that the local resources are in.
>>
>> >> Anthony,
>>
>> >> http://www.airdesk.co.uk
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> message
>>
>> >>
news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>>
>> >> > thats correct our VPN clients are set to use an IP
address and
>>
>> >> > DNS
>>
>> >> > and
>>
>> >> > wins
>>
>> >> > server. The problem is that the dns server is
not resolving any
>>
>> >> > names
>>
>> >> > correctly. I can ping the dns server correctly
across the
>>
>> >> > connection
>>
>> >> > by
>>
>> >> > ip
>>
>> >> > address as well as all the servers I'm trying to
reach. I'm
>>
>> >> > wondering
>>
>> >> > if
>>
>> >> > I
>>
>> >> > set the dns server up wrong. I'm trying to
create a zone just
>>
>> >> > for
>>
>> >> > the
>>
>> >> > VPN
>>
>> >> > resolution.
>>
>> >> >
>>
>> >> > "Anthony" wrote:
>>
>> >> >
>>
>> >> >> Hi George,
>>
>> >> >> I am not quite sure what you can mean.
>>
>> >> >> What VPN method are you using? Normally the VPN
connection
>>
>> >> >> assigns
>>
>> >> >> an
>>
>> >> >> IP
>>
>> >> >> address and a DNS server to the VPN client,
>>
>> >> >> Anthony,
>>
>> >> >> http://www.airdesk.co.uk
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> >> message
>>
>> >> >>
news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>>
>> >> >> >I want to setup a DNS server to resolve
names for our VPN
>>
>> >> >> >clients.
>>
>> >> >> >Any
>>
>> >> >> > suggestions on how to do this? I
believe I set it up right
>>
>> >> >> > but
>>
>> >> >> > none
>>
>> >> >> > of
>>
>> >> >> > the
>>
>> >> >> > names can be resolved. Everything is
working correctly via iP
>>
>> >> >> > though.
>>
>> >> >> > Is
>>
>> >> >> > there anythign special I need to do
to allow resolution from
>>
>> >> >> > the
>>
>> >> >> > VPN
>>
>> >> >> > cleints
>>
>> >> >> > since the cleints have different network
address than our
>>
>> >> >> > internal
>>
>> >> >> > network.
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >>
>>
>> >>
>>
>> >>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Top
From: George Schneider
<georgedschneider@news.postalias>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 15:18:01
then
my question is why will it not resolve when I ask across my VPN
connection?
Do
you think my best bet is to uninstall dns and wins and start from scratch?
"Anthony"
wrote:
>
No, the DNS server will respond to anyone who asks,
>
Anthony.
>
http://www.airdesk.co.uk
>
>
>
>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>
news:D7C25B2C-A5F3-411E-BAB3-25B013CA9350@microsoft.com...
>
> this is a specialized DNS server I'm trying to use for the specific
>
> purpose
>
> of resolving names on the vpn connection. The server will not
need to
>
> resolve name outside of the local resources i've specified. The
IP
>
> address
>
> of the server is a local lan address. Do I have specify for the
server to
>
> answer queries from a different network such as the vpn network? If so
how
>
> would i do this?
>
>
>
> "Anthony" wrote:
>
>
>
>> You haven't given any details of your LAN, but in general your DNS
server
>
>> should:
>
>> - contain a zone for your internal resources
>
>> - have a forwarder to the ISP's DSN server for all other
resources.
>
>> Anthony,
>
>> http://www.airdesk.com
>
>>
>
>>
>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> news:CA5C679F-5972-41F7-BC37-17BF8F5EA55C@microsoft.com...
>
>> > you want me to setup the forwarder to my ISP's DNS server
>
>> >
>
>> > "Anthony" wrote:
>
>> >
>
>> >> Is your DNS set up the way I described?
>
>> >> Anthony,
>
>> >> http://www.airdesk.co.uk
>
>> >>
>
>> >>
>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>
>> >>
news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>
>> >> >a local computer will resolve to the VPN IP address
of the server I'm
>
>> >> >trying
>
>> >> > to resolve.
>
>> >> >
>
>> >> >
>
>> >> > "Anthony" wrote:
>
>> >> >
>
>> >> >> OK, if you forget about the VPN for a moment,
what happens if a
>
>> >> >> local
>
>> >> >> client
>
>> >> >> on your LAN uses that DNS server?
>
>> >> >> There are really only two things you need to set
up to make the DNS
>
>> >> >> server
>
>> >> >> work:
>
>> >> >> - a forwarder to an external DNS server, run by
your ISP
>
>> >> >> - an internal zone, that the local resources are
in.
>
>> >> >> Anthony,
>
>> >> >> http://www.airdesk.co.uk
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>
>> >> >> message
>
>> >> >>
news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>
>> >> >> > thats correct our VPN clients are set to
use an IP address and
>
>> >> >> > DNS
>
>> >> >> > and
>
>> >> >> > wins
>
>> >> >> > server. The problem is that the dns
server is not resolving any
>
>> >> >> > names
>
>> >> >> > correctly. I can ping the dns server
correctly across the
>
>> >> >> > connection
>
>> >> >> > by
>
>> >> >> > ip
>
>> >> >> > address as well as all the servers I'm
trying to reach. I'm
>
>> >> >> > wondering
>
>> >> >> > if
>
>> >> >> > I
>
>> >> >> > set the dns server up wrong. I'm
trying to create a zone just
>
>> >> >> > for
>
>> >> >> > the
>
>> >> >> > VPN
>
>> >> >> > resolution.
>
>> >> >> >
>
>> >> >> > "Anthony" wrote:
>
>> >> >> >
>
>> >> >> >> Hi George,
>
>> >> >> >> I am not quite sure what you can mean.
>
>> >> >> >> What VPN method are you using? Normally
the VPN connection
>
>> >> >> >> assigns
>
>> >> >> >> an
>
>> >> >> >> IP
>
>> >> >> >> address and a DNS server to the VPN
client,
>
>> >> >> >> Anthony,
>
>> >> >> >> http://www.airdesk.co.uk
>
>> >> >> >>
>
>> >> >> >>
>
>> >> >> >>
>
>> >> >> >>
>
>> >> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>
>> >> >> >> message
>
>> >> >> >>
news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>
>> >> >> >> >I want to setup a DNS server to
resolve names for our VPN
>
>> >> >> >> >clients.
>
>> >> >> >> >Any
>
>> >> >> >> > suggestions on how to do
this? I believe I set it up right
>
>> >> >> >> > but
>
>> >> >> >> > none
>
>> >> >> >> > of
>
>> >> >> >> > the
>
>> >> >> >> > names can be resolved.
Everything is working correctly via iP
>
>> >> >> >> > though.
>
>> >> >> >> > Is
>
>> >> >> >> > there anythign special I
need to do to allow resolution from
>
>> >> >> >> > the
>
>> >> >> >> > VPN
>
>> >> >> >> > cleints
>
>> >> >> >> > since the cleints have different
network address than our
>
>> >> >> >> > internal
>
>> >> >> >> > network.
>
>> >> >> >>
>
>> >> >> >>
>
>> >> >> >>
>
>> >> >>
>
>> >> >>
>
>> >> >>
>
>> >>
>
>> >>
>
>> >>
>
>>
>
>>
>
>>
>
>
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: VPN
Date:
09/14/2007 15:51:14
No.
I don't.
Can
you confirm what question you are asking? I can see you have a problem
with
something, but I can't see exactly what.
Anthony,
http://www.airdesk.co.uk
"George
Schneider" <georgedschneider@news.postalias> wrote in message
news:EBE4A9AD-2D47-4ABC-A920-67B7E4E6ED5C@microsoft.com...
>
then my question is why will it not resolve when I ask across my VPN
>
connection?
>
>
Do you think my best bet is to uninstall dns and wins and start from
>
scratch?
>
>
"Anthony" wrote:
>
>>
No, the DNS server will respond to anyone who asks,
>>
Anthony.
>>
http://www.airdesk.co.uk
>>
>>
>>
>>
"George Schneider" <georgedschneider@news.postalias> wrote
in message
>>
news:D7C25B2C-A5F3-411E-BAB3-25B013CA9350@microsoft.com...
>>
> this is a specialized DNS server I'm trying to use for the specific
>>
> purpose
>>
> of resolving names on the vpn connection. The server will not
need to
>>
> resolve name outside of the local resources i've specified. The
IP
>>
> address
>>
> of the server is a local lan address. Do I have specify for the
server
>>
> to
>>
> answer queries from a different network such as the vpn network? If so
>>
> how
>>
> would i do this?
>>
>
>>
> "Anthony" wrote:
>>
>
>>
>> You haven't given any details of your LAN, but in general your DNS
>>
>> server
>>
>> should:
>>
>> - contain a zone for your internal resources
>>
>> - have a forwarder to the ISP's DSN server for all other
resources.
>>
>> Anthony,
>>
>> http://www.airdesk.com
>>
>>
>>
>>
>>
>> "George Schneider"
<georgedschneider@news.postalias> wrote in message
>>
>> news:CA5C679F-5972-41F7-BC37-17BF8F5EA55C@microsoft.com...
>>
>> > you want me to setup the forwarder to my ISP's DNS server
>>
>> >
>>
>> > "Anthony" wrote:
>>
>> >
>>
>> >> Is your DNS set up the way I described?
>>
>> >> Anthony,
>>
>> >> http://www.airdesk.co.uk
>>
>> >>
>>
>> >>
>>
>> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> message
>>
>> >>
news:EAAFAAC2-9F2C-40E6-8908-E1967C3F5955@microsoft.com...
>>
>> >> >a local computer will resolve to the VPN IP address
of the server
>>
>> >> >I'm
>>
>> >> >trying
>>
>> >> > to resolve.
>>
>> >> >
>>
>> >> >
>>
>> >> > "Anthony" wrote:
>>
>> >> >
>>
>> >> >> OK, if you forget about the VPN for a moment,
what happens if a
>>
>> >> >> local
>>
>> >> >> client
>>
>> >> >> on your LAN uses that DNS server?
>>
>> >> >> There are really only two things you need to set
up to make the
>>
>> >> >> DNS
>>
>> >> >> server
>>
>> >> >> work:
>>
>> >> >> - a forwarder to an external DNS server, run by
your ISP
>>
>> >> >> - an internal zone, that the local resources are
in.
>>
>> >> >> Anthony,
>>
>> >> >> http://www.airdesk.co.uk
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> >> message
>>
>> >> >>
news:BFADB6A2-784F-4ECA-B122-0B45CB8A30E6@microsoft.com...
>>
>> >> >> > thats correct our VPN clients are set to
use an IP address and
>>
>> >> >> > DNS
>>
>> >> >> > and
>>
>> >> >> > wins
>>
>> >> >> > server. The problem is that the dns
server is not resolving
>>
>> >> >> > any
>>
>> >> >> > names
>>
>> >> >> > correctly. I can ping the dns server
correctly across the
>>
>> >> >> > connection
>>
>> >> >> > by
>>
>> >> >> > ip
>>
>> >> >> > address as well as all the servers I'm
trying to reach. I'm
>>
>> >> >> > wondering
>>
>> >> >> > if
>>
>> >> >> > I
>>
>> >> >> > set the dns server up wrong. I'm
trying to create a zone just
>>
>> >> >> > for
>>
>> >> >> > the
>>
>> >> >> > VPN
>>
>> >> >> > resolution.
>>
>> >> >> >
>>
>> >> >> > "Anthony" wrote:
>>
>> >> >> >
>>
>> >> >> >> Hi George,
>>
>> >> >> >> I am not quite sure what you can mean.
>>
>> >> >> >> What VPN method are you using? Normally
the VPN connection
>>
>> >> >> >> assigns
>>
>> >> >> >> an
>>
>> >> >> >> IP
>>
>> >> >> >> address and a DNS server to the VPN
client,
>>
>> >> >> >> Anthony,
>>
>> >> >> >> http://www.airdesk.co.uk
>>
>> >> >> >>
>>
>> >> >> >>
>>
>> >> >> >>
>>
>> >> >> >>
>>
>> >> >> >> "George Schneider"
<georgedschneider@news.postalias> wrote in
>>
>> >> >> >> message
>>
>> >> >> >> news:445CAD95-7A26-45B4-8AF4-C8DFB1B857B0@microsoft.com...
>>
>> >> >> >> >I want to setup a DNS server to
resolve names for our VPN
>>
>> >> >> >> >clients.
>>
>> >> >> >> >Any
>>
>> >> >> >> > suggestions on how to do
this? I believe I set it up right
>>
>> >> >> >> > but
>>
>> >> >> >> > none
>>
>> >> >> >> > of
>>
>> >> >> >> > the
>>
>> >> >> >> > names can be resolved.
Everything is working correctly via
>>
>> >> >> >> > iP
>>
>> >> >> >> > though.
>>
>> >> >> >> > Is
>>
>> >> >> >> > there anythign special I
need to do to allow resolution
>>
>> >> >> >> > from
>>
>> >> >> >> > the
>>
>> >> >> >> > VPN
>>
>> >> >> >> > cleints
>>
>> >> >> >> > since the cleints have different
network address than our
>>
>> >> >> >> > internal
>>
>> >> >> >> > network.
>>
>> >> >> >>
>>
>> >> >> >>
>>
>> >> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >> >>
>>
>> >>
>>
>> >>
>>
>> >>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: VPN Clients DNS Issue
Date:
09/14/2007 12:11:34
When
they make a VPN connection, they should be assigned an internal DNS
server,
that should contain the internal resource addresses,
Anthony
http://www.airdesk.co.uk
"David"
<david@david.com> wrote in message
news:%23qxVcRu9HHA.3916@TK2MSFTNGP02.phx.gbl...
>
Hi All,
>
>
I am having an annoying issue with my VPN clients. I have our webmail
>
configured to resolve from both external and internal clients.
>
https://webmail.domain.com. Internally it resolves to a 192.168.8.103
IP
>
address and externally it resolves to a 74.x.x.x address. The problem
is
>
when my VPN clients remote in for some reason they are not using our local
>
DNS and they are resolving to our external DNS IP. Our firebox isn't
>
letting local traffic access a WAN IP address so the users are getting a
>
request timed out. How can I force a remote user to use a local DNS server
>
when remoted in?
>
>
Thanks,
>
>
Dave
>
A+, Network+, MCP++++++
>
Top
From: David <david@david.com>
To:
none
Subject:
Re: VPN Clients DNS Issue
Date:
09/14/2007 14:45:16
I
know it's really weird. One of the clients is working really well,
but
all
the others are keeping the external resolution for our webmail domain
after
remoting in. I tried doing an ipconfig /flushdns, but the VPN client
was
still resolving to the external IP. Has anyone seen this
before? We
are
using a Watchguard firewall to handle our PPTP VPN. Other then this
strange
issue it has been working extremely well.
"Anthony"
<anthony.spam@spammedout.com> wrote in message
news:uko62Iv9HHA.5456@TK2MSFTNGP05.phx.gbl...
>
When they make a VPN connection, they should be assigned an internal DNS
>
server, that should contain the internal resource addresses,
>
Anthony
>
http://www.airdesk.co.uk
>
>
>
>
"David" <david@david.com> wrote in message
>
news:%23qxVcRu9HHA.3916@TK2MSFTNGP02.phx.gbl...
>>
Hi All,
>>
>>
I am having an annoying issue with my VPN clients. I have our webmail
>>
configured to resolve from both external and internal clients.
>>
https://webmail.domain.com. Internally it resolves to a 192.168.8.103
IP
>>
address and externally it resolves to a 74.x.x.x address. The problem
is
>>
when my VPN clients remote in for some reason they are not using our
>>
local DNS and they are resolving to our external DNS IP. Our firebox
>>
isn't letting local traffic access a WAN IP address so the users are
>>
getting a request timed out. How can I force a remote user to use a local
>>
DNS server when remoted in?
>>
>>
Thanks,
>>
>>
Dave
>>
A+, Network+, MCP++++++
>>
>
>
Top
From: Kevin D. Goodknecht Sr. [MVP]
<admin@nospam.WFTX.US>
To:
none
Subject:
Re: VPN Clients DNS Issue
Date:
09/14/2007 16:15:01
Read
inline please.
In
news:ePQqJfw9HHA.5424@TK2MSFTNGP02.phx.gbl,
David
<david@david.com> typed:
>
I know it's really weird. One of the clients is working really well,
>
but all the others are keeping the external resolution for our
>
webmail domain after remoting in. I tried doing an ipconfig
>
/flushdns, but the VPN client was still resolving to the external IP.
>
Has anyone seen this before? We are using a Watchguard firewall to
>
handle our PPTP VPN. Other then this strange issue it has been
>
working extremely well.
Is
this a site to site VPN or a client to site VPN?
This
is more a problem with your Watchguard Firewall VPN client. It is
obviously
becoming your default gateway, and your ISP's DNS are still your
Preferred
DNS. Meaning your ISP DNS is resolving the name to its public
address
which won't work if the VPN is your default gateway. If you have
only
one subnet on your network, the VPN need not be your default gateway,
you
can maintain your ISP as your default gateway, while packets destined to
the
remote network will go up the VPN. Provided your local network is not
the
same subnet as the remote network.
Post
your ipconfig /all with the VPN connected.
It
is also possible that this is a caching issue, stopping the DNS client
service
(net
stop dnscache in a cmd prompt) will verify this.
--
Best
regards,
Kevin
D. Goodknecht Sr. [MVP]
Hope
This Helps
===================================
When
responding to posts, please "Reply to Group"
via
your newsreader so that others may learn and
benefit
from your issue, to respond directly to
me
remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use
Outlook Express?... Get OE_Quotefix:
It
will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep
a back up of your OE settings and folders
with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Top
From: David <david@david.com>
To:
none
Subject:
Re: VPN Clients DNS Issue
Date:
09/18/2007 09:50:03
It
is a PPTP client connecting to a Watchguard Firebox. When the client
connects
to the VPN they receive our LAN DNS servers as both the primary and
secondary
DNS servers on the VPN connection. I disabled DNS cache and tried
again
but it resolved to the same thing. When I do an nslookup on the
client
it shows that the default DNS server is the DNS server that is local
to
the VPN client and not our network. How can I force a DNS server once
connected
to a VPN? Is there a DNS server metric?
"Kevin
D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ehULRRx9HHA.1204@TK2MSFTNGP03.phx.gbl...
>
Read inline please.
>
>
In news:ePQqJfw9HHA.5424@TK2MSFTNGP02.phx.gbl,
>
David <david@david.com> typed:
>>
I know it's really weird. One of the clients is working really well,
>>
but all the others are keeping the external resolution for our
>>
webmail domain after remoting in. I tried doing an ipconfig
>>
/flushdns, but the VPN client was still resolving to the external IP.
>>
Has anyone seen this before? We are using a Watchguard firewall to
>>
handle our PPTP VPN. Other then this strange issue it has been
>>
working extremely well.
>
>
Is this a site to site VPN or a client to site VPN?
>
>
This is more a problem with your Watchguard Firewall VPN client. It is
>
obviously becoming your default gateway, and your ISP's DNS are still your
>
Preferred DNS. Meaning your ISP DNS is resolving the name to its public
>
address which won't work if the VPN is your default gateway. If you have
>
only one subnet on your network, the VPN need not be your default gateway,
>
you can maintain your ISP as your default gateway, while packets destined
>
to
>
the remote network will go up the VPN. Provided your local network is not
>
the same subnet as the remote network.
>
Post your ipconfig /all with the VPN connected.
>
>
It is also possible that this is a caching issue, stopping the DNS client
>
service
>
(net stop dnscache in a cmd prompt) will verify this.
>
>
>
>
--
>
Best regards,
>
Kevin D. Goodknecht Sr. [MVP]
>
Hope This Helps
>
>
===================================
>
When responding to posts, please "Reply to Group"
>
via your newsreader so that others may learn and
>
benefit from your issue, to respond directly to
>
me remove the nospam. from my email address.
>
===================================
>
http://www.lonestaramerica.com/
>
http://support.wftx.us/
>
http://message.wftx.us/
>
===================================
>
Use Outlook Express?... Get OE_Quotefix:
>
It will strip signature out and more
>
http://home.in.tum.de/~jain/software/oe-quotefix/
>
===================================
>
Keep a back up of your OE settings and folders
>
with OEBackup:
>
http://www.oehelp.com/OEBackup/Default.aspx
>
===================================
>
>
Top
From: David <david@david.com>
To:
none
Subject:
Re: VPN Clients DNS Issue
Date:
09/18/2007 15:14:22
The
problem is the way that Windows XP has the network adapters bound.
Even
if
you change the binding order it still doesn't work right. You have to
manually
go to HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\LINKAGE\BIND and
cut
\device\ndiswanip from the bottom and paste it to the top. Once you
do
this
the DNS will resolve correctly when you are connected to a VPN. Here
is
code for a vbscript that will do it for you automatically.
Const
HKLM = &H80000002
sComputer
= "."
Set
oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& sComputer & "\root\default:StdRegProv")
sKeyPath
= "SYSTEM\CurrentControlSet\Services\Tcpip\Linkage"
sValueName
= "Bind"
oReg.GetMultiStringValue
HKLM, sKeyPath, sValueName, arValues
arValuesNew
= Array()
For
i = 0 To UBound(arValues)
If i = 0 Then
If LCase(arValues(i)) = "\device\ndiswanip" Then
' entry is alredy first in the list, no point in continuing
Exit For
Else
' put NdisWanIp in the first element in the new array
ReDim Preserve arValuesNew(0)
arValuesNew(0) = "\Device\NdisWanIp"
End If
End If
If LCase(arValues(i)) <> "\device\ndiswanip" Then
iCountNew = UBound(arValuesNew) + 1
ReDim Preserve arValuesNew(iCountNew)
arValuesNew(iCountNew) = arValues(i)
End If
Next
If
UBound(arValuesNew) > -1 Then
oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew
End
If
"David"
<david@david.com> wrote in message
news:eVif7Mg%23HHA.1416@TK2MSFTNGP03.phx.gbl...
>
It is a PPTP client connecting to a Watchguard Firebox. When the
client
>
connects to the VPN they receive our LAN DNS servers as both the primary
>
and secondary DNS servers on the VPN connection. I disabled DNS cache
and
>
tried again but it resolved to the same thing. When I do an nslookup
on
>
the client it shows that the default DNS server is the DNS server that is
>
local to the VPN client and not our network. How can I force a DNS
server
>
once connected to a VPN? Is there a DNS server metric?
>
>
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US>
wrote in message
>
news:ehULRRx9HHA.1204@TK2MSFTNGP03.phx.gbl...
>>
Read inline please.
>>
>>
In news:ePQqJfw9HHA.5424@TK2MSFTNGP02.phx.gbl,
>>
David <david@david.com> typed:
>>>
I know it's really weird. One of the clients is working really well,
>>>
but all the others are keeping the external resolution for our
>>>
webmail domain after remoting in. I tried doing an ipconfig
>>>
/flushdns, but the VPN client was still resolving to the external IP.
>>>
Has anyone seen this before? We are using a Watchguard firewall to
>>>
handle our PPTP VPN. Other then this strange issue it has been
>>>
working extremely well.
>>
>>
Is this a site to site VPN or a client to site VPN?
>>
>>
This is more a problem with your Watchguard Firewall VPN client. It is
>>
obviously becoming your default gateway, and your ISP's DNS are still
>>
your
>>
Preferred DNS. Meaning your ISP DNS is resolving the name to its public
>>
address which won't work if the VPN is your default gateway. If you have
>>
only one subnet on your network, the VPN need not be your default
>>
gateway,
>>
you can maintain your ISP as your default gateway, while packets destined
>>
to
>>
the remote network will go up the VPN. Provided your local network is not
>>
the same subnet as the remote network.
>>
Post your ipconfig /all with the VPN connected.
>>
>>
It is also possible that this is a caching issue, stopping the DNS client
>>
service
>>
(net stop dnscache in a cmd prompt) will verify this.
>>
>>
>>
>>
--
>>
Best regards,
>>
Kevin D. Goodknecht Sr. [MVP]
>>
Hope This Helps
>>
>>
===================================
>>
When responding to posts, please "Reply to Group"
>>
via your newsreader so that others may learn and
>>
benefit from your issue, to respond directly to
>>
me remove the nospam. from my email address.
>>
===================================
>>
http://www.lonestaramerica.com/
>>
http://support.wftx.us/
>>
http://message.wftx.us/
>>
===================================
>>
Use Outlook Express?... Get OE_Quotefix:
>>
It will strip signature out and more
>>
http://home.in.tum.de/~jain/software/oe-quotefix/
>>
===================================
>>
Keep a back up of your OE settings and folders
>>
with OEBackup:
>>
http://www.oehelp.com/OEBackup/Default.aspx
>>
===================================
>>
>>
>
>
Top
From: Jorge Silva <jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/24/2007 16:23:37
Hi
This
can take some time, maybe if you restart the DNS service.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"Leo"
<leo1664@noemail.noemail> wrote in message
news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>I
have a Forward Lookup Stub Zone created on a 2K3 server to pull Zone
>information
from a remote site over a VPN link, the problem I have is I
>cannot
transfer the Zone Information.
>
>
When I click on the zone the following error is displayed "Zone Not
Loaded
>
by DNS Server"
>
>
Transfer/Reload from Master appear to do nothing & no events appear to
be
>
logged.
>
>
If anyone could offer any assistance in troubleshooting it would be
>
appreciated.
>
>
Thanks
>
>
Leo
>
Top
From: v-kzhao@online.microsoft.com (Ken
Zhao [MSFT])
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 00:08:19
Hello
Leo,
Thank
you for using newsgroup!
From
your post, it seems the DNS zone transfer has not been successful
through
VPN slow link. Maybe it will need some time to accomplish the zone
transfer.
If the transfer won't be finished, please check the VPN
connection
to see if there is firewall setting or connection to disturb the
zone
transfer between two sites.
Thanks
& Regards,
Ken
Zhao
Microsoft
Online Support
Microsoft
Global Technical Support Center
Get
Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
====================================================
When
responding to posts, please "Reply to Group" via your newsreader
so
that
others may learn and benefit from your issue.
====================================================
This
posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
|
From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
|
References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
|
Subject: Re: W2K3 Stub Zone
|
Date: Mon, 24 Sep 2007 22:23:37 +0100
|
Lines: 30
|
X-Priority: 3
|
X-MSMail-Priority: Normal
|
X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
|
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
|
X-RFC2646: Format=Flowed; Response
|
Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
|
Newsgroups: microsoft.public.windows.server.dns
|
NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
|
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
|
X-Tomcat-NG: microsoft.public.windows.server.dns
|
|
Hi
|
This can take some time, maybe if you restart the DNS service.
|
|
--
| I
hope that the information above helps you.
|
Have a Nice day.
|
|
Jorge Silva
|
MCSE, MVP Directory Services
|
"Leo" <leo1664@noemail.noemail> wrote in message
|
news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
|
>I have a Forward Lookup Stub Zone created on a 2K3 server to pull Zone
|
>information from a remote site over a VPN link, the problem I have is I
|
>cannot transfer the Zone Information.
|
>
|
> When I click on the zone the following error is displayed "Zone
Not
Loaded
|
> by DNS Server"
| >
|
> Transfer/Reload from Master appear to do nothing & no events
appear to
be
|
> logged.
|
>
|
> If anyone could offer any assistance in troubleshooting it would be
|
> appreciated.
|
>
|
> Thanks
|
>
|
> Leo
|
>
|
|
|
Top
From: Leo <leo1664@noemail.noemail>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 02:33:13
Thanks
for the replies.
I
have restarted the DNS server & this makes no difference.
The
VPN remains up & I get ping responses from both of the remote DNS
servers.
Any
other ideas?
Leo
""Ken
Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in
message
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>
Hello Leo,
>
>
Thank you for using newsgroup!
>
>
From your post, it seems the DNS zone transfer has not been successful
>
through VPN slow link. Maybe it will need some time to accomplish the zone
>
transfer. If the transfer won't be finished, please check the VPN
>
connection to see if there is firewall setting or connection to disturb
>
the
>
zone transfer between two sites.
>
>
Thanks & Regards,
>
>
Ken Zhao
>
>
Microsoft Online Support
>
Microsoft Global Technical Support Center
>
>
Get Secure! - www.microsoft.com/security
>
<http://www.microsoft.com/security>
>
====================================================
>
When responding to posts, please "Reply to Group" via your
newsreader so
>
that others may learn and benefit from your issue.
>
====================================================
>
This posting is provided "AS IS" with no warranties, and confers
no
>
rights.
>
>
>
>
>
>
--------------------
>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>
| Subject: Re: W2K3 Stub Zone
>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>
| Lines: 30
>
| X-Priority: 3
>
| X-MSMail-Priority: Normal
>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>
| X-RFC2646: Format=Flowed; Response
>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>
| Newsgroups: microsoft.public.windows.server.dns
>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>
|
>
| Hi
>
| This can take some time, maybe if you restart the DNS service.
>
|
>
| --
>
| I hope that the information above helps you.
>
| Have a Nice day.
>
|
>
| Jorge Silva
>
| MCSE, MVP Directory Services
>
| "Leo" <leo1664@noemail.noemail> wrote in message
>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
Zone
>
| >information from a remote site over a VPN link, the problem I have is
I
>
| >cannot transfer the Zone Information.
>
| >
>
| > When I click on the zone the following error is displayed "Zone
Not
>
Loaded
>
| > by DNS Server"
>
| >
>
| > Transfer/Reload from Master appear to do nothing & no events
appear to
>
be
>
| > logged.
>
| >
>
| > If anyone could offer any assistance in troubleshooting it would be
>
| > appreciated.
>
| >
>
| > Thanks
>
| >
>
| > Leo
>
| >
>
|
>
|
>
|
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 03:54:58
Is
it possible that you are not "allowed" by the remote server to
copy from
it?
Anthony,
http://www.airdesk.com.uk
"Leo"
<leo1664@noemail.noemail> wrote in message
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>
Thanks for the replies.
>
>
I have restarted the DNS server & this makes no difference.
>
>
The VPN remains up & I get ping responses from both of the remote DNS
>
servers.
>
>
Any other ideas?
>
>
Leo
>
>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>
Hello Leo,
>>
>>
Thank you for using newsgroup!
>>
>>
From your post, it seems the DNS zone transfer has not been successful
>>
through VPN slow link. Maybe it will need some time to accomplish the
>>
zone
>>
transfer. If the transfer won't be finished, please check the VPN
>>
connection to see if there is firewall setting or connection to disturb
>>
the
>>
zone transfer between two sites.
>>
>>
Thanks & Regards,
>>
>>
Ken Zhao
>>
>>
Microsoft Online Support
>>
Microsoft Global Technical Support Center
>>
>>
Get Secure! - www.microsoft.com/security
>>
<http://www.microsoft.com/security>
>>
====================================================
>>
When responding to posts, please "Reply to Group" via your newsreader
so
>>
that others may learn and benefit from your issue.
>>
====================================================
>>
This posting is provided "AS IS" with no warranties, and confers
no
>>
rights.
>>
>>
>>
>>
>>
>>
--------------------
>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>
| Subject: Re: W2K3 Stub Zone
>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>
| Lines: 30
>>
| X-Priority: 3
>>
| X-MSMail-Priority: Normal
>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>
| X-RFC2646: Format=Flowed; Response
>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>
| Newsgroups: microsoft.public.windows.server.dns
>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>
|
>>
| Hi
>>
| This can take some time, maybe if you restart the DNS service.
>>
|
>>
| --
>>
| I hope that the information above helps you.
>>
| Have a Nice day.
>>
|
>>
| Jorge Silva
>>
| MCSE, MVP Directory Services
>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
Zone
>>
| >information from a remote site over a VPN link, the problem I have is
>>
I
>>
| >cannot transfer the Zone Information.
>>
| >
>>
| > When I click on the zone the following error is displayed "Zone
Not
>>
Loaded
>>
| > by DNS Server"
>>
| >
>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>
to
>>
be
>>
| > logged.
>>
| >
>>
| > If anyone could offer any assistance in troubleshooting it would be
>>
| > appreciated.
>>
| >
>>
| > Thanks
>>
| >
>>
| > Leo
>>
| >
>>
|
>>
|
>>
|
>>
>
>
Top
From: Leo <leo1664@noemail.noemail>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 04:18:17
Thanks
for the reply,
This
has been working correctly for over a month and when it stopped I did
check
with the remote sites IT guys & they said they hadn't changed anything
but
I will get confirmation that they are still allowing Zone Transfers and
post
back
Leo
"Anthony"
<anthony.spam@spammedout.com> wrote in message
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>
Is it possible that you are not "allowed" by the remote server to
copy
>
from it?
>
Anthony, http://www.airdesk.com.uk
>
>
>
>
"Leo" <leo1664@noemail.noemail> wrote in message
>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>
Thanks for the replies.
>>
>>
I have restarted the DNS server & this makes no difference.
>>
>>
The VPN remains up & I get ping responses from both of the remote DNS
>>
servers.
>>
>>
Any other ideas?
>>
>>
Leo
>>
>>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>
Hello Leo,
>>>
>>>
Thank you for using newsgroup!
>>>
>>>
From your post, it seems the DNS zone transfer has not been successful
>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>
zone
>>>
transfer. If the transfer won't be finished, please check the VPN
>>>
connection to see if there is firewall setting or connection to disturb
>>>
the
>>>
zone transfer between two sites.
>>>
>>>
Thanks & Regards,
>>>
>>>
Ken Zhao
>>>
>>>
Microsoft Online Support
>>>
Microsoft Global Technical Support Center
>>>
>>>
Get Secure! - www.microsoft.com/security
>>>
<http://www.microsoft.com/security>
>>>
====================================================
>>>
When responding to posts, please "Reply to Group" via your
newsreader so
>>>
that others may learn and benefit from your issue.
>>>
====================================================
>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>
rights.
>>>
>>>
>>>
>>>
>>>
>>>
--------------------
>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>
| Subject: Re: W2K3 Stub Zone
>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>
| Lines: 30
>>>
| X-Priority: 3
>>>
| X-MSMail-Priority: Normal
>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>
| X-RFC2646: Format=Flowed; Response
>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>
|
>>>
| Hi
>>>
| This can take some time, maybe if you restart the DNS service.
>>>
|
>>>
| --
>>>
| I hope that the information above helps you.
>>>
| Have a Nice day.
>>>
|
>>>
| Jorge Silva
>>>
| MCSE, MVP Directory Services
>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>
Zone
>>>
| >information from a remote site over a VPN link, the problem I have is
>>>
I
>>>
| >cannot transfer the Zone Information.
>>>
| >
>>>
| > When I click on the zone the following error is displayed "Zone
Not
>>>
Loaded
>>>
| > by DNS Server"
>>>
| >
>>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>>
to
>>>
be
>>>
| > logged.
>>>
| >
>>>
| > If anyone could offer any assistance in troubleshooting it would be
>>>
| > appreciated.
>>>
| >
>>>
| > Thanks
>>>
| >
>>>
| > Leo
>>>
| >
>>>
|
>>>
|
>>>
|
>>>
>>
>>
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 14:09:34
Stub
zones don't need to be authorized, you can configure any stub zone for
any
domain, the records that are returned to stub zones are public. You can
try
to any other public domain.
This
sounds FW issues or connectiovity problems, test DNS ports and check
connectivity.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"Leo"
<leo1664@noemail.noemail> wrote in message
news:OWyjCU1$HHA.748@TK2MSFTNGP04.phx.gbl...
>
Thanks for the reply,
>
>
This has been working correctly for over a month and when it stopped I did
>
check with the remote sites IT guys & they said they hadn't changed
>
anything but I will get confirmation that they are still allowing Zone
>
Transfers and post back
>
>
Leo
>
>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>>
Is it possible that you are not "allowed" by the remote server to
copy
>>
from it?
>>
Anthony, http://www.airdesk.com.uk
>>
>>
>>
>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>>
Thanks for the replies.
>>>
>>>
I have restarted the DNS server & this makes no difference.
>>>
>>>
The VPN remains up & I get ping responses from both of the remote DNS
>>>
servers.
>>>
>>>
Any other ideas?
>>>
>>>
Leo
>>>
>>>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>>
Hello Leo,
>>>>
>>>>
Thank you for using newsgroup!
>>>>
>>>>
From your post, it seems the DNS zone transfer has not been successful
>>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>>
zone
>>>>
transfer. If the transfer won't be finished, please check the VPN
>>>>
connection to see if there is firewall setting or connection to disturb
>>>>
the
>>>>
zone transfer between two sites.
>>>>
>>>>
Thanks & Regards,
>>>>
>>>>
Ken Zhao
>>>>
>>>>
Microsoft Online Support
>>>>
Microsoft Global Technical Support Center
>>>>
>>>>
Get Secure! - www.microsoft.com/security
>>>>
<http://www.microsoft.com/security>
>>>>
====================================================
>>>>
When responding to posts, please "Reply to Group" via your
newsreader
>>>>
so
>>>>
that others may learn and benefit from your issue.
>>>>
====================================================
>>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>>
rights.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
--------------------
>>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>>
| Subject: Re: W2K3 Stub Zone
>>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>>
| Lines: 30
>>>>
| X-Priority: 3
>>>>
| X-MSMail-Priority: Normal
>>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>>
| X-RFC2646: Format=Flowed; Response
>>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>>
| Path:
>>>>
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>>
|
>>>>
| Hi
>>>>
| This can take some time, maybe if you restart the DNS service.
>>>>
|
>>>>
| --
>>>>
| I hope that the information above helps you.
>>>>
| Have a Nice day.
>>>>
|
>>>>
| Jorge Silva
>>>>
| MCSE, MVP Directory Services
>>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>>
Zone
>>>>
| >information from a remote site over a VPN link, the problem I have
>>>>
is I
>>>>
| >cannot transfer the Zone Information.
>>>>
| >
>>>>
| > When I click on the zone the following error is displayed "Zone
Not
>>>>
Loaded
>>>>
| > by DNS Server"
>>>>
| >
>>>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>>>
to
>>>>
be
>>>>
| > logged.
>>>>
| >
>>>>
| > If anyone could offer any assistance in troubleshooting it would be
>>>>
| > appreciated.
>>>>
| >
>>>>
| > Thanks
>>>>
| >
>>>>
| > Leo
>>>>
| >
>>>>
|
>>>>
|
>>>>
|
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Leo <leo1664@noemail.noemail>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 15:06:29
I
have checked with the remote sites IT & they have informed me the
option
to
"Allow Zone transfers" is switched off on the Zone transfers tab.
I
did however read somewhere (can't remember where though) that this option
is
not required for Stub Zones. can anyone confirm this is fact or something
I
imagined?
Any
other suggestions?
thanks
Leo
"Anthony"
<anthony.spam@spammedout.com> wrote in message
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>
Is it possible that you are not "allowed" by the remote server to
copy
>
from it?
>
Anthony, http://www.airdesk.com.uk
>
>
>
>
"Leo" <leo1664@noemail.noemail> wrote in message
>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>
Thanks for the replies.
>>
>>
I have restarted the DNS server & this makes no difference.
>>
>>
The VPN remains up & I get ping responses from both of the remote DNS
>>
servers.
>>
>>
Any other ideas?
>>
>>
Leo
>>
>>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>
Hello Leo,
>>>
>>>
Thank you for using newsgroup!
>>>
>>>
From your post, it seems the DNS zone transfer has not been successful
>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>
zone
>>>
transfer. If the transfer won't be finished, please check the VPN
>>>
connection to see if there is firewall setting or connection to disturb
>>>
the
>>>
zone transfer between two sites.
>>>
>>>
Thanks & Regards,
>>>
>>>
Ken Zhao
>>>
>>>
Microsoft Online Support
>>>
Microsoft Global Technical Support Center
>>>
>>>
Get Secure! - www.microsoft.com/security
>>>
<http://www.microsoft.com/security>
>>>
====================================================
>>>
When responding to posts, please "Reply to Group" via your
newsreader so
>>>
that others may learn and benefit from your issue.
>>>
====================================================
>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>
rights.
>>>
>>>
>>>
>>>
>>>
>>>
--------------------
>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>
| Subject: Re: W2K3 Stub Zone
>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>
| Lines: 30
>>>
| X-Priority: 3
>>>
| X-MSMail-Priority: Normal
>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>
| X-RFC2646: Format=Flowed; Response
>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>
|
>>>
| Hi
>>>
| This can take some time, maybe if you restart the DNS service.
>>>
|
>>>
| --
>>>
| I hope that the information above helps you.
>>>
| Have a Nice day.
>>>
|
>>>
| Jorge Silva
>>>
| MCSE, MVP Directory Services
>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>
Zone
>>>
| >information from a remote site over a VPN link, the problem I have is
>>>
I
>>>
| >cannot transfer the Zone Information.
>>>
| >
>>>
| > When I click on the zone the following error is displayed "Zone
Not
>>>
Loaded
>>>
| > by DNS Server"
>>>
| >
>>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>>
to
>>>
be
>>>
| > logged.
>>>
| >
>>>
| > If anyone could offer any assistance in troubleshooting it would be
>>>
| > appreciated.
>>>
| >
>>>
| > Thanks
>>>
| >
>>>
| > Leo
>>>
| >
>>>
|
>>>
|
>>>
|
>>>
>>
>>
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 15:27:37
Stub
zones don't need to be authorized.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"Leo"
<leo1664@noemail.noemail> wrote in message
news:%23BJaR%236$HHA.4752@TK2MSFTNGP04.phx.gbl...
>I
have checked with the remote sites IT & they have informed me the
option
>to
"Allow Zone transfers" is switched off on the Zone transfers tab.
>
>
I did however read somewhere (can't remember where though) that this
>
option is not required for Stub Zones. can anyone confirm this is fact or
>
something I imagined?
>
>
Any other suggestions?
>
>
thanks
>
>
Leo
>
>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>>
Is it possible that you are not "allowed" by the remote server to
copy
>>
from it?
>>
Anthony, http://www.airdesk.com.uk
>>
>>
>>
>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>>
Thanks for the replies.
>>>
>>>
I have restarted the DNS server & this makes no difference.
>>>
>>>
The VPN remains up & I get ping responses from both of the remote DNS
>>>
servers.
>>>
>>>
Any other ideas?
>>>
>>>
Leo
>>>
>>>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>>
Hello Leo,
>>>>
>>>>
Thank you for using newsgroup!
>>>>
>>>>
From your post, it seems the DNS zone transfer has not been successful
>>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>>
zone
>>>>
transfer. If the transfer won't be finished, please check the VPN
>>>>
connection to see if there is firewall setting or connection to disturb
>>>>
the
>>>>
zone transfer between two sites.
>>>>
>>>>
Thanks & Regards,
>>>>
>>>>
Ken Zhao
>>>>
>>>>
Microsoft Online Support
>>>>
Microsoft Global Technical Support Center
>>>>
>>>>
Get Secure! - www.microsoft.com/security
>>>>
<http://www.microsoft.com/security>
>>>>
====================================================
>>>>
When responding to posts, please "Reply to Group" via your
newsreader
>>>>
so
>>>>
that others may learn and benefit from your issue.
>>>>
====================================================
>>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>>
rights.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
--------------------
>>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>>
| Subject: Re: W2K3 Stub Zone
>>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>>
| Lines: 30
>>>>
| X-Priority: 3
>>>>
| X-MSMail-Priority: Normal
>>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>>
| X-RFC2646: Format=Flowed; Response
>>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>>
| Path:
>>>>
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>>
|
>>>>
| Hi
>>>>
| This can take some time, maybe if you restart the DNS service.
>>>>
|
>>>>
| --
>>>>
| I hope that the information above helps you.
>>>>
| Have a Nice day.
>>>>
|
>>>>
| Jorge Silva
>>>>
| MCSE, MVP Directory Services
>>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>>
Zone
>>>>
| >information from a remote site over a VPN link, the problem I have
>>>>
is I
>>>>
| >cannot transfer the Zone Information.
>>>>
| >
>>>>
| > When I click on the zone the following error is displayed "Zone
Not
>>>>
Loaded
>>>>
| > by DNS Server"
>>>>
| >
>>>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>>>
to
>>>>
be
>>>>
| > logged.
>>>>
| >
>>>>
| > If anyone could offer any assistance in troubleshooting it would be
>>>>
| > appreciated.
>>>>
| >
>>>>
| > Thanks
>>>>
| >
>>>>
| > Leo
>>>>
| >
>>>>
|
>>>>
|
>>>>
|
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 15:31:12
You
don't need to allow zone transfer in order to get these NS to your Stub
Zones.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"Leo"
<leo1664@noemail.noemail> wrote in message
news:%23BJaR%236$HHA.4752@TK2MSFTNGP04.phx.gbl...
>I
have checked with the remote sites IT & they have informed me the
option
>to
"Allow Zone transfers" is switched off on the Zone transfers tab.
>
>
I did however read somewhere (can't remember where though) that this
>
option is not required for Stub Zones. can anyone confirm this is fact or
>
something I imagined?
>
>
Any other suggestions?
>
>
thanks
>
>
Leo
>
>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>>
Is it possible that you are not "allowed" by the remote server to
copy
>>
from it?
>>
Anthony, http://www.airdesk.com.uk
>>
>>
>>
>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>>
Thanks for the replies.
>>>
>>>
I have restarted the DNS server & this makes no difference.
>>>
>>>
The VPN remains up & I get ping responses from both of the remote DNS
>>>
servers.
>>>
>>>
Any other ideas?
>>>
>>>
Leo
>>>
>>>
""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com>
wrote in message
>>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>>
Hello Leo,
>>>>
>>>>
Thank you for using newsgroup!
>>>>
>>>>
From your post, it seems the DNS zone transfer has not been successful
>>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>>
zone
>>>>
transfer. If the transfer won't be finished, please check the VPN
>>>>
connection to see if there is firewall setting or connection to disturb
>>>>
the
>>>>
zone transfer between two sites.
>>>>
>>>>
Thanks & Regards,
>>>>
>>>>
Ken Zhao
>>>>
>>>>
Microsoft Online Support
>>>>
Microsoft Global Technical Support Center
>>>>
>>>>
Get Secure! - www.microsoft.com/security
>>>>
<http://www.microsoft.com/security>
>>>>
====================================================
>>>>
When responding to posts, please "Reply to Group" via your
newsreader
>>>>
so
>>>>
that others may learn and benefit from your issue.
>>>>
====================================================
>>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>>
rights.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
--------------------
>>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>>
| Subject: Re: W2K3 Stub Zone
>>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>>
| Lines: 30
>>>>
| X-Priority: 3
>>>>
| X-MSMail-Priority: Normal
>>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>>
| X-RFC2646: Format=Flowed; Response
>>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>>
| Path:
>>>>
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.dns:5170
>>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>>
|
>>>>
| Hi
>>>>
| This can take some time, maybe if you restart the DNS service.
>>>>
|
>>>>
| --
>>>>
| I hope that the information above helps you.
>>>>
| Have a Nice day.
>>>>
|
>>>>
| Jorge Silva
>>>>
| MCSE, MVP Directory Services
>>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>>
Zone
>>>>
| >information from a remote site over a VPN link, the problem I have
>>>>
is I
>>>>
| >cannot transfer the Zone Information.
>>>>
| >
>>>>
| > When I click on the zone the following error is displayed "Zone
Not
>>>>
Loaded
>>>>
| > by DNS Server"
>>>>
| >
>>>>
| > Transfer/Reload from Master appear to do nothing & no events
appear
>>>>
to
>>>>
be
>>>>
| > logged.
>>>>
| >
>>>>
| > If anyone could offer any assistance in troubleshooting it would be
>>>>
| > appreciated.
>>>>
| >
>>>>
| > Thanks
>>>>
| >
>>>>
| > Leo
>>>>
| >
>>>>
|
>>>>
|
>>>>
|
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Leo <leo1664@noemail.noemail>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 15:34:53
Thanks
for the quick answer.
Do
you have any tips on troubleshooting the issue or could you direct me to
a
tech doc?
Leo
"Jorge
Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:uun$Xe6$HHA.4324@TK2MSFTNGP02.phx.gbl...
>
Stub zones don't need to be authorized, you can configure any stub zone
>
for any domain, the records that are returned to stub zones are public.
>
You can try to any other public domain.
>
>
This sounds FW issues or connectiovity problems, test DNS ports and check
>
connectivity.
>
--
>
I hope that the information above helps you.
>
Have a Nice day.
>
>
Jorge Silva
>
MCSE, MVP Directory Services
>
"Leo" <leo1664@noemail.noemail> wrote in message
>
news:OWyjCU1$HHA.748@TK2MSFTNGP04.phx.gbl...
>>
Thanks for the reply,
>>
>>
This has been working correctly for over a month and when it stopped I
>>
did check with the remote sites IT guys & they said they hadn't changed
>>
anything but I will get confirmation that they are still allowing Zone
>>
Transfers and post back
>>
>>
Leo
>>
>>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>>
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>>>
Is it possible that you are not "allowed" by the remote server to
copy
>>>
from it?
>>>
Anthony, http://www.airdesk.com.uk
>>>
>>>
>>>
>>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>>>
Thanks for the replies.
>>>>
>>>>
I have restarted the DNS server & this makes no difference.
>>>>
>>>>
The VPN remains up & I get ping responses from both of the remote DNS
>>>>
servers.
>>>>
>>>>
Any other ideas?
>>>>
>>>>
Leo
>>>>
>>>>
""Ken Zhao [MSFT]""
<v-kzhao@online.microsoft.com> wrote in message
>>>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>>>
Hello Leo,
>>>>>
>>>>>
Thank you for using newsgroup!
>>>>>
>>>>>
From your post, it seems the DNS zone transfer has not been successful
>>>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>>>
zone
>>>>>
transfer. If the transfer won't be finished, please check the VPN
>>>>>
connection to see if there is firewall setting or connection to
>>>>>
disturb the
>>>>>
zone transfer between two sites.
>>>>>
>>>>>
Thanks & Regards,
>>>>>
>>>>>
Ken Zhao
>>>>>
>>>>>
Microsoft Online Support
>>>>>
Microsoft Global Technical Support Center
>>>>>
>>>>>
Get Secure! - www.microsoft.com/security
>>>>>
<http://www.microsoft.com/security>
>>>>>
====================================================
>>>>>
When responding to posts, please "Reply to Group" via your
newsreader
>>>>>
so
>>>>>
that others may learn and benefit from your issue.
>>>>>
====================================================
>>>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>>>
rights.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
--------------------
>>>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>>>
| Subject: Re: W2K3 Stub Zone
>>>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>>>
| Lines: 30
>>>>>
| X-Priority: 3
>>>>>
| X-MSMail-Priority: Normal
>>>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>>>
| X-RFC2646: Format=Flowed; Response
>>>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>>>
| Path:
>>>>>
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>>>
| Xref: TK2MSFTNGHUB02.phx.gbl
>>>>>
microsoft.public.windows.server.dns:5170
>>>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>>>
|
>>>>>
| Hi
>>>>>
| This can take some time, maybe if you restart the DNS service.
>>>>>
|
>>>>>
| --
>>>>>
| I hope that the information above helps you.
>>>>>
| Have a Nice day.
>>>>>
|
>>>>>
| Jorge Silva
>>>>>
| MCSE, MVP Directory Services
>>>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>>>
Zone
>>>>>
| >information from a remote site over a VPN link, the problem I have
>>>>>
is I
>>>>>
| >cannot transfer the Zone Information.
>>>>>
| >
>>>>>
| > When I click on the zone the following error is displayed "Zone
>>>>>
Not
>>>>>
Loaded
>>>>>
| > by DNS Server"
>>>>>
| >
>>>>>
| > Transfer/Reload from Master appear to do nothing & no events
>>>>>
appear to
>>>>>
be
>>>>>
| > logged.
>>>>>
| >
>>>>>
| > If anyone could offer any assistance in troubleshooting it would
>>>>>
be
>>>>>
| > appreciated.
>>>>>
| >
>>>>>
| > Thanks
>>>>>
| >
>>>>>
| > Leo
>>>>>
| >
>>>>>
|
>>>>>
|
>>>>>
|
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: W2K3 Stub Zone
Date:
09/25/2007 15:40:01
Enable
DNS debugging, and/or use Network monitor to check what is going.
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"Leo"
<leo1664@noemail.noemail> wrote in message
news:%233fFJO7$HHA.748@TK2MSFTNGP04.phx.gbl...
>
Thanks for the quick answer.
>
>
Do you have any tips on troubleshooting the issue or could you direct me
>
to a tech doc?
>
>
Leo
>
>
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>
news:uun$Xe6$HHA.4324@TK2MSFTNGP02.phx.gbl...
>>
Stub zones don't need to be authorized, you can configure any stub zone
>>
for any domain, the records that are returned to stub zones are public.
>>
You can try to any other public domain.
>>
>>
This sounds FW issues or connectiovity problems, test DNS ports and check
>>
connectivity.
>>
--
>>
I hope that the information above helps you.
>>
Have a Nice day.
>>
>>
Jorge Silva
>>
MCSE, MVP Directory Services
>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>
news:OWyjCU1$HHA.748@TK2MSFTNGP04.phx.gbl...
>>>
Thanks for the reply,
>>>
>>>
This has been working correctly for over a month and when it stopped I
>>>
did check with the remote sites IT guys & they said they hadn't changed
>>>
anything but I will get confirmation that they are still allowing Zone
>>>
Transfers and post back
>>>
>>>
Leo
>>>
>>>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>>>
news:O6UWMH1$HHA.4200@TK2MSFTNGP04.phx.gbl...
>>>>
Is it possible that you are not "allowed" by the remote server to
copy
>>>>
from it?
>>>>
Anthony, http://www.airdesk.com.uk
>>>>
>>>>
>>>>
>>>>
"Leo" <leo1664@noemail.noemail> wrote in message
>>>>
news:OcmeVZ0$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>>>>
Thanks for the replies.
>>>>>
>>>>>
I have restarted the DNS server & this makes no difference.
>>>>>
>>>>>
The VPN remains up & I get ping responses from both of the remote DNS
>>>>>
servers.
>>>>>
>>>>>
Any other ideas?
>>>>>
>>>>>
Leo
>>>>>
>>>>>
""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com>
wrote in message
>>>>>
news:YGlkfIz$HHA.5204@TK2MSFTNGHUB02.phx.gbl...
>>>>>>
Hello Leo,
>>>>>>
>>>>>>
Thank you for using newsgroup!
>>>>>>
>>>>>>
From your post, it seems the DNS zone transfer has not been
>>>>>>
successful
>>>>>>
through VPN slow link. Maybe it will need some time to accomplish the
>>>>>>
zone
>>>>>>
transfer. If the transfer won't be finished, please check the VPN
>>>>>>
connection to see if there is firewall setting or connection to
>>>>>>
disturb the
>>>>>>
zone transfer between two sites.
>>>>>>
>>>>>>
Thanks & Regards,
>>>>>>
>>>>>>
Ken Zhao
>>>>>>
>>>>>>
Microsoft Online Support
>>>>>>
Microsoft Global Technical Support Center
>>>>>>
>>>>>>
Get Secure! - www.microsoft.com/security
>>>>>>
<http://www.microsoft.com/security>
>>>>>>
====================================================
>>>>>>
When responding to posts, please "Reply to Group" via your
newsreader
>>>>>>
so
>>>>>>
that others may learn and benefit from your issue.
>>>>>>
====================================================
>>>>>>
This posting is provided "AS IS" with no warranties, and confers
no
>>>>>>
rights.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
--------------------
>>>>>>
| From: "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>>>>>
| References: <Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl>
>>>>>>
| Subject: Re: W2K3 Stub Zone
>>>>>>
| Date: Mon, 24 Sep 2007 22:23:37 +0100
>>>>>>
| Lines: 30
>>>>>>
| X-Priority: 3
>>>>>>
| X-MSMail-Priority: Normal
>>>>>>
| X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
>>>>>>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
>>>>>>
| X-RFC2646: Format=Flowed; Response
>>>>>>
| Message-ID: <#TCkoEv$HHA.3916@TK2MSFTNGP02.phx.gbl>
>>>>>>
| Newsgroups: microsoft.public.windows.server.dns
>>>>>>
| NNTP-Posting-Host: co-217-129-106-83.netvisao.pt 217.129.106.83
>>>>>>
| Path:
>>>>>>
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>>>>>
| Xref: TK2MSFTNGHUB02.phx.gbl
>>>>>>
microsoft.public.windows.server.dns:5170
>>>>>>
| X-Tomcat-NG: microsoft.public.windows.server.dns
>>>>>>
|
>>>>>>
| Hi
>>>>>>
| This can take some time, maybe if you restart the DNS service.
>>>>>>
|
>>>>>>
| --
>>>>>>
| I hope that the information above helps you.
>>>>>>
| Have a Nice day.
>>>>>>
|
>>>>>>
| Jorge Silva
>>>>>>
| MCSE, MVP Directory Services
>>>>>>
| "Leo" <leo1664@noemail.noemail> wrote in message
>>>>>>
| news:Oh$maLu$HHA.4612@TK2MSFTNGP03.phx.gbl...
>>>>>>
| >I have a Forward Lookup Stub Zone created on a 2K3 server to pull
>>>>>>
Zone
>>>>>>
| >information from a remote site over a VPN link, the problem I have
>>>>>>
is I
>>>>>>
| >cannot transfer the Zone Information.
>>>>>>
| >
>>>>>>
| > When I click on the zone the following error is displayed "Zone
>>>>>>
Not
>>>>>>
Loaded
>>>>>>
| > by DNS Server"
>>>>>>
| >
>>>>>>
| > Transfer/Reload from Master appear to do nothing & no events
>>>>>>
appear to
>>>>>>
be
>>>>>>
| > logged.
>>>>>>
| >
>>>>>>
| > If anyone could offer any assistance in troubleshooting it would
>>>>>>
be
>>>>>>
| > appreciated.
>>>>>>
| >
>>>>>>
| > Thanks
>>>>>>
| >
>>>>>>
| > Leo
>>>>>>
| >
>>>>>>
|
>>>>>>
|
>>>>>>
|
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 15:41:57
Christopher,
Are
your users Local Administrators?
Anthony
http://www.airdesk.co.uk
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>clear
up for a while.
>
>
This appeared to be a very sporadic problem, but as I look more closely it
>
seems to be more prevalent than I had imagined.
>
>
I have a medium-small, but moderatly complex network configured in 7
>
logical segments, each operating on it's own IP subnet. In three of
the
>
segments, dynamically addressed PCs are transiently loosing their DNS
>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>
operating DNS server in Taiwan. (in fact the only service answering
on
>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>
entrires disrupts the client's network connectivity until the
>
configuration is restored (all Internet access for user PCs is through a
>
proxy server, our firewall prevents any client address from communicating
>
with the Internet in any other way, so the affected PC gets no response at
>
all.) "ipconfig /renew" seems to correct the problem, as
does re-strating
>
the PC.
>
>
As a temporary workaround, I have assigned the outside IP to one of my
>
internal DNS servers and routed all requests for that IP to the correct
>
LAN address. This is preserving my users' connectivity but is
eliminating
>
thier calls for help to notify me.
>
>
After implementing the temporary solution, I have been monitoring detailed
>
traffic on the DNS server, only to find that inquiries using the off-site
>
IP are almost constant. It seems like there is one PC, occasionally
two,
>
using that IP for DNS (and SMB and a few other protocols) just about all
>
the time, although the issue seems to move from computer to computer at no
>
identifiable interval. Apparently, either some of the users are
>
experiencing problems and just re-starting or the DNS error is not lasting
>
long enough to cause them to actually see the connectivity loss.
>
>
These PCs are in three different network segments, broken up at Layer 3,
>
configured by three different DHCP servers (although all are in the same
>
AD forrest.) Before I identified the problem being present in three
>
different segments, I tried stopping the known DHCP server and trying to
>
obtain address information - No rogue DHCP apparent. We are using 128
WEP
>
on a small number of wireless APs, but I have ruled out a customer
>
notebook with an ICS configuration running.
>
>
I have run throuough Spyware and AV scanns of some of the affected PCs
>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>
are not affected and one IP subnet that is dynamically addressed but
>
operates in an independent AD domain also seems to be OK.
>
>
Has anybody else ever seen anything remotely like this ?
>
>
Any ideas what I can look at to figure out where a changing DNS IP could
>
be getting injected into the system, across routers?
>
>
I think that I would have gotten an incorrect IP configuration if I had a
>
hardware based DHCP on the LAN (like a SOHO router), but it may bear
>
noting that a search on that IP reveals it to be one of the most commonly
>
referenced publicly accessable DNS servers. The IP appears in many
pieces
>
of hardware documentation (again, like SOHO gateways).
>
Top
From: SQLDAWG
<SQLDAWG@discussions.microsoft.com>
To:
none
Subject:
RE: Wandering DNS entry
Date:
09/20/2007 16:08:03
Chris
a couple of questions;
7
Subnets, is there any routers connecting these subnets?
How
many DHCP server on the Network?
How
amny Dns Servers? secondary and primary?
i
will get to the internet access!!!
"Christopher
A. Newell" wrote:
>
I posted on this a couple of weeks ago and then the problem
"appeared" to
>
clear up for a while.
>
>
This appeared to be a very sporadic problem, but as I look more closely it
>
seems to be more prevalent than I had imagined.
>
>
I have a medium-small, but moderatly complex network configured in 7
logical
>
segments, each operating on it's own IP subnet. In three of the
segments,
>
dynamically addressed PCs are transiently loosing their DNS entries,
>
multiple local DNS servers being replaced by 168.95.1.1, an operating DNS
>
server in Taiwan. (in fact the only service answering on about half
of the
>
168.95.1.x subnet is DNS) The loss of the correct DNS entrires
disrupts the
>
client's network connectivity until the configuration is restored (all
>
Internet access for user PCs is through a proxy server, our firewall
>
prevents any client address from communicating with the Internet in any
>
other way, so the affected PC gets no response at all.)
"ipconfig /renew"
>
seems to correct the problem, as does re-strating the PC.
>
>
As a temporary workaround, I have assigned the outside IP to one of my
>
internal DNS servers and routed all requests for that IP to the correct LAN
>
address. This is preserving my users' connectivity but is eliminating
thier
>
calls for help to notify me.
>
>
After implementing the temporary solution, I have been monitoring detailed
>
traffic on the DNS server, only to find that inquiries using the off-site
IP
>
are almost constant. It seems like there is one PC, occasionally two,
using
>
that IP for DNS (and SMB and a few other protocols) just about all the
time,
>
although the issue seems to move from computer to computer at no
>
identifiable interval. Apparently, either some of the users are
>
experiencing problems and just re-starting or the DNS error is not lasting
>
long enough to cause them to actually see the connectivity loss.
>
>
These PCs are in three different network segments, broken up at Layer 3,
>
configured by three different DHCP servers (although all are in the same AD
>
forrest.) Before I identified the problem being present in three
different
>
segments, I tried stopping the known DHCP server and trying to obtain
>
address information - No rogue DHCP apparent. We are using 128 WEP on
a
>
small number of wireless APs, but I have ruled out a customer notebook with
>
an ICS configuration running.
>
>
I have run throuough Spyware and AV scanns of some of the affected PCs with
>
no notable results (CA-ITM and Spybot S&D). Staticly addressed
PCs are not
>
affected and one IP subnet that is dynamically addressed but operates in an
>
independent AD domain also seems to be OK.
>
>
Has anybody else ever seen anything remotely like this ?
>
>
Any ideas what I can look at to figure out where a changing DNS IP could be
>
getting injected into the system, across routers?
>
>
I think that I would have gotten an incorrect IP configuration if I had a
>
hardware based DHCP on the LAN (like a SOHO router), but it may bear noting
>
that a search on that IP reveals it to be one of the most commonly
>
referenced publicly accessable DNS servers. The IP appears in many
pieces
>
of hardware documentation (again, like SOHO gateways).
>
>
>
Top
From: SQLDAWG
<SQLDAWG@discussions.microsoft.com>
To:
none
Subject:
RE: Wandering DNS entry
Date:
09/20/2007 16:26:01
Ok
Chris!!!!
Routers
involve: DHCP relay agents.
Dns
servers in different location regular sync shoudl take place.
Host
A records checking should be done by the Dns server.
Secure
Dynamic updates only work Xp machines.
Check
the events on your Dhcp server!!!
Check
the events on your Dns server
Check
the events on AD.....thats havoc when your Dns dont work properly
because
AD is fully dependent on your Dns....replication just to mension.
My
opinion this is a DHCP issue because DHCP is responsible for the DNS
distribution....RELAY
AGENTS VERY IMPORTANT
THIS
IS ON SERVER 2003?
SQLDAWG
PTA
RSA 2010 soccer/wcup
"Christopher
A. Newell" wrote:
>
I posted on this a couple of weeks ago and then the problem
"appeared" to
>
clear up for a while.
>
>
This appeared to be a very sporadic problem, but as I look more closely it
>
seems to be more prevalent than I had imagined.
>
>
I have a medium-small, but moderatly complex network configured in 7
logical
>
segments, each operating on it's own IP subnet. In three of the
segments,
>
dynamically addressed PCs are transiently loosing their DNS entries,
>
multiple local DNS servers being replaced by 168.95.1.1, an operating DNS
>
server in Taiwan. (in fact the only service answering on about half
of the
>
168.95.1.x subnet is DNS) The loss of the correct DNS entrires
disrupts the
>
client's network connectivity until the configuration is restored (all
>
Internet access for user PCs is through a proxy server, our firewall
>
prevents any client address from communicating with the Internet in any
>
other way, so the affected PC gets no response at all.)
"ipconfig /renew"
>
seems to correct the problem, as does re-strating the PC.
>
>
As a temporary workaround, I have assigned the outside IP to one of my
>
internal DNS servers and routed all requests for that IP to the correct LAN
>
address. This is preserving my users' connectivity but is eliminating
thier
>
calls for help to notify me.
>
>
After implementing the temporary solution, I have been monitoring detailed
>
traffic on the DNS server, only to find that inquiries using the off-site
IP
>
are almost constant. It seems like there is one PC, occasionally two,
using
>
that IP for DNS (and SMB and a few other protocols) just about all the time,
>
although the issue seems to move from computer to computer at no
>
identifiable interval. Apparently, either some of the users are
>
experiencing problems and just re-starting or the DNS error is not lasting
>
long enough to cause them to actually see the connectivity loss.
>
>
These PCs are in three different network segments, broken up at Layer 3,
>
configured by three different DHCP servers (although all are in the same AD
>
forrest.) Before I identified the problem being present in three
different
>
segments, I tried stopping the known DHCP server and trying to obtain
>
address information - No rogue DHCP apparent. We are using 128 WEP on
a
>
small number of wireless APs, but I have ruled out a customer notebook with
>
an ICS configuration running.
>
>
I have run throuough Spyware and AV scanns of some of the affected PCs with
>
no notable results (CA-ITM and Spybot S&D). Staticly addressed
PCs are not
>
affected and one IP subnet that is dynamically addressed but operates in an
>
independent AD domain also seems to be OK.
>
>
Has anybody else ever seen anything remotely like this ?
>
>
Any ideas what I can look at to figure out where a changing DNS IP could be
>
getting injected into the system, across routers?
>
>
I think that I would have gotten an incorrect IP configuration if I had a
>
hardware based DHCP on the LAN (like a SOHO router), but it may bear noting
>
that a search on that IP reveals it to be one of the most commonly
>
referenced publicly accessable DNS servers. The IP appears in many
pieces
>
of hardware documentation (again, like SOHO gateways).
>
>
>
Top
From: Christopher A. Newell <infosystems@shiawassee.net>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 16:20:41
Some
are. Most are "Power Users" on thier PCs.
It
is just after close of business so most of the systems are off-line right
now,
but I don't believe that there is actually a correlation between these
issues.
If anything, with one exception, I think that most of the PCs where
I
am seeing the foreign DNS entry are being used by local
non-Adminsitrators
when the problem is occuring.
"Anthony"
<anthony.spam@spammedout.com> wrote in message
news:egK65a8%23HHA.4880@TK2MSFTNGP03.phx.gbl...
>
Christopher,
>
Are your users Local Administrators?
>
Anthony
>
http://www.airdesk.co.uk
>
>
>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>>clear
up for a while.
>>
>>
This appeared to be a very sporadic problem, but as I look more closely
>>
it seems to be more prevalent than I had imagined.
>>
>>
I have a medium-small, but moderatly complex network configured in 7
>>
logical segments, each operating on it's own IP subnet. In three of
the
>>
segments, dynamically addressed PCs are transiently loosing their DNS
>>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>>
operating DNS server in Taiwan. (in fact the only service answering
on
>>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>>
entrires disrupts the client's network connectivity until the
>>
configuration is restored (all Internet access for user PCs is through a
>>
proxy server, our firewall prevents any client address from communicating
>>
with the Internet in any other way, so the affected PC gets no response
>>
at all.) "ipconfig /renew" seems to correct the problem, as
does
>>
re-strating the PC.
>>
>>
As a temporary workaround, I have assigned the outside IP to one of my
>>
internal DNS servers and routed all requests for that IP to the correct
>>
LAN address. This is preserving my users' connectivity but is
>>
eliminating thier calls for help to notify me.
>>
>>
After implementing the temporary solution, I have been monitoring
>>
detailed traffic on the DNS server, only to find that inquiries using the
>>
off-site IP are almost constant. It seems like there is one PC,
>>
occasionally two, using that IP for DNS (and SMB and a few other
>>
protocols) just about all the time, although the issue seems to move from
>>
computer to computer at no identifiable interval. Apparently, either
>>
some of the users are experiencing problems and just re-starting or the
>>
DNS error is not lasting long enough to cause them to actually see the
>>
connectivity loss.
>>
>>
These PCs are in three different network segments, broken up at Layer 3,
>>
configured by three different DHCP servers (although all are in the same
>>
AD forrest.) Before I identified the problem being present in three
>>
different segments, I tried stopping the known DHCP server and trying to
>>
obtain address information - No rogue DHCP apparent. We are using 128
>>
WEP on a small number of wireless APs, but I have ruled out a customer
>>
notebook with an ICS configuration running.
>>
>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>>
are not affected and one IP subnet that is dynamically addressed but
>>
operates in an independent AD domain also seems to be OK.
>>
>>
Has anybody else ever seen anything remotely like this ?
>>
>>
Any ideas what I can look at to figure out where a changing DNS IP could
>>
be getting injected into the system, across routers?
>>
>>
I think that I would have gotten an incorrect IP configuration if I had a
>>
hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>
noting that a search on that IP reveals it to be one of the most commonly
>>
referenced publicly accessable DNS servers. The IP appears in many
>>
pieces of hardware documentation (again, like SOHO gateways).
>>
>
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 16:44:37
If
you set up a PC where the user is not a Local Admin, or a Power user,
does
it change in this way?
Anthony,
http://www.airdesk.com
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:OA$jAz8%23HHA.3916@TK2MSFTNGP02.phx.gbl...
>
Some are. Most are "Power Users" on thier PCs.
>
>
It is just after close of business so most of the systems are off-line
>
right now, but I don't believe that there is actually a correlation
>
between these issues. If anything, with one exception, I think that
most
>
of the PCs where I am seeing the foreign DNS entry are being used by local
>
non-Adminsitrators when the problem is occuring.
>
>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>
news:egK65a8%23HHA.4880@TK2MSFTNGP03.phx.gbl...
>>
Christopher,
>>
Are your users Local Administrators?
>>
Anthony
>>
http://www.airdesk.co.uk
>>
>>
>>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>>>clear
up for a while.
>>>
>>>
This appeared to be a very sporadic problem, but as I look more closely
>>>
it seems to be more prevalent than I had imagined.
>>>
>>>
I have a medium-small, but moderatly complex network configured in 7
>>>
logical segments, each operating on it's own IP subnet. In three of
the
>>>
segments, dynamically addressed PCs are transiently loosing their DNS
>>>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>>>
operating DNS server in Taiwan. (in fact the only service answering
on
>>>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>>>
entrires disrupts the client's network connectivity until the
>>>
configuration is restored (all Internet access for user PCs is through a
>>>
proxy server, our firewall prevents any client address from
>>>
communicating with the Internet in any other way, so the affected PC
>>>
gets no response at all.) "ipconfig /renew" seems to
correct the
>>>
problem, as does re-strating the PC.
>>>
>>>
As a temporary workaround, I have assigned the outside IP to one of my
>>>
internal DNS servers and routed all requests for that IP to the correct
>>>
LAN address. This is preserving my users' connectivity but is
>>>
eliminating thier calls for help to notify me.
>>>
>>>
After implementing the temporary solution, I have been monitoring
>>>
detailed traffic on the DNS server, only to find that inquiries using
>>>
the off-site IP are almost constant. It seems like there is one PC,
>>>
occasionally two, using that IP for DNS (and SMB and a few other
>>>
protocols) just about all the time, although the issue seems to move
>>>
from computer to computer at no identifiable interval. Apparently,
>>>
either some of the users are experiencing problems and just re-starting
>>>
or the DNS error is not lasting long enough to cause them to actually
>>>
see the connectivity loss.
>>>
>>>
These PCs are in three different network segments, broken up at Layer 3,
>>>
configured by three different DHCP servers (although all are in the same
>>>
AD forrest.) Before I identified the problem being present in three
>>>
different segments, I tried stopping the known DHCP server and trying to
>>>
obtain address information - No rogue DHCP apparent. We are using 128
>>>
WEP on a small number of wireless APs, but I have ruled out a customer
>>>
notebook with an ICS configuration running.
>>>
>>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>>>
are not affected and one IP subnet that is dynamically addressed but
>>>
operates in an independent AD domain also seems to be OK.
>>>
>>>
Has anybody else ever seen anything remotely like this ?
>>>
>>>
Any ideas what I can look at to figure out where a changing DNS IP could
>>>
be getting injected into the system, across routers?
>>>
>>>
I think that I would have gotten an incorrect IP configuration if I had
>>>
a hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>>
noting that a search on that IP reveals it to be one of the most
>>>
commonly referenced publicly accessable DNS servers. The IP appears
in
>>>
many pieces of hardware documentation (again, like SOHO gateways).
>>>
>>
>>
>
>
Top
From: Christopher A. Newell
<infosystems@shiawassee.net>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 18:04:39
The
7 subnets are physically separated by routers.
Two
are totally static configurations. There are 5 DHCP servers, one
physically
located on each subnet. Of the four (sorry, missed one) subnets
that
are experiencing this, one is a core, and the other three are branched
in
a distributed star. The server that is primary for the users in each
of
the
three branch networks runs DHCP, has a network conenction to the core,
and
provides the routing. The DHCP is bound only to the NIC on the remote
side
of the "distributed star". (The 5th DHCP is also an IP
router to the
core,
but it is a controller for a trusted domain.)
I
am going to have to confirm, but I do not believe that any relay agents
are
in operation.
There
are three DNS servers running. One provides external lookup and
carried
the primary site for our externally addressable sites, all three
resolve
our inside *.local DNS entries. I don't think that this is actually
a
DNS problem, except to the extent that when a client PC changes the DNS
server
entries to the "foreign" server the client cannot resolve
internal
names
(and since they are blocked from direct outside access, they can't
contact
the outside server to resolve public names either They just loose
all
connectivity for any application that is DNS name dependent.)
"SQLDAWG"
<SQLDAWG@discussions.microsoft.com> wrote in message
news:F46EC77F-9D09-4334-B847-53720E4A289F@microsoft.com...
>
Chris a couple of questions;
>
7 Subnets, is there any routers connecting these subnets?
>
How many DHCP server on the Network?
>
How amny Dns Servers? secondary and primary?
>
>
i will get to the internet access!!!
>
>
>
>
>
"Christopher A. Newell" wrote:
>
>>
I posted on this a couple of weeks ago and then the problem
"appeared" to
>>
clear up for a while.
>>
>>
This appeared to be a very sporadic problem, but as I look more closely
>>
it
>>
seems to be more prevalent than I had imagined.
>>
>>
I have a medium-small, but moderatly complex network configured in 7
>>
logical
>>
segments, each operating on it's own IP subnet. In three of the
>>
segments,
>>
dynamically addressed PCs are transiently loosing their DNS entries,
>>
multiple local DNS servers being replaced by 168.95.1.1, an operating DNS
>>
server in Taiwan. (in fact the only service answering on about half
of
>>
the
>>
168.95.1.x subnet is DNS) The loss of the correct DNS entrires
disrupts
>>
the
>>
client's network connectivity until the configuration is restored (all
>>
Internet access for user PCs is through a proxy server, our firewall
>>
prevents any client address from communicating with the Internet in any
>>
other way, so the affected PC gets no response at all.)
"ipconfig
>>
/renew"
>>
seems to correct the problem, as does re-strating the PC.
>>
>>
As a temporary workaround, I have assigned the outside IP to one of my
>>
internal DNS servers and routed all requests for that IP to the correct
>>
LAN
>>
address. This is preserving my users' connectivity but is eliminating
>>
thier
>>
calls for help to notify me.
>>
>>
After implementing the temporary solution, I have been monitoring
>>
detailed
>>
traffic on the DNS server, only to find that inquiries using the off-site
>>
IP
>>
are almost constant. It seems like there is one PC, occasionally two,
>>
using
>>
that IP for DNS (and SMB and a few other protocols) just about all the
>>
time,
>>
although the issue seems to move from computer to computer at no
>>
identifiable interval. Apparently, either some of the users are
>>
experiencing problems and just re-starting or the DNS error is not
>>
lasting
>>
long enough to cause them to actually see the connectivity loss.
>>
>>
These PCs are in three different network segments, broken up at Layer 3,
>>
configured by three different DHCP servers (although all are in the same
>>
AD
>>
forrest.) Before I identified the problem being present in three
>>
different
>>
segments, I tried stopping the known DHCP server and trying to obtain
>>
address information - No rogue DHCP apparent. We are using 128 WEP on
a
>>
small number of wireless APs, but I have ruled out a customer notebook
>>
with
>>
an ICS configuration running.
>>
>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>
with
>>
no notable results (CA-ITM and Spybot S&D). Staticly addressed
PCs are
>>
not
>>
affected and one IP subnet that is dynamically addressed but operates in
>>
an
>>
independent AD domain also seems to be OK.
>>
>>
Has anybody else ever seen anything remotely like this ?
>>
>>
Any ideas what I can look at to figure out where a changing DNS IP could
>>
be
>>
getting injected into the system, across routers?
>>
>>
I think that I would have gotten an incorrect IP configuration if I had a
>>
hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>
noting
>>
that a search on that IP reveals it to be one of the most commonly
>>
referenced publicly accessable DNS servers. The IP appears in many
>>
pieces
>>
of hardware documentation (again, like SOHO gateways).
>>
>>
>>
Top
From: Christopher A. Newell
<infosystems@shiawassee.net>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 18:06:37
I'm
going to have to try this. We are off-hours now and I am not seeing
any
traffic
to the foreign IP. Whatever device(s) are involved or causing the
issue
are logged out/powered off.
"Anthony"
<anthony.spam@spammedout.com> wrote in message
news:%23Ajw698%23HHA.1416@TK2MSFTNGP03.phx.gbl...
>
If you set up a PC where the user is not a Local Admin, or a Power user,
>
does it change in this way?
>
Anthony,
>
http://www.airdesk.com
>
>
>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>
news:OA$jAz8%23HHA.3916@TK2MSFTNGP02.phx.gbl...
>>
Some are. Most are "Power Users" on thier PCs.
>>
>>
It is just after close of business so most of the systems are off-line
>>
right now, but I don't believe that there is actually a correlation
>>
between these issues. If anything, with one exception, I think that
most
>>
of the PCs where I am seeing the foreign DNS entry are being used by
>>
local non-Adminsitrators when the problem is occuring.
>>
>>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>>
news:egK65a8%23HHA.4880@TK2MSFTNGP03.phx.gbl...
>>>
Christopher,
>>>
Are your users Local Administrators?
>>>
Anthony
>>>
http://www.airdesk.co.uk
>>>
>>>
>>>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>>>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>>>I
posted on this a couple of weeks ago and then the problem
"appeared"
>>>>to
clear up for a while.
>>>>
>>>>
This appeared to be a very sporadic problem, but as I look more closely
>>>>
it seems to be more prevalent than I had imagined.
>>>>
>>>>
I have a medium-small, but moderatly complex network configured in 7
>>>>
logical segments, each operating on it's own IP subnet. In three of
>>>>
the segments, dynamically addressed PCs are transiently loosing their
>>>>
DNS entries, multiple local DNS servers being replaced by 168.95.1.1,
>>>>
an operating DNS server in Taiwan. (in fact the only service
answering
>>>>
on about half of the 168.95.1.x subnet is DNS) The loss of the
correct
>>>>
DNS entrires disrupts the client's network connectivity until the
>>>>
configuration is restored (all Internet access for user PCs is through
>>>>
a proxy server, our firewall prevents any client address from
>>>>
communicating with the Internet in any other way, so the affected PC
>>>>
gets no response at all.) "ipconfig /renew" seems to
correct the
>>>>
problem, as does re-strating the PC.
>>>>
>>>>
As a temporary workaround, I have assigned the outside IP to one of my
>>>>
internal DNS servers and routed all requests for that IP to the correct
>>>>
LAN address. This is preserving my users' connectivity but is
>>>>
eliminating thier calls for help to notify me.
>>>>
>>>>
After implementing the temporary solution, I have been monitoring
>>>>
detailed traffic on the DNS server, only to find that inquiries using
>>>>
the off-site IP are almost constant. It seems like there is one PC,
>>>>
occasionally two, using that IP for DNS (and SMB and a few other
>>>>
protocols) just about all the time, although the issue seems to move
>>>>
from computer to computer at no identifiable interval. Apparently,
>>>>
either some of the users are experiencing problems and just re-starting
>>>>
or the DNS error is not lasting long enough to cause them to actually
>>>>
see the connectivity loss.
>>>>
>>>>
These PCs are in three different network segments, broken up at Layer
>>>>
3, configured by three different DHCP servers (although all are in the
>>>>
same AD forrest.) Before I identified the problem being present in
>>>>
three different segments, I tried stopping the known DHCP server and
>>>>
trying to obtain address information - No rogue DHCP apparent. We are
>>>>
using 128 WEP on a small number of wireless APs, but I have ruled out a
>>>>
customer notebook with an ICS configuration running.
>>>>
>>>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed
>>>>
PCs are not affected and one IP subnet that is dynamically addressed
>>>>
but operates in an independent AD domain also seems to be OK.
>>>>
>>>>
Has anybody else ever seen anything remotely like this ?
>>>>
>>>>
Any ideas what I can look at to figure out where a changing DNS IP
>>>>
could be getting injected into the system, across routers?
>>>>
>>>>
I think that I would have gotten an incorrect IP configuration if I had
>>>>
a hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>>>
noting that a search on that IP reveals it to be one of the most
>>>>
commonly referenced publicly accessable DNS servers. The IP appears
in
>>>>
many pieces of hardware documentation (again, like SOHO gateways).
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 20:00:25
Christopher,
I
read your posting. May it be correctly restated as:
Some,
but not all, client machines that are DHCP clients
are
loosing their configured DNS servers, with these always
being
replaced by 168.95.1.1. Further, only the DHCP clients
in
three of the network segments that are part of one AD forest
are
affected (i.e. DHCP clients in other segments and/or forest
are
not affected in this way). There are no rogue DHCP servers
on
the network segments.
Your
statement that renewing the DHCP lease reestablishes
correct
DNS server IPs lets us know that you are using DHCP
scope
delivered nameserver IPs. Your statement that restarting
the
machines also reestablishes indicates that there are no GPO
delivered
incorrect DNS server IPs.
Since
only an account with admin authority can set the DNS
servers
in the TCP/IP config, we know this must be happening
due
to something running with system/admin context on the
machines
where this happens.
So,
you need to find that admin/system process on or remotely
accessing
those machines. This is not happening willy-nilly.
I
am leaning toward a steathed malware.
Have
you probed the 168.95.1.1 DNS server to see if it is
hosting
a mock zone(s) in which your client machines might
access
trusted hosts ? (i.e. is this part of a man in the middle
effort
?).
--
Roger
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>clear
up for a while.
>
>
This appeared to be a very sporadic problem, but as I look more closely it
>
seems to be more prevalent than I had imagined.
>
>
I have a medium-small, but moderatly complex network configured in 7
>
logical segments, each operating on it's own IP subnet. In three of
the
>
segments, dynamically addressed PCs are transiently loosing their DNS
>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>
operating DNS server in Taiwan. (in fact the only service answering
on
>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>
entrires disrupts the client's network connectivity until the
>
configuration is restored (all Internet access for user PCs is through a
>
proxy server, our firewall prevents any client address from communicating
>
with the Internet in any other way, so the affected PC gets no response at
>
all.) "ipconfig /renew" seems to correct the problem, as
does re-strating
>
the PC.
>
>
As a temporary workaround, I have assigned the outside IP to one of my
>
internal DNS servers and routed all requests for that IP to the correct
>
LAN address. This is preserving my users' connectivity but is eliminating
>
thier calls for help to notify me.
>
>
After implementing the temporary solution, I have been monitoring detailed
>
traffic on the DNS server, only to find that inquiries using the off-site
>
IP are almost constant. It seems like there is one PC, occasionally
two,
>
using that IP for DNS (and SMB and a few other protocols) just about all
>
the time, although the issue seems to move from computer to computer at no
>
identifiable interval. Apparently, either some of the users are
>
experiencing problems and just re-starting or the DNS error is not lasting
>
long enough to cause them to actually see the connectivity loss.
>
>
These PCs are in three different network segments, broken up at Layer 3,
>
configured by three different DHCP servers (although all are in the same
>
AD forrest.) Before I identified the problem being present in three
>
different segments, I tried stopping the known DHCP server and trying to
>
obtain address information - No rogue DHCP apparent. We are using 128
WEP
>
on a small number of wireless APs, but I have ruled out a customer
>
notebook with an ICS configuration running.
>
>
I have run throuough Spyware and AV scanns of some of the affected PCs
>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>
are not affected and one IP subnet that is dynamically addressed but
>
operates in an independent AD domain also seems to be OK.
>
>
Has anybody else ever seen anything remotely like this ?
>
>
Any ideas what I can look at to figure out where a changing DNS IP could
>
be getting injected into the system, across routers?
>
>
I think that I would have gotten an incorrect IP configuration if I had a
>
hardware based DHCP on the LAN (like a SOHO router), but it may bear
>
noting that a search on that IP reveals it to be one of the most commonly
>
referenced publicly accessable DNS servers. The IP appears in many
pieces
>
of hardware documentation (again, like SOHO gateways).
>
Top
From: Christopher A. Newell
<infosystems@shiawassee.net>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/20/2007 20:43:50
The
only thing that is actually incorrect (my error in the original post) is
that
there are 4 LAN segments affected. One is essentially my
"core" which
includes
our Internet and two other private WAN connections, as well as
servers
that are equally utilized among our departments. The other 6
segments
are departmentaly orgnaized and users are grouped with server
resources
that they use most frequently.
Of
the three unaffected segments, one is DHCP but is part of a trusted
domain
in a separate AD forrest, One is static addressed and is in a child
domain,
one is static addressed and validates in an external domain over a
WAN
connection. The general topology is distributed-star with each branch
LAN
segment being routed through one of thier servers to the core segment to
reach
the Internet, WANs, and (occasionally) other branch LANs.
In
the three branch LAN segments, the DHCP server is on the same system as
the
routing function, bound to the NIC serving the branch LAN (if it was
propogating
to the core, I would have gotten a configuration with the core's
DHCP
server stopped.)
Running
a sniffer on my core router's traffic and filtering on the foreign
DNS
IP, I am only seeing traffic from one or two clients at any one time,
but
even though no one client seems to be affected for a long period I am
now
seeing traffic from some host almost constantly during business hours.
I
have probed the foreign DNS on several common domains (microsoft.com,
google.com,
etc.) and do not see any inconsistencies with known accurate
responses,
but this has not been an exhaustive check. I will take a closer
look
at the DNS queries being directed to that host during the day Friday
and
look more closely at that.
Although
we appear to be well scanned internally, I tend to agree with the
malware
assessment. What I cannot determine yet is if it is running
directly
on the affected machines or if it is something that is being
injected
externally. The fact that this is crossing Layer 3 boundaries
leads
me to suspect client, but the migratory nature (with only a small
number
of machines affected at any one time) leaves a suspicion of a single
infected
host affecting the other clients.
"Roger
Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:%23MKuNr%23%23HHA.1208@TK2MSFTNGP03.phx.gbl...
>
Christopher,
>
>
I read your posting. May it be correctly restated as:
>
>
Some, but not all, client machines that are DHCP clients
>
are loosing their configured DNS servers, with these always
>
being replaced by 168.95.1.1. Further, only the DHCP clients
>
in three of the network segments that are part of one AD forest
>
are affected (i.e. DHCP clients in other segments and/or forest
>
are not affected in this way). There are no rogue DHCP servers
>
on the network segments.
>
>
Your statement that renewing the DHCP lease reestablishes
>
correct DNS server IPs lets us know that you are using DHCP
>
scope delivered nameserver IPs. Your statement that restarting
>
the machines also reestablishes indicates that there are no GPO
>
delivered incorrect DNS server IPs.
>
>
Since only an account with admin authority can set the DNS
>
servers in the TCP/IP config, we know this must be happening
>
due to something running with system/admin context on the
>
machines where this happens.
>
So, you need to find that admin/system process on or remotely
>
accessing those machines. This is not happening willy-nilly.
>
>
I am leaning toward a steathed malware.
>
>
Have you probed the 168.95.1.1 DNS server to see if it is
>
hosting a mock zone(s) in which your client machines might
>
access trusted hosts ? (i.e. is this part of a man in the middle
>
effort ?).
>
>
--
>
Roger
>
>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>>clear
up for a while.
>>
>>
This appeared to be a very sporadic problem, but as I look more closely
>>
it seems to be more prevalent than I had imagined.
>>
>>
I have a medium-small, but moderatly complex network configured in 7
>>
logical segments, each operating on it's own IP subnet. In three of
the
>>
segments, dynamically addressed PCs are transiently loosing their DNS
>>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>>
operating DNS server in Taiwan. (in fact the only service answering
on
>>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>>
entrires disrupts the client's network connectivity until the
>>
configuration is restored (all Internet access for user PCs is through a
>>
proxy server, our firewall prevents any client address from communicating
>>
with the Internet in any other way, so the affected PC gets no response
>>
at all.) "ipconfig /renew" seems to correct the problem, as
does
>>
re-strating the PC.
>>
>>
As a temporary workaround, I have assigned the outside IP to one of my
>>
internal DNS servers and routed all requests for that IP to the correct
>>
LAN address. This is preserving my users' connectivity but is
>>
eliminating thier calls for help to notify me.
>>
>>
After implementing the temporary solution, I have been monitoring
>>
detailed traffic on the DNS server, only to find that inquiries using the
>>
off-site IP are almost constant. It seems like there is one PC,
>>
occasionally two, using that IP for DNS (and SMB and a few other
>>
protocols) just about all the time, although the issue seems to move from
>>
computer to computer at no identifiable interval. Apparently, either
>>
some of the users are experiencing problems and just re-starting or the
>>
DNS error is not lasting long enough to cause them to actually see the
>>
connectivity loss.
>>
>>
These PCs are in three different network segments, broken up at Layer 3,
>>
configured by three different DHCP servers (although all are in the same
>>
AD forrest.) Before I identified the problem being present in three
>>
different segments, I tried stopping the known DHCP server and trying to
>>
obtain address information - No rogue DHCP apparent. We are using 128
>>
WEP on a small number of wireless APs, but I have ruled out a customer
>>
notebook with an ICS configuration running.
>>
>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>>
are not affected and one IP subnet that is dynamically addressed but
>>
operates in an independent AD domain also seems to be OK.
>>
>>
Has anybody else ever seen anything remotely like this ?
>>
>>
Any ideas what I can look at to figure out where a changing DNS IP could
>>
be getting injected into the system, across routers?
>>
>>
I think that I would have gotten an incorrect IP configuration if I had a
>>
hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>
noting that a search on that IP reveals it to be one of the most commonly
>>
referenced publicly accessable DNS servers. The IP appears in many
>>
pieces of hardware documentation (again, like SOHO gateways).
>>
>
>
Top
From: Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/21/2007 00:58:53
Keep
in mind that many clients may have incorrect DNS server IP set,
but
do not need to do DNS resolutions for extended periods.
I
would probe the DNS for your zones, those of your business
partners,
etc.. The spread could be intentional from a single
machine
using an account with admin access to the others, or
could
be a common hijackware that has spread by common
vectors.
Again, something has to run as admin or system on
the
machines where the change happens, so perhaps you could
install
a watcher to profile processes that come/go in system
or
an admin context.
Roger
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:%23SxuCG$%23HHA.4828@TK2MSFTNGP04.phx.gbl...
>
The only thing that is actually incorrect (my error in the original post)
>
is that there are 4 LAN segments affected. One is essentially my
"core"
>
which includes our Internet and two other private WAN connections, as well
>
as servers that are equally utilized among our departments. The other
6
>
segments are departmentaly orgnaized and users are grouped with server
>
resources that they use most frequently.
>
>
Of the three unaffected segments, one is DHCP but is part of a trusted
>
domain in a separate AD forrest, One is static addressed and is in a child
>
domain, one is static addressed and validates in an external domain over a
>
WAN connection. The general topology is distributed-star with each
branch
>
LAN segment being routed through one of thier servers to the core segment
>
to reach the Internet, WANs, and (occasionally) other branch LANs.
>
>
In the three branch LAN segments, the DHCP server is on the same system as
>
the routing function, bound to the NIC serving the branch LAN (if it was
>
propogating to the core, I would have gotten a configuration with the
>
core's DHCP server stopped.)
>
>
Running a sniffer on my core router's traffic and filtering on the foreign
>
DNS IP, I am only seeing traffic from one or two clients at any one time,
>
but even though no one client seems to be affected for a long period I am
>
now seeing traffic from some host almost constantly during business hours.
>
>
I have probed the foreign DNS on several common domains (microsoft.com,
>
google.com, etc.) and do not see any inconsistencies with known accurate
>
responses, but this has not been an exhaustive check. I will take a
>
closer look at the DNS queries being directed to that host during the day
>
Friday and look more closely at that.
>
>
Although we appear to be well scanned internally, I tend to agree with the
>
malware assessment. What I cannot determine yet is if it is running
>
directly on the affected machines or if it is something that is being
>
injected externally. The fact that this is crossing Layer 3
boundaries
>
leads me to suspect client, but the migratory nature (with only a small
>
number of machines affected at any one time) leaves a suspicion of a
>
single infected host affecting the other clients.
>
>
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>
news:%23MKuNr%23%23HHA.1208@TK2MSFTNGP03.phx.gbl...
>>
Christopher,
>>
>>
I read your posting. May it be correctly restated as:
>>
>>
Some, but not all, client machines that are DHCP clients
>>
are loosing their configured DNS servers, with these always
>>
being replaced by 168.95.1.1. Further, only the DHCP clients
>>
in three of the network segments that are part of one AD forest
>>
are affected (i.e. DHCP clients in other segments and/or forest
>>
are not affected in this way). There are no rogue DHCP servers
>>
on the network segments.
>>
>>
Your statement that renewing the DHCP lease reestablishes
>>
correct DNS server IPs lets us know that you are using DHCP
>>
scope delivered nameserver IPs. Your statement that restarting
>>
the machines also reestablishes indicates that there are no GPO
>>
delivered incorrect DNS server IPs.
>>
>>
Since only an account with admin authority can set the DNS
>>
servers in the TCP/IP config, we know this must be happening
>>
due to something running with system/admin context on the
>>
machines where this happens.
>>
So, you need to find that admin/system process on or remotely
>>
accessing those machines. This is not happening willy-nilly.
>>
>>
I am leaning toward a steathed malware.
>>
>>
Have you probed the 168.95.1.1 DNS server to see if it is
>>
hosting a mock zone(s) in which your client machines might
>>
access trusted hosts ? (i.e. is this part of a man in the middle
>>
effort ?).
>>
>>
--
>>
Roger
>>
>>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>>I
posted on this a couple of weeks ago and then the problem
"appeared" to
>>>clear
up for a while.
>>>
>>>
This appeared to be a very sporadic problem, but as I look more closely
>>>
it seems to be more prevalent than I had imagined.
>>>
>>>
I have a medium-small, but moderatly complex network configured in 7
>>>
logical segments, each operating on it's own IP subnet. In three of
the
>>>
segments, dynamically addressed PCs are transiently loosing their DNS
>>>
entries, multiple local DNS servers being replaced by 168.95.1.1, an
>>>
operating DNS server in Taiwan. (in fact the only service answering
on
>>>
about half of the 168.95.1.x subnet is DNS) The loss of the correct
DNS
>>>
entrires disrupts the client's network connectivity until the
>>>
configuration is restored (all Internet access for user PCs is through a
>>>
proxy server, our firewall prevents any client address from
>>>
communicating with the Internet in any other way, so the affected PC
>>>
gets no response at all.) "ipconfig /renew" seems to
correct the
>>>
problem, as does re-strating the PC.
>>>
>>>
As a temporary workaround, I have assigned the outside IP to one of my
>>>
internal DNS servers and routed all requests for that IP to the correct
>>>
LAN address. This is preserving my users' connectivity but is
>>>
eliminating thier calls for help to notify me.
>>>
>>>
After implementing the temporary solution, I have been monitoring
>>>
detailed traffic on the DNS server, only to find that inquiries using
>>>
the off-site IP are almost constant. It seems like there is one PC,
>>>
occasionally two, using that IP for DNS (and SMB and a few other
>>>
protocols) just about all the time, although the issue seems to move
>>>
from computer to computer at no identifiable interval. Apparently,
>>>
either some of the users are experiencing problems and just re-starting
>>>
or the DNS error is not lasting long enough to cause them to actually
>>>
see the connectivity loss.
>>>
>>>
These PCs are in three different network segments, broken up at Layer 3,
>>>
configured by three different DHCP servers (although all are in the same
>>>
AD forrest.) Before I identified the problem being present in three
>>>
different segments, I tried stopping the known DHCP server and trying to
>>>
obtain address information - No rogue DHCP apparent. We are using 128
>>>
WEP on a small number of wireless APs, but I have ruled out a customer
>>>
notebook with an ICS configuration running.
>>>
>>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed PCs
>>>
are not affected and one IP subnet that is dynamically addressed but
>>>
operates in an independent AD domain also seems to be OK.
>>>
>>>
Has anybody else ever seen anything remotely like this ?
>>>
>>>
Any ideas what I can look at to figure out where a changing DNS IP could
>>>
be getting injected into the system, across routers?
>>>
>>>
I think that I would have gotten an incorrect IP configuration if I had
>>>
a hardware based DHCP on the LAN (like a SOHO router), but it may bear
>>>
noting that a search on that IP reveals it to be one of the most
>>>
commonly referenced publicly accessable DNS servers. The IP appears
in
>>>
many pieces of hardware documentation (again, like SOHO gateways).
>>>
>>
>>
>
>
Top
From: Anthony <anthony.spam@spammedout.com>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/21/2007 03:03:28
Christopher,
The
hypothesis is that you have malware on your clients. As the users have
local
admin or power user rights this would have been easy to introduce. We
also
have to assume that your AV does not detect it. If you google for
"trojan
change dns" you will find several references.
I
think what you need to do is:
-
run several AV and spyware scanners to detect it
-
try the non-admin test
-
try to catch it "red-handed" with a changed registry value
-
remove all users from local admin and power user groups (and automate the
things
they need those rights for)
-
find out why your AV has not detected it, and switch to one that does.
The
real problem is that as your users have admin rights, and if you can
prove
the hypothesis that the machines have been compromised, then you have
no
way to know the extent of the damage and to be safe you would need to
rebuild
your network. The mitigating circumstance is that you say all access
is
through the proxy.
On
balance, you probably need to rebuild all the PC's in turn and migrate
your
users onto new non-admin config. The most important thing to do is
assess
whether there is any chance your servers or admin desktops have also
been
compromised.
Anthony,
http://www.airdesk.co.uk
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:ufv6Mu9%23HHA.1164@TK2MSFTNGP02.phx.gbl...
>
I'm going to have to try this. We are off-hours now and I am not
seeing
>
any traffic to the foreign IP. Whatever device(s) are involved or
causing
>
the issue are logged out/powered off.
>
>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>
news:%23Ajw698%23HHA.1416@TK2MSFTNGP03.phx.gbl...
>>
If you set up a PC where the user is not a Local Admin, or a Power user,
>>
does it change in this way?
>>
Anthony,
>>
http://www.airdesk.com
>>
>>
>>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>>
news:OA$jAz8%23HHA.3916@TK2MSFTNGP02.phx.gbl...
>>>
Some are. Most are "Power Users" on thier PCs.
>>>
>>>
It is just after close of business so most of the systems are off-line
>>>
right now, but I don't believe that there is actually a correlation
>>>
between these issues. If anything, with one exception, I think that
>>>
most of the PCs where I am seeing the foreign DNS entry are being used
>>>
by local non-Adminsitrators when the problem is occuring.
>>>
>>>
"Anthony" <anthony.spam@spammedout.com> wrote in message
>>>
news:egK65a8%23HHA.4880@TK2MSFTNGP03.phx.gbl...
>>>>
Christopher,
>>>>
Are your users Local Administrators?
>>>>
Anthony
>>>>
http://www.airdesk.co.uk
>>>>
>>>>
>>>>
"Christopher A. Newell" <infosystems@shiawassee.net> wrote
in message
>>>>
news:un2g$Q8%23HHA.700@TK2MSFTNGP05.phx.gbl...
>>>>>I
posted on this a couple of weeks ago and then the problem
"appeared"
>>>>>to
clear up for a while.
>>>>>
>>>>>
This appeared to be a very sporadic problem, but as I look more
>>>>>
closely it seems to be more prevalent than I had imagined.
>>>>>
>>>>>
I have a medium-small, but moderatly complex network configured in 7
>>>>>
logical segments, each operating on it's own IP subnet. In three of
>>>>>
the segments, dynamically addressed PCs are transiently loosing their
>>>>>
DNS entries, multiple local DNS servers being replaced by 168.95.1.1,
>>>>>
an operating DNS server in Taiwan. (in fact the only service
>>>>>
answering on about half of the 168.95.1.x subnet is DNS) The loss of
>>>>>
the correct DNS entrires disrupts the client's network connectivity
>>>>>
until the configuration is restored (all Internet access for user PCs
>>>>>
is through a proxy server, our firewall prevents any client address
>>>>>
from communicating with the Internet in any other way, so the affected
>>>>>
PC gets no response at all.) "ipconfig /renew" seems to
correct the
>>>>>
problem, as does re-strating the PC.
>>>>>
>>>>>
As a temporary workaround, I have assigned the outside IP to one of my
>>>>>
internal DNS servers and routed all requests for that IP to the
>>>>>
correct LAN address. This is preserving my users' connectivity but is
>>>>>
eliminating thier calls for help to notify me.
>>>>>
>>>>>
After implementing the temporary solution, I have been monitoring
>>>>>
detailed traffic on the DNS server, only to find that inquiries using
>>>>>
the off-site IP are almost constant. It seems like there is one PC,
>>>>>
occasionally two, using that IP for DNS (and SMB and a few other
>>>>>
protocols) just about all the time, although the issue seems to move
>>>>>
from computer to computer at no identifiable interval. Apparently,
>>>>>
either some of the users are experiencing problems and just
>>>>>
re-starting or the DNS error is not lasting long enough to cause them
>>>>>
to actually see the connectivity loss.
>>>>>
>>>>>
These PCs are in three different network segments, broken up at Layer
>>>>>
3, configured by three different DHCP servers (although all are in the
>>>>>
same AD forrest.) Before I identified the problem being present in
>>>>>
three different segments, I tried stopping the known DHCP server and
>>>>>
trying to obtain address information - No rogue DHCP apparent. We are
>>>>>
using 128 WEP on a small number of wireless APs, but I have ruled out
>>>>>
a customer notebook with an ICS configuration running.
>>>>>
>>>>>
I have run throuough Spyware and AV scanns of some of the affected PCs
>>>>>
with no notable results (CA-ITM and Spybot S&D). Staticly
addressed
>>>>>
PCs are not affected and one IP subnet that is dynamically addressed
>>>>>
but operates in an independent AD domain also seems to be OK.
>>>>>
>>>>>
Has anybody else ever seen anything remotely like this ?
>>>>>
>>>>>
Any ideas what I can look at to figure out where a changing DNS IP
>>>>>
could be getting injected into the system, across routers?
>>>>>
>>>>>
I think that I would have gotten an incorrect IP configuration if I
>>>>>
had a hardware based DHCP on the LAN (like a SOHO router), but it may
>>>>>
bear noting that a search on that IP reveals it to be one of the most
>>>>>
commonly referenced publicly accessable DNS servers. The IP appears
>>>>>
in many pieces of hardware documentation (again, like SOHO gateways).
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Top
From: Ace Fekay [MVP]
<PleaseAskMe@SomeDomain.com>
To:
none
Subject:
Re: Wandering DNS entry
Date:
09/21/2007 22:52:44
In
news:%23SxuCG$%23HHA.4828@TK2MSFTNGP04.phx.gbl,
Christopher
A. Newell <infosystems@shiawassee.net> typed:
>
The only thing that is actually incorrect (my error in the original
>
post) is that there are 4 LAN segments affected. One is essentially
>
my "core" which includes our Internet and two other private WAN
>
connections, as well as servers that are equally utilized among our
>
departments. The other 6 segments are departmentaly orgnaized and
>
users are grouped with server resources that they use most frequently.
>
<snipped>
The
last time I saw something like this with similar symptoms, I found a
Linksys
wireless router someone brought in causing it. It was providing DNS
addresses
that was configured on it's WAN interface while it was at the
person's
home. When they brought it in without me knowing about it, DHCP was
still
enabled. It wound up conflicting with the customer's corp scope and
options.
Something
else to think about and look for.
--
Regards,
Ace
This
posting is provided "AS-IS" with no warranties or guarantees and
confers
no rights.
Ace
Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP
Microsoft MVP - Directory Services
Microsoft
Certified Trainer
Infinite
Diversities in Infinite Combinations
Having
difficulty reading or finding responses to your post?
Try
using Outlook Express or any other newsreader, configure a news
account,
and point it to news.microsoft.com. Anonymous access. It's
easy
and it's free:
How
to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
"Life
isn't like a box of chocolates or a bowl of cherries or
peaches...
Life is more like a jar of jalapenos. What you do today
may
burn your butt tomorrow." - Garfield
Top
From: Christopher A. Newell
<infosystems@shiawassee.net>
To:
none
Subject:
Re: Wandering DNS entry - The answer
Date:
09/24/2007 14:25:09
OK.
Here's what it turned out to be. . . . A wireless access point (NOT
ROUTER).
The only explanation I can see is that DHCP was changed to on by
default
in a firmware update. This still leaves me with a bunch of
questions:
1.
Why did only the DNS address get changed. (the DNS is not user/admin
configurable
on the device, although the address range, subnet, gateway are)
I
would have expected to have gotten the full configuration from that
device,
not a full config from one device and then DNS only from another.
2.
Why didn't this device give me a complete (albeit useless in my
network)
configuration when I stopped the official DHCP server? When I
tried
this, I got the default public config after receiving an error message
becasue
no DHSP server was found.
3.
How did this effect carry over to three other dynamicaly addressed
subnets
which were sepperated by routers? (or why only three of the four?
Although
the fourth operates as a trusted domainin a separate AD forrest.)
What
I finally had to do was actually go out to the desktop of what appeared
to
be the machine which was switching DNS IPs the quickest with a sniffer
and
a hub (unmanaged switches) and capture all of the traffic until the
config
actually changed on me. Then I was able to see the offending DHCP
packet
and extract the source addresses to pinpoint the device.
"Ace
Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message
news:%23oCjJwM$HHA.4956@TK2MSFTNGP06.phx.gbl...
>
In news:%23SxuCG$%23HHA.4828@TK2MSFTNGP04.phx.gbl,
>
Christopher A. Newell <infosystems@shiawassee.net> typed:
>>
The only thing that is actually incorrect (my error in the original
>>
post) is that there are 4 LAN segments affected. One is essentially
>>
my "core" which includes our Internet and two other private WAN
>>
connections, as well as servers that are equally utilized among our
>>
departments. The other 6 segments are departmentaly orgnaized and
>>
users are grouped with server resources that they use most frequently.
>>
>
<snipped>
>
>
The last time I saw something like this with similar symptoms, I found a
>
Linksys wireless router someone brought in causing it. It was providing
>
DNS addresses that was configured on it's WAN interface while it was at
>
the person's home. When they brought it in without me knowing about it,
>
DHCP was still enabled. It wound up conflicting with the customer's corp
>
scope and options.
>
>
Something else to think about and look for.
>
>
--
>
Regards,
>
Ace
>
>
This posting is provided "AS-IS" with no warranties or guarantees
and
>
confers no rights.
>
>
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
>
MVP Microsoft MVP - Directory Services
>
Microsoft Certified Trainer
>
>
Infinite Diversities in Infinite Combinations
>
>
Having difficulty reading or finding responses to your post?
>
Try using Outlook Express or any other newsreader, configure a news
>
account, and point it to news.microsoft.com. Anonymous access. It's
>
easy and it's free:
>
>
How to Configure OEx for Internet News
>
http://support.microsoft.com/?id=171164
>
>
"Life isn't like a box of chocolates or a bowl of cherries or
>
peaches... Life is more like a jar of jalapenos. What you do today
>
may burn your butt tomorrow." - Garfield
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Wandering DNS entry - The answer
Date:
09/24/2007 16:13:08
I
am glad you found it, and well done Ace for identifying it!
Anthony,
http://www.airdesk.co.uk
"Christopher
A. Newell" <infosystems@shiawassee.net> wrote in message
news:eeh7MFu$HHA.5328@TK2MSFTNGP05.phx.gbl...
>
OK. Here's what it turned out to be. . . . A wireless access point
(NOT
>
ROUTER). The only explanation I can see is that DHCP was changed to
on by
>
default in a firmware update. This still leaves me with a bunch of
>
questions:
>
1. Why did only the DNS address get changed. (the
DNS is not
>
user/admin configurable on the device, although the address range, subnet,
>
gateway are) I would have expected to have gotten the full configuration
>
from that device, not a full config from one device and then DNS only from
>
another.
>
2. Why didn't this device give me a complete (albeit
useless in my
>
network) configuration when I stopped the official DHCP server? When
I
>
tried this, I got the default public config after receiving an error
>
message becasue no DHSP server was found.
>
3. How did this effect carry over to three other
dynamicaly addressed
>
subnets which were sepperated by routers? (or why only three of the
four?
>
Although the fourth operates as a trusted domainin a separate AD forrest.)
>
>
What I finally had to do was actually go out to the desktop of what
>
appeared to be the machine which was switching DNS IPs the quickest with a
>
sniffer and a hub (unmanaged switches) and capture all of the traffic
>
until the config actually changed on me. Then I was able to see the
>
offending DHCP packet and extract the source addresses to pinpoint the
>
device.
>
>
"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in
message
>
news:%23oCjJwM$HHA.4956@TK2MSFTNGP06.phx.gbl...
>>
In news:%23SxuCG$%23HHA.4828@TK2MSFTNGP04.phx.gbl,
>>
Christopher A. Newell <infosystems@shiawassee.net> typed:
>>>
The only thing that is actually incorrect (my error in the original
>>>
post) is that there are 4 LAN segments affected. One is essentially
>>>
my "core" which includes our Internet and two other private WAN
>>>
connections, as well as servers that are equally utilized among our
>>>
departments. The other 6 segments are departmentaly orgnaized and
>>>
users are grouped with server resources that they use most frequently.
>>>
>>
<snipped>
>>
>>
The last time I saw something like this with similar symptoms, I found a
>>
Linksys wireless router someone brought in causing it. It was providing
>>
DNS addresses that was configured on it's WAN interface while it was at
>>
the person's home. When they brought it in without me knowing about it,
>>
DHCP was still enabled. It wound up conflicting with the customer's corp
>>
scope and options.
>>
>>
Something else to think about and look for.
>>
>>
--
>>
Regards,
>>
Ace
>>
>>
This posting is provided "AS-IS" with no warranties or guarantees
and
>>
confers no rights.
>>
>>
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
>>
MVP Microsoft MVP - Directory Services
>>
Microsoft Certified Trainer
>>
>>
Infinite Diversities in Infinite Combinations
>>
>>
Having difficulty reading or finding responses to your post?
>>
Try using Outlook Express or any other newsreader, configure a news
>>
account, and point it to news.microsoft.com. Anonymous access. It's
>>
easy and it's free:
>>
>>
How to Configure OEx for Internet News
>>
http://support.microsoft.com/?id=171164
>>
>>
"Life isn't like a box of chocolates or a bowl of cherries or
>>
peaches... Life is more like a jar of jalapenos. What you do today
>>
may burn your butt tomorrow." - Garfield
>>
>
>
Top
From: Ace Fekay [MVP]
<PleaseAskMe@SomeDomain.com>
To:
none
Subject:
Re: Wandering DNS entry - The answer
Date:
09/25/2007 22:35:32
In
news:OMpw$%23u$HHA.5164@TK2MSFTNGP05.phx.gbl,
Anthony
<anthony.spam@spammedout.com> typed:
>
I am glad you found it, and well done Ace for identifying it!
>
Anthony, http://www.airdesk.co.uk
>
Thanks.
It was just a guess based on previous runnings-in with something
similar.
Ace
Top
From: Ace Fekay [MVP]
<PleaseAskMe@SomeDomain.com>
To:
none
Subject:
Re: Wandering DNS entry - The answer
Date:
09/25/2007 22:39:21
In
news:eeh7MFu$HHA.5328@TK2MSFTNGP05.phx.gbl,
Christopher
A. Newell <infosystems@shiawassee.net> typed:
>
OK. Here's what it turned out to be. . . . A wireless access point
>
(NOT ROUTER). The only explanation I can see is that DHCP was
>
changed to on by default in a firmware update. This still leaves me
>
with a bunch of questions:
>
1. Why did only the DNS address get changed. (the
DNS is not
>
user/admin configurable on the device, although the address range,
>
subnet, gateway are) I would have expected to have gotten the full
>
configuration from that device, not a full config from one device and
>
then DNS only from another. 2. Why didn't this device
give me a
>
complete (albeit useless in my
>
network) configuration when I stopped the official DHCP server? When
>
I tried this, I got the default public config after receiving an
>
error message becasue no DHSP server was found.
>
3. How did this effect carry over to three other
dynamicaly
>
addressed subnets which were sepperated by routers? (or why only
>
three of the four? Although the fourth operates as a trusted domainin
>
a separate AD forrest.)
>
What I finally had to do was actually go out to the desktop of what
>
appeared to be the machine which was switching DNS IPs the quickest
>
with a sniffer and a hub (unmanaged switches) and capture all of the
>
traffic until the config actually changed on me. Then I was able to
>
see the offending DHCP packet and extract the source addresses to
>
pinpoint the device.
As
for #1 and 2, I've seen just the DNS address get changed especially if
the
scope the wireless device is giving out is the same. I also can't answer
#3
in your scenario. Are you using IP helpers or DHCP agents?
Just
one note, I do not believe a true access point (AP) has teh ability to
provide
DHCP from the ones that I've used from Cisco 1231's to Linksys APs.
They
bridge the wireless segment and wired segment. Now a router will do
that,
and I've seen routers do just what you've described. Now if APs now
offer
DHCP services, that's a cool little feature, but then I would imagine
it
will be on a difrerent segment and routing traffic.
Ace
Top
From: Kevin D. Goodknecht Sr. [MVP]
<admin@nospam.WFTX.US>
To:
none
Subject:
Re: wildcard DNS entry not resolving
Date:
09/18/2007 14:42:44
Read
inline please.
In
news:09563F05-E72A-4310-AFD2-BDF57E8DB827@microsoft.com,
Frank
<Frank@discussions.microsoft.com> typed:
>
I added a wildcard entry to a sub domain of my company's Active
>
Directory domain in Microsoft DNS, but it does not resolve any names.
>
The domain is AD integrated since it is the Windows domain we use on
>
our network.
>
>
The same wildcard setup works in another domain that is AD
>
integrated, but not an actual Active Directory windows domain.
>
>
Any ideas?
ADI
zones do support Wildcard records, and they work as expected. But, I
would
not use one if the domain name is in any DNS suffix search list. Keep
im
mind the DNS suffix search list is appended to any Query that doesn't end
with
a trailing "."(dot).
--
Best
regards,
Kevin
D. Goodknecht Sr. [MVP]
Hope
This Helps
===================================
When
responding to posts, please "Reply to Group"
via
your newsreader so that others may learn and
benefit
from your issue, to respond directly to
me
remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use
Outlook Express?... Get OE_Quotefix:
It
will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep
a back up of your OE settings and folders
with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: Windows Server Bug?
Date:
09/26/2007 16:30:15
Hi
As
far as I know that info isregistered in:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\SearchList
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"dveit"
<darrin_veit@csgsystems.com> wrote in message
news:OZPyyqGAIHA.4324@TK2MSFTNGP02.phx.gbl...
>
Ran into an issue where writing a WMI script to change the DNS server list
>
and DNS suffix search order on a given interface runs successfully and the
>
results are shown in the Local Area Network Configuration GUI for a given
>
interface. However, there was a GPO that was setting the DNS servers and
>
DNS suffix search order as well and this setting was shown in ipconfig and
>
the registry (and utlimately was the setting that was taking effect). So
>
my question is: where does WMI write DNS server and suffix search order
>
information to and where does the Local Area Network Configuration GUI
>
pull information from since the registry value was not changed by the WMI
>
script?
>
Top
From: dveit
<darrin_veit@csgsystems.com>
To:
none
Subject:
Re: Windows Server Bug?
Date:
09/26/2007 16:49:06
Correct,
the information show via ipconfig and populate via GPO is in the
registry.
However, what is shown in the GUI and populated in WMI is not
located
in the registry.
"Jorge
Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:%23H6foRIAIHA.5980@TK2MSFTNGP04.phx.gbl...
>
Hi
>
As far as I know that info isregistered in:
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\SearchList
>
>
--
>
I hope that the information above helps you.
>
Have a Nice day.
>
>
Jorge Silva
>
MCSE, MVP Directory Services
>
"dveit" <darrin_veit@csgsystems.com> wrote in message
>
news:OZPyyqGAIHA.4324@TK2MSFTNGP02.phx.gbl...
>>
Ran into an issue where writing a WMI script to change the DNS server
>>
list and DNS suffix search order on a given interface runs successfully
>>
and the results are shown in the Local Area Network Configuration GUI for
>>
a given interface. However, there was a GPO that was setting the DNS
>>
servers and DNS suffix search order as well and this setting was shown in
>>
ipconfig and the registry (and utlimately was the setting that was taking
>>
effect). So my question is: where does WMI write DNS server and suffix
>>
search order information to and where does the Local Area Network
>>
Configuration GUI pull information from since the registry value was not
>>
changed by the WMI script?
>>
>
>
Top
From: Jorge Silva
<jorgesilva_pt@hotmail.com>
To:
none
Subject:
Re: Windows Server Bug?
Date:
09/26/2007 18:51:32
I'm
not a script master but can you post here ythe script and describe the
exact
steps that you did?
--
I
hope that the information above helps you.
Have
a Nice day.
Jorge
Silva
MCSE,
MVP Directory Services
"dveit"
<darrin_veit@csgsystems.com> wrote in message
news:ubadRcIAIHA.5980@TK2MSFTNGP04.phx.gbl...
>
Correct, the information show via ipconfig and populate via GPO is in the
>
registry. However, what is shown in the GUI and populated in WMI is not
>
located in the registry.
>
>
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>
news:%23H6foRIAIHA.5980@TK2MSFTNGP04.phx.gbl...
>>
Hi
>>
As far as I know that info isregistered in:
>>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\SearchList
>>
>>
--
>>
I hope that the information above helps you.
>>
Have a Nice day.
>>
>>
Jorge Silva
>>
MCSE, MVP Directory Services
>>
"dveit" <darrin_veit@csgsystems.com> wrote in message
>>
news:OZPyyqGAIHA.4324@TK2MSFTNGP02.phx.gbl...
>>>
Ran into an issue where writing a WMI script to change the DNS server
>>>
list and DNS suffix search order on a given interface runs successfully
>>>
and the results are shown in the Local Area Network Configuration GUI
>>>
for a given interface. However, there was a GPO that was setting the DNS
>>>
servers and DNS suffix search order as well and this setting was shown
>>>
in ipconfig and the registry (and utlimately was the setting that was
>>>
taking effect). So my question is: where does WMI write DNS server and
>>>
suffix search order information to and where does the Local Area Network
>>>
Configuration GUI pull information from since the registry value was not
>>>
changed by the WMI script?
>>>
>>
>>
>
>
Top
From: Kevin D. Goodknecht Sr. [MVP]
<admin@nospam.WFTX.US>
To:
none
Subject:
Re: zone transfers delay
Date:
09/18/2007 14:31:53
Read
inline please.
In
news:E62D74C4-A74F-4901-A3AE-5C11420692DF@microsoft.com,
Savvas
<Savvas@discussions.microsoft.com> typed:
>
Hi all,
>
>
I'm facing with the following problem.
>
I have a primary DNS zone on a linux box running bind 9.4.1_P1 for my
>
domain. On my W2K3 AD DC I have a secondary zone for my domain.
>
All my clients use my W2K AD DC's DNS for name resolution.
>
When I update a record on my primary DNS zone my W2K3 AD DC gets the
>
notification but transfers the zone with great delay even more that 1
>
hour. This results in false DNS query from my clients whenever I
>
update a record in my primary DNS zone for as far as it takes for my
>
W2K3 AD DC to transfer / reload the zone.
>
You
will need to enable Notify on the Primary zone on the BIND DNS and make
sure
the zone Serial is incremented. BIND does not automatically increment
the
serial, IIRC. I can't remember exactly how to enable Notify on BIND,
someone
may be able to answer this or you can post this in a BIND forum.
Without,
Notify being enabled, the secondary uses the Refresh, Retry and
Expire
values for checking zone data.
Keep
in mind that even after the zone is transferred, the old IP may be
cached
on the clients until the TTL expires on the record.
--
Best
regards,
Kevin
D. Goodknecht Sr. [MVP]
Hope
This Helps
===================================
When
responding to posts, please "Reply to Group"
via
your newsreader so that others may learn and
benefit
from your issue, to respond directly to
me
remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use
Outlook Express?... Get OE_Quotefix:
It
will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep
a back up of your OE settings and folders
with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Top
From: Savvas <Savvas@discussions.microsoft.com>
To:
none
Subject:
Re: zone transfers delay
Date:
09/19/2007 03:00:05
Notifications
are enabled on the Primary zone.
My
W2K3 AD DC receives the notifications, as I mentioned on my initial post,
but
it reloads / transfers the zone from BIND Primary zone after almost an
hour.
Any
other suggestions for this delay?
Thank
you again.
Best
Regards,
Savvas
"Kevin
D. Goodknecht Sr. [MVP]" wrote:
>
Read inline please.
>
>
In news:E62D74C4-A74F-4901-A3AE-5C11420692DF@microsoft.com,
>
Savvas <Savvas@discussions.microsoft.com> typed:
>
> Hi all,
>
>
>
> I'm facing with the following problem.
>
> I have a primary DNS zone on a linux box running bind 9.4.1_P1 for my
>
> domain. On my W2K3 AD DC I have a secondary zone for my domain.
>
> All my clients use my W2K AD DC's DNS for name resolution.
>
> When I update a record on my primary DNS zone my W2K3 AD DC gets the
>
> notification but transfers the zone with great delay even more that 1
>
> hour. This results in false DNS query from my clients whenever I
>
> update a record in my primary DNS zone for as far as it takes for my
>
> W2K3 AD DC to transfer / reload the zone.
>
>
>
>
You will need to enable Notify on the Primary zone on the BIND DNS and make
>
sure the zone Serial is incremented. BIND does not automatically increment
>
the serial, IIRC. I can't remember exactly how to enable Notify on BIND,
>
someone may be able to answer this or you can post this in a BIND forum.
>
Without, Notify being enabled, the secondary uses the Refresh, Retry and
>
Expire values for checking zone data.
>
>
Keep in mind that even after the zone is transferred, the old IP may be
>
cached on the clients until the TTL expires on the record.
>
>
>
--
>
Best regards,
>
Kevin D. Goodknecht Sr. [MVP]
>
Hope This Helps
>
>
===================================
>
When responding to posts, please "Reply to Group"
>
via your newsreader so that others may learn and
>
benefit from your issue, to respond directly to
>
me remove the nospam. from my email address.
>
===================================
>
http://www.lonestaramerica.com/
>
http://support.wftx.us/
>
http://message.wftx.us/
>
===================================
>
Use Outlook Express?... Get OE_Quotefix:
>
It will strip signature out and more
>
http://home.in.tum.de/~jain/software/oe-quotefix/
>
===================================
>
Keep a back up of your OE settings and folders
>
with OEBackup:
>
http://www.oehelp.com/OEBackup/Default.aspx
>
===================================
>
>
>
Top
Post your
questions, comments, feedbacks and suggestions
|