- Posts: 40
- Thank you received: 0
Possible DNS issue
19 years 4 months ago #9160
by necronian
Replied by necronian on topic Re: Possible DNS issue
I have, actually.
I have gained a lot of new information, if you are interested in seeing it. Perhaps this will shed some light on the issue.
Using nslookup on the server returns the following text:
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.1
Using dcdiag on the server returns the following text:
Server's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(c2988ff3-d419-4ebb-9448-34c5ae8535eb._msdcs.company.com) couldn't
be resolved, the server name (Server.company.com) resolved
to the IP address (192.168.0.1) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... Server failed test Connectivity
Testing server: Default-First-Site-Name\Server
Skipping all tests, because server Server is
not responding to directory service requests
I have gained a lot of new information, if you are interested in seeing it. Perhaps this will shed some light on the issue.
Using nslookup on the server returns the following text:
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.1
Using dcdiag on the server returns the following text:
Server's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(c2988ff3-d419-4ebb-9448-34c5ae8535eb._msdcs.company.com) couldn't
be resolved, the server name (Server.company.com) resolved
to the IP address (192.168.0.1) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... Server failed test Connectivity
Testing server: Default-First-Site-Name\Server
Skipping all tests, because server Server is
not responding to directory service requests
19 years 4 months ago #9162
by DaLight
Replied by DaLight on topic Re: Possible DNS issue
necronian, I think you will need to reinstall DNS but not necessarily AD. I've found a Microsoft KB that provides instructions for proper reinstallation of a misbehaving DNS server.
support.microsoft.com/default.aspx?scid=...-us;Q294328&FR=1
support.microsoft.com/default.aspx?scid=...-us;Q294328&FR=1
19 years 4 months ago #9180
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Possible DNS issue
It seems like your server does have a few DNS issues necronian!
After reading the previous posts, there are a few things I'd like to comment on, in hope to help resolve your problems.
Since your Windows server is acting as an DHCP/DNS/DC server, its best advised not to push down to your clients the ISP's DNS servers. As Dalight also noted, it would be best to make your clients use your local server as a DNS server, giving you greater flexibility and control. At the same time, use your ISP's DNS as a forwarder in your local DNS server settings.
Regarding the problem of resolving the external mycompany.com domain, I do have a few questions, but if I understood it correctly, your using the same domain internally in your private lan while it also happens to exist on the Internet as a real domain;
To overcome the problem with the clients not being able to see the external web and mail servers when pointing them to your local DNS server, you can create the domain in your local DNS database and simply point the www-cname and mx records to the correct public IP addresses. This should resolve this problem.
I'm not sure if I'm missing something or forgotten anything, but do let me know if the above suggestions are possible to implement.
Closing, the errors reported on your tests are not encouraging and show possibly more problems with your configuration/setup. I'd suggest you also check your event viewer for more errors that might help you resolve them without deleting and recreating local domains as you've mentioned this server is also the Domain Controller.
Just be careful with every step so you don't find yourself in a messy situation. I'd always check with support.microsoft.com for any errors you can't understand - their site tends to have great documentation.
We'll be waiting for your results/feedback!
After reading the previous posts, there are a few things I'd like to comment on, in hope to help resolve your problems.
Since your Windows server is acting as an DHCP/DNS/DC server, its best advised not to push down to your clients the ISP's DNS servers. As Dalight also noted, it would be best to make your clients use your local server as a DNS server, giving you greater flexibility and control. At the same time, use your ISP's DNS as a forwarder in your local DNS server settings.
Regarding the problem of resolving the external mycompany.com domain, I do have a few questions, but if I understood it correctly, your using the same domain internally in your private lan while it also happens to exist on the Internet as a real domain;
To overcome the problem with the clients not being able to see the external web and mail servers when pointing them to your local DNS server, you can create the domain in your local DNS database and simply point the www-cname and mx records to the correct public IP addresses. This should resolve this problem.
I'm not sure if I'm missing something or forgotten anything, but do let me know if the above suggestions are possible to implement.
Closing, the errors reported on your tests are not encouraging and show possibly more problems with your configuration/setup. I'd suggest you also check your event viewer for more errors that might help you resolve them without deleting and recreating local domains as you've mentioned this server is also the Domain Controller.
Just be careful with every step so you don't find yourself in a messy situation. I'd always check with support.microsoft.com for any errors you can't understand - their site tends to have great documentation.
We'll be waiting for your results/feedback!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
19 years 3 months ago #9335
by necronian
Replied by necronian on topic Re: Possible DNS issue
We finally were able to work around the problem by creating A records for both the email and website on the local DNS. Unfortunately, some of the VPN clients could still not see the DNS.
My supervisor, under the advice of a technician from the customer's ISP, opened the DNS port on the Sonicwall to accept outside inquiries, and then had the DHCP push the external IP of the wall as primary, and the IP of the local DNS as secondary.
It works, but I am a bit concerned with security at this point. It feels as though we have patched this up haphazardly. While it works, we may have created an issue, or issues that will surface later, while at the same time, not fully understanding issues that are still on-going.
I appreciate all of the advice I've received.
My supervisor, under the advice of a technician from the customer's ISP, opened the DNS port on the Sonicwall to accept outside inquiries, and then had the DHCP push the external IP of the wall as primary, and the IP of the local DNS as secondary.
It works, but I am a bit concerned with security at this point. It feels as though we have patched this up haphazardly. While it works, we may have created an issue, or issues that will surface later, while at the same time, not fully understanding issues that are still on-going.
I appreciate all of the advice I've received.
19 years 3 months ago #9336
by DaLight
Replied by DaLight on topic Re: Possible DNS issue
By opening a port on your SonicWall, I trust you mean in the outgoing direction as opposed to incoming.
I agree with you that this is still not a satisfactory state of affairs. Your local clients should be able to use your DC for primary DNS.
Keep us posted if anything new crops up.
I agree with you that this is still not a satisfactory state of affairs. Your local clients should be able to use your DC for primary DNS.
Keep us posted if anything new crops up.
19 years 3 months ago #9435
by necronian
Replied by necronian on topic Re: Possible DNS issue
No, actually, I mean both ways. :oops: I know this is not a good idea, which led us to our next step.
We wound up taking the VPN apart, allowing each of the Sonicwalls to provide the local workstations with an address through their own DHCP. At server (the main office) we did the same, but left the A records for both the email server and the web server. As it stands right now, everything is working (hehe, of course it works, all of the remote locations are using their ISP DNS.)
Sorry, Chris. I forgot to answer this one. Yes, the local domain is the same as an existing domain on the internet. I personally believe this to be our primary problem, but demoting the DC and starting over is not an option at the moment.
We wound up taking the VPN apart, allowing each of the Sonicwalls to provide the local workstations with an address through their own DHCP. At server (the main office) we did the same, but left the A records for both the email server and the web server. As it stands right now, everything is working (hehe, of course it works, all of the remote locations are using their ISP DNS.)
Regarding the problem of resolving the external mycompany.com domain, I do have a few questions, but if I understood it correctly, your using the same domain internally in your private lan while it also happens to exist on the Internet as a real domain;
Sorry, Chris. I forgot to answer this one. Yes, the local domain is the same as an existing domain on the internet. I personally believe this to be our primary problem, but demoting the DC and starting over is not an option at the moment.
Time to create page: 0.136 seconds