AD DNS servers across WAN

Similar Messages

• My airport extreme cannot connect to the internet because it says it has no DNS servers. How can I fix this?

  I just moved and am setting up a new apartment. Verizon put in internet service yesterday. I got a network going on my airport extreme but it could not connect to the internet because it says it has no DNS servers. help! What do I do now?

  Ensure that the ethernet is connected to the WAN port (with the dotted circle).
  You may have to reset and reconfigure your Airport Extreme.

• Pros and cons of changing DNS servers?

  Hello guys, First of all I am a non technical person related to DNS servers. So I want to know what are the pros and cons if you change your DNS servers?
  I wanted to access Netflix but its not yet available in my country so I came across http://unotelly.com/ . They provide a method to access but by changing DNS. Can someone guide should I do it? What are the pros and cons? Thank you

  The DNS is what translates in and outgoing URLs to your local domain server. Changing it may have no adverse effect. It could result in faster or slower translations, but you may not even notice either. However, if it does not work properly, then you will not get web sites in your browser until you revert back to a DNS that you know works or delete all added DNS entries which returns to the system default.

• Best practices for 2 x DNS servers with 2 x sites

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?
  Site1
  DC1: Primary 10.0.0.7. Secondary 10.0.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.0.0.8.  Secondary 10.0.0.7. Tertiary 127.0.0.1
  Site2
  DC1: Primary 10.2.0.7.  Secondary 10.2.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.2.0.8.  Secondary 10.2.0.7. Tertiary 127.0.0.1
  The DC's should automatically register in msdcs.  Do not register external DNS servers in msdcs or it will lead to issues. Yes, I recommend all zones to be set to AD-integrated. No need to allow zone transfers as AD replication will take care
  of this for you.  Same for mydomain.local.
  Hope this helps.  

• Remote DNS server across ASA

  Hi guys,
  i am hoping if anyone can reply to my query below.
  We have got a new batch of servers and they reside on a separate VLAN 192.168.45.x 255.255.255.0
  Those  servers are required to be registered on the DNS server located on  the remote site (SITE 2). Please refer to the attached diagaram. We  also have a DNS server in our LAN but these new servers will need  to be in the domain in SITE 2
  Can anyone advise if need anythin else other than the following ACLs in the ASA firewall
  Access-list inside extended permit udp 192.168.45.0 255.255.255.0 host 10.10.100.150 eq 53
  Access-list inside extended permit tcp 192.168.45.0 255.255.255.0 host 10.10.100.150 eq 53
  Thanks
  jay

  The ACL entries above will allow DNS queries across the provider link from your local site. We are assuming matching entries allow the communications on the remote and and that routing etc. is all in place.. 
  You asked however about needing to be "registered" on the DNS server and in the domain. Also your diagram mentions the server is a DHCP server and you show it configured with the helper-address in your local core switch. DHCP uses TCP ports 67 and 68. When you say domain if you are talking about a Windows domain that is another set of ports.

• Airport not distributing DNS servers over network

  Hi everyone,
  I connect to the Internet over ADSL (ISP: Arnet Highway, Buenos Aires, Argentina) using PPPoE from my MacBook Pro.
  I have my ADSL modem connected to the Airport Extreme (802.11n) and distributing IP over DHCP just fine. Every device that joins the network obtains a valid IP.
  However, DNS servers aren't distributed by the router over the network. Every connected device has to be manually configured to set the DNS servers of my ISP to be able to resolve hosts, instead of 'asking' these addresses to the router, as it should be.
  Initially I thought there might be a problem obtainig the DNS servers from the ISP. So in the Airport Utility, in Internet / PPPoE settings, I've manually set my ISP's DNS servers, which should be distributed over the network to all connected devices.
  This doesn't happen, and every somebody new joins my wireless network I have to manually change the DNS servers for that connection which, as I'm sure you'll agree with me, can be quite annoying. Not to mention what would happen if my ISP decides to use dynamic DNS addresses.
  Thanks for any help you might provide.
  Cheers.

  Hello belbo,
  I connect to the Internet over ADSL using PPPoE from my MacBook Pro.
  Is your Macbook Pro Network configured to use PPPoE or DHCP?
  I have my ADSL modem connected to the Airport Extreme (802.11n) and distributing IP over DHCP just fine. Every device that joins the network obtains a valid IP.
  Is NAT enabled on the AE? Are the valid IP Address obtained from your ISP or from the AE?
  However, DNS servers aren't distributed by the router over the network. Every connected device has to be manually configured to set the DNS servers of my ISP to be able to resolve hosts, instead of 'asking' these addresses to the router, as it should be.
  When you setup the AE to use PPPoE did you enter a Domain Name or a DHCP Client ID?
  Initially I thought there might be a problem obtainig the DNS servers from the ISP. So in the Airport Utility, in Internet / PPPoE settings, I've manually set my ISP's DNS servers, which should be distributed over the network to all connected devices.
  The DNS servers listed in the AE aren't distributed to each Network Device but are only used to translate names into IP addresses when need by a Network Device.
  This doesn't happen, and every somebody new joins my wireless network I have to manually change the DNS servers for that connection which, as I'm sure you'll agree with me, can be quite annoying. Not to mention what would happen if my ISP decides to use dynamic DNS addresses.
  If your AE is distributing IP Address using DHCP and NAT then this should not be a problem but I'm not sure without more information about the questions I asked.
  Later.
  Buzz

• How do you setup a server to use multiple DNS servers that are not connect to each other?

  Is there a way to setup a server that connects to two different domains to use the proper DNS server for name resolution?
  Let say there are two DCs: serverA.subdomaina.domain.com and serverB.subdoamainb.domain.com.  The domains are independent and not connected.  Now you need a common server that is connected to both and need to resolve names from both
  domains.
  Is this possible?
  I have setup a server in a workgroup.  One NIC has the subdomaina.domain.com connection specific suffix and the other nic has the subdomainb.domain.com.  Each NIC has the DNS server listed for the domain it is connected to.
  This configuration will resolve FQDNs of one domain but not the other.  This I believe is due to the fact the server only querys one DNS server and doesn't try the other DNS server.
  Is there any way to make the server try another DNS server, if the first one doesn't have the entry?

  Hi,
  Thank you for posting in Windows Server Forum.
  Here adding to the words of “Tim”, a forwarder is a DNS server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. You can also forward queries according to specific domain names using conditional forwarders.
  A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server. You can refer information regarding forwarders and how to configure from beneath link.
  Understanding forwarders
  http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx
  Configure a DNS Server to Use Forwarders
  http://technet.microsoft.com/en-us/library/cc754941.aspx
  Hope it helps!
  Regards.

• Update Policy for multiple networks with specific DNS servers

  I have a mid size network with 5 locations all with different IP addresses. All sites host their own DNS servers and connect directly through an ISP dedicated VLAN.
  Main Site
  10.1.1.1
  255.0.0.0
  Remote Site 1
  192.168.100.1
  255.255.255.0
  Remote Site 2
  192.168.101.1
  255.255.255.0
  Remote Site 3
  192.168.102.1
  255.255.255.0
  Remote Site 4
  192.168.103.1
  255.255.255.0
  All sites can be managed through the main site, but have their own DNS servers on location.
  My purpose is to point all computers and devices to a new DNS server from their previous static assignment. (XP and later versions)
  My question is can I use GP or DHCP* to push DNS server information to each device making them site specific without having to travel to those locations?
  Requirements:
  All devices on 10.1.1.1 will be changing from 10.1.1.2 to 10.1.1.4 (decom of old 2k3 server)
  DNS servers at each 192 location will need to point secondary server to 10.1.1.4
  Devices at main will need to use 10.1.1.4 as primary and 10.1.1.3 as secondary.
  Devices at each site will need to keep their respective DNS server.
  *If I use DHCP to change the information on a per scope level, can I use GP to force computers with locally set static assignments to update to DHCP static assignments
  Bonus: If anyone can give me an estimate on how much network traffic/bandwidth this would create that would be great because I would consider staggering the assignments as I am a 24 hour business.

  Hi,
  You may configure a Scheduled Task Item in Group Policy.
  To create a new Scheduled Task preference item, please follow the steps below,
  Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click
  Edit .
  In the console tree under Computer Configuration or
  User Configuration , expand the Preferences folder, and then expand the
  Control Panel Settings folder.
  Right-click the Scheduled Tasks node, point to
  New , and select Scheduled Task .
  In the New Scheduled Task Properties dialog box, select an
  Action for Group Policy to perform. (For more information, see "Actions" in this topic.)
  On the Task tab, enter task settings for Group Policy to configure or remove. (For more information, see "Task settings" in this topic.)
  If creating, updating, or replacing a task:
  Click the Schedule tab, and configure one or more schedules for the task. (For more information, see "Schedule settings" in this topic.)
  Click the Settings tab, and enter any additional task settings for Group Policy to configure. (For more information, see "Other scheduled task settings" in this topic.)
  Click the Common tab, configure any options, and then type your comments in the
  Description box. (For more information, see
  Configure Common Options.)
  Click OK . The new preference item appears in the details pane.
  In the task, you may use netsh to set the DNS address.
  netsh interface ip set dns name="Local Area Connection" static yourdnssetting
  Here is an article about netsh command,
  http://technet.microsoft.com/en-us/library/cc738592(v=WS.10).aspx#BKMK_5
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Time Capsule - No DNS servers and Double NAT

  I'm connecting an MBP running 10.5.6 to a Time Capsule which accesses Virgin Media broadband using a cable modem.
  It has been working fine for 6 months, but I made some changes this morning to get my wireless camera onto the network, which broke the connection, and don't seem to be able to undo them.
  The TC now flashes amber, and going into Airport Utility I get the following errors:
  - No DNS Servers
  - Double NAT
  I've typed the DNS servers' IP addresses for my ISP into Airport Utility but it doesn't seem to recognise them. It also complains about a double NAT problem but I don't have another router assigning IP addresses.
  I've also tried a hard reset on the TC, switched it and the modem off, waited 30 mins and then switched back on again - no luck.
  Screenshots of all the settings on my TC from Airport Utility are here:
  http://web.me.com/julianlove/Site/TimeCapsule.html
  I'm not very knowledgeable about networking so any assistance appreciated.

  Double NAT is an indication that you have two devices on the network both trying to perform routing duties. You only want one device doing this on a network. Solve the NAT issue and the DNS issue will go away as well.
  What is the make and model number of the device that you call your "modem"?

• Time Capsule Problems - No DNS Servers Where did they go?

  I have an iMac and macbookpro using a TC connected to high speed cable modem. Everything has worked fine for a year+. All of the sudden I can't connect to Internet. Under airport utility it says I have no dns servers and has two empty boxes. Then it says something about choosing or not choosing the bridge option. Never had to deal with any of this before and don't know what to enter.
  I checked and modem and everything leading to TC is working ok. I tried turning off/on, unplugging, some other guesses but no luck.
  I work from home and could really use some help asap. It is extremely appreciated...thanks!

  I am experiencing the same problem with my time capsule. I have owned the timecapsule for a couple of years and have had no connectivity issues with it.
  Regarding the Double NAT:
  I have tried switching to bridge mode, but I just loose internet connectivity completely. I would appreciate it if someone would post any common problems with using bridge that I should look for.
  I would think that if Double NAT were an issue that the Airport would report it consistently rather then intermittently.
  Regarding the lack of DNS:
  I also switched to several combinations of DNS servers (comcast, google, and openDNS). No combinations solves the problem.
  When I loose connectivity in NAT mode I go get a drink of water and comeback and the problem has resolved itself. I then reestablish my VPN link and continue work.
  I have not noticed this when I am not using VPN; but I have a hard time believing that a VPN running on my MBP would affect the TC. I use VPN a lot, so the odds are that it will happen when I am using VPN.
  I have had this ISP (comcast) since February. The problem (the TC reporting double NAT and no DNS) started to happen in June.
  I have always had problems with my VPN dropping while I am using comcast. Under my previous ISP VPN rarely dropped.

• Unix command in ARD to remove DNS Servers from Network prefs?

  I need to know how to send a unix command to remove DNS Servers in Network preferences. I need the DNS Servers field to be blank. Can this be done?

  Our network administrator is getting ready to change the IP address of our DNS server. This means I have over 30 Macs that will be needing changes to their DNS settings. Since each machine is setup with limited access to the system prefs, that means I have to go to each machine and log in as the admin user to make this change. In the interest of saving time, is this something I can do with Remote Desktop and how? Would I use the same commands in this post and replace dns1 with our DNS' new IP address? Will this distrupt the users access to the network when I do so?
  Thanks for any help.
  Beth

• Is Verizon not allowing connections to alternate DNS servers anymore?

  Last night I ran a DNS benchmark test, and a notice popped up saying my ISP was intercepting and redirecting all outgoing DNS requests. I've been using OpenDNS for a year now without any problems, then I found out last night I am not connecting to their servers, so I tried Googles servers, no luck there either.
  I called tech support (several times) and no one could give me a straight answer to my question: Is Verizon not allowing connections to alternate DNS servers anymore? I was forced to switch back to Verizon servers, not happy about that.
  Can someone please answer my question? Thanks.

  I'm on FiOS and I've got no issues using OpenDNS.  I have the Quantum router set to use it.  Works fine.
  I've manually changed DNS on my computer to google's servers.  No problems with this, either.
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

• Domain Controllers that are DNS servers DNS Client settings

  [Copying verbatim from a mail by Joe ]
  So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
  From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
  is the quote
  "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
  From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
  Server 2008 R2 Core Network Guide)
  "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
  local computer.
  10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
  the local computer."
  From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
  "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
  itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
  be configured only as a secondary or tertiary DNS server on a domain controller...
  Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
  DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
  Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
  From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
  DNS servers on <adapter name> should include the loopback address, but not as the first entry)
  "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
  The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
  or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
  as a secondary or tertiary DNS server on a domain controller."
  This also seems like justification against only using loopback versus using it first.
  Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
  to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
  And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
  thanks, 
  joe

  As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
  http://support.microsoft.com/kb/275278 for information about this scenario.
  However, there is still a known problem of slow boot times that can occur. See
  http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
  multiple servers come online simultaneously after power is restored, there can be a significant delay.
  The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
  -Greg

• BUG in IMS 5.2 P 1 on Windows 2000 : not using the correct DNS servers

  Hi everyone,
  I encountered a queer bug in Ims 5.2 on Windows 2000.
  Let me explain it to all of you to avoid spending time and money debugging this problem.
  The problem may occur on Windows 2000 Server if the server used was formerly configured to obtain its IP address from a DHCP server (before using it for mail purposes).
  Windows 2000 doesn't delete its DHCP client configuration even if the machine is re-configured with a static IP.
  It stores the information in an interface registry key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
  If you install IMS52 after this, the server will use the DNS servers configured in the DHCP configuration rather than the ones specified in the static IP config to lookup the MXs.
  So if the nameservers configured in the DHCP config are not reachable, the smtp server will systematically fail sending outbond mails.
  To avoid this, locate the DHCP interface key in the Registry and remove it.
  Remarks :
  I know that this situation is not common but it may occur in certain occasions for people like me who are making demonstrations on clients sites.
  I'm not sure it is specifically related to DHCP rather than static config. I would say that IMS uses the first interface found in the registry (in alphabetical order) even if this interface is not active...
  A good idea is to remove completely from the registry all the interfaces keys not currently used by the system.
  Hope this will help some of you.
  Best regards,
  Vincent MAZARD
  DML FRANCE

  Interesting. Thank you for the observation. Not something I have seen, either.

• IronPort ESA best practice for DNS servers?

  Hello!
  Is there a best practice for what servers should be used for the Cisco IronPort DNS servers?
  Currently when I check our configuration, we have set it to "Use these DNS servers" and the first two are our domain controllers and last two are Google DNS.
  Is there a best practice way of doing this? I'm thinking of selecting the "Use the Internet's Root DNS Servers" option as I can't really see an advantage of using internal DC's.
  Thoughts?

  Best practice is to use Internet Root DNS Servers and define specific dns servers for any domain that you need to give different answers for. Since internal mail delivery is controlled by smtproutes using internal dns servers is normally not required.
  If you must use internal dns servers I recommend servers dedicated to your Ironports and not just using servers that handle enterprise lookups as well. Ironports can place a very high load on dns servers because every outside connection results in multiple dns lookups. (forward, reverse, sbrs)
  If you don't have enough dns horsepower you are susceptible to a DOS attack either through accident or design. If the Ironports overload your internal dns servers it can impact your entire enterprise.