#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
Hi,
This is my first post here.
My exchange server of late is facing a peculiar problem. I get the error message that I have posted below when sending mails to any outside domain. However when I restart the server the mails can be resend to the address without any issue. After a certain
time again the issue pops up upon which I am forced to restart the server again. I am running 2007 Exchange on Windows 2003.
Generating server: name.mydomain.com
[email protected]
#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
[email protected]
#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
Original message headers:
Received: from name.mydomain.com ([1xx.xxx.xxx.xx5]) by MHDMAILS.mouwasat.com
([1xx.xxx.xxx.xx5]) with mapi; Wed, 19 Oct 2011 08:56:29 +0300
From: <[email protected]>
To: <[email protected]>
CC: "Al Alami,Tareq" <[email protected]>
Date: Wed, 19 Oct 2011 08:56:27 +0300
Subject: RE:
Thread-Topic:
Thread-Index: AcyAQ5tu8z9CvBfdT5+1pcGQkk6x0AIuwczAAAGZjeABQyW5sAADeeJQAAETNDA=
Message-ID: <[email protected]>
References: <[email protected]com>
<[email protected]com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
boundary="_004_EEC8FA6B3B286A4E90D709FECDF51AA06C0588CA11namedomain_";
type="multipart/alternative"
MIME-Version: 1.0
On Sun, 23 Oct 2011 15:05:15 +0000, Jobin Jacob wrote:
>
>
>Even af
>
>ter removing my domain from the send connector I continue to receive the error. I would like to say I do have a firewall, Cyberoam. However, it was the same configuration till now in the firewall. I did try Mx lookup and found the following.
>
>Could there be any other solution to this issue ?
Sure, but it's necessary to ask a lot of questions since none of us
know how your organization is set up.
I see you also have "Use the External DNS Lookup settings on the
transport server" box checked. How have you configured the "External
DNS Lookups" on the HT server's property page? Is there any good
reason why you aren't just using your internal DNS servers? If the
internal DNS servers are configured to resolve (or forward) queries
for "external" domains then there's no reason to use that checkbox. In
most cases checking that box is a mistake.
http://technet.microsoft.com/en-us/library/aa997166(EXCHG.80).aspx
The behavior you describe (it works for a while and then fails;
restarting the server returns it to a working state) sure sounds like
some sort of DNS problem.
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Similar Messages
-
I have an Exchange 2010 server with SP3. It's otherwise running fine (as fine as Exchange is). We are in the midst of a migration to "hosted" Exchange (Office365).
I'm suddenly getting this error sending MAPI to Yahoo. MXTools says Yahoo's MX records are fine.
I ran th get-transport comandlet and get this message:
ClearCategories : True
ConuertDisclainerrIrapperToEnl : False
DßNConuersionMode : UseExchangeflSNs
ExternalDelayDsnEnabled : True
ExternalflsnDefaultLanguage :
ExternalDsnLanguageDetectionEnabled : True
ExternalDsnMaxMessageAttachSize : 10 MB (10.485.760 bytes)
ExternalDsnfleportingAuthority :
ExternalDsnSendHtnl : True
ExternalPostnasterAddress :
CenerateCopyOfDSNFor : <5.4.8. 5.4.6. 5.4.4. 5.2.4. 5.2.0. 5_1_4)
HygieneSuite : Standard
InternalflelayflsnEnabled : True
InternalDsnDefaultLanguage :
InternalDsnLanguageDetectionEnabled : True
InternalDsnMaxMessageAttachSize : 10 MU (10,405,760 bytes)
InternalDsnReportingAuthority :
InternalDsnSendHtnl : True
InternalSMTPSeruers : <)
JournalingfleportHdrTo : <>
LegacyJournalingMigrationEnabled : False
MaxDunpsterSizePerDatabase : 20 MU (20.971.520 bytes)
MaxDunpsterTine : 7.00:00:00
MaxfleceiveSize : 40 MU (41.943,040 bytes)
MaxflecipientEnuelopeLinit : 1000
MaxSendSize : 40 MU (41.943.040 bytes)
MigrationEnabled : False
OpenDonainfloutingEnabled : False
Pfc223lEncodingEnabled : False
ShadowHeartbeatfletryCount : 12
ShadowHeartbeatTineoutlnterual : 00:15:00
ShadowMessageAutoDiscardlnterual : 2.00:00:00
ShadowRedundancyEnabled : True
SuperuisionTags : <Reject. Allow)
TLSReceiueDonainSecureList : <)
TLSSendDonainSecureList : <)
UerifySecureSubnitEnabled : False
UoicenailJournalingEnabled : True
HeaderPronotionModeSetting : NoCreate
Xexch5øEnabled : True
I am the Exchange Admin by default, so I appreciate any advice anyone gives.
Thanks in advance.
[email protected]Hi,
I recommend that you create a dedicated send connector for Yahoo and smarthost the mails to MX IP address of Yahoo. And then check if the issue persist.
Thanks.
Niko Cheng
TechNet Community Support -
While running dcdiag /test:dns getting Warning: The AAAA record for this DC was not found
DCDIAG /test:dns result is pested here.
C:\Users\administrator.SUD>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MUM-ADS-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: Connectivity
......................... MUM-ADS-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MUM-ADS-01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sud
Running enterprise tests on : sud.in
Starting test: DNS
Test results for domain controllers:
DC: MUM-ADS-01.sud.in
Domain: sud.in
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: sud-ad.sud.in. IP:<Unavailable>
[Missing glue A record]
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Warning:
Missing AAAA record at DNS server 10.1.6.132:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.132:
gc._msdcs.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
gc._msdcs.sud.in
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: sud.in
MUM-ADS-01 PASS WARN FAIL FAIL PASS WARN n/a
......................... sud.in failed test DNSHi Meinolf,
Please find the IP Details as well as DNS test results.
C:\Users\Administrator.SCI>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MDCDCDNS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: Connectivity
......................... MDCDCDNS passed test Connectivity
Doing primary tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
......................... MDCDCDNS passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sci
Running enterprise tests on : sci.com
Starting test: DNS
Test results for domain controllers:
DC: MDCDCDNS.sci.com
Domain: sci.com
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000009] Microsoft Virtual Network Switch Adapter:
Warning:
Missing AAAA record at DNS server 10.64.7.32:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.32:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
gc._msdcs.sci.com
Warning: Record Registrations not found in some network adapters
MDCDCDNS PASS WARN PASS PASS PASS WARN n/a
......................... sci.com passed test DNS
C:\Users\Administrator.SCI>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MDCDCDNS
Primary Dns Suffix . . . . . . . : sci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sci.com
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : External Internal Virtual Network
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.64.7.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.64.7.1
DNS Servers . . . . . . . . . . . : 10.64.7.32
10.64.7.35
10.20.33.72
10.20.33.71
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TEAM : Team #1
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.105.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2D5A4A27-298F-48E5-A376-EA886EF1E
42A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{14FA7CD4-8B69-4C86-A58B-056793B7D
901}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please check and revert back for any queries..
Thanks...
Deva Self-trust is the first secret of success. -
Recommended DNS zone replication scope for single domain environment
Hi, in my company we have domain/forest functional level Windows Server 2008 R2 - there is only one domain. AD DS is installed on 5 servers -
AD integrated DNS zone is used.
I noticed today that on both forward lookup DNS zones, _msdcs.internaldomain.com
& internaldomain.com, zone replication scope was set to
All DNS servers in this domain and also for one reverse lookup zone. I changed this setting for all these zones to
All domain controllers in this domain but later (10-15 mins at most) I reverted these settings back to
All DNS servers in this domain.
Which zone replication scope for mentioned zones is recommended keeping in mind this is single domain environment? Also could I do any harm to DNS and AD in all when I changed zone replication scope and later reverting it back for these zones? How to check
that dns related informations (zones) are located where they should be in Active Directory and that there is no any garbage in other locations (partitions) in AD database.Hi,
All DNS servers in this domain : Replicates zone data to all Windows Server 2003 and Windows Server 2008 domain controllers running the DNS Server service in the Active Directory domain. This option replicates zone data
to the DomainDNSZone partition. It is the default setting for DNS zone replication in Windows Server 2003 and Windows Server 2008.
http://technet.microsoft.com/en-us/library/cc772101.aspx
Hope this helps.
Regards.
If you have any feedback on our support, please click
here
Vivian Wang -
How to create a DNS record for a domain itself (without a hostname)
Hi,
Normally, you can create a DNS record that points to the zone itself, e.g.:
@ 10800 IN A 196.197.200.201
How do you accomplish that on a Mac OSX Lion Server? The DNS requires you to enter a hostname and it does not accept "@" as the hostname as it normally appears in the zone file.
(manually modifying the host file does not work - I tried that ;-) )
Any help is appreciated
Thanks
Bjoern DirchsenCreate either a blank record with a ., or a FQDN such as 'domain.com.' (note the trailing dot). Either of these should map to the domain name.
-
Trying to configure BIND in Snow Leopard Server so I can migrate current DNS to an XServe. My goal is to be able to use Server Admin for as much as possible, but I know this won't be entirely possible in my setup (wildcards, bizarre reverse delegation limit my options here). I've used generic names here on purpose, but yes, I do know what I am doing.
Currently, I'm trying to create an A record for a domain so that I users will hit my website whether they enter domain.com or www.domain.com. I have the following entry to my domain in SA:
+domain.com. Machine 1.2.3.4+
I verified that this entry was correct in the zone file itself. Indeed, I found the following entry in the appropriate zone file:
+domain.com. IN A 1.2.3.4+
However, when I attempt to query the server using dig, I do not get an answer:
dig a domain.com @server.domain.com
; <<>> DiG 9.6.0-APPLE-P2 <<>> a domain.com @server.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;domain.com. IN A
;; AUTHORITY SECTION:
domain.com. 10800 IN SOA server.domain.com. admin.domain.com. 2010070702 86400 3600 604800 345600
;; Query time: 10 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Fri Jul 9 06:02:13 2010
;; MSG SIZE rcvd: 95
What am I missing here?Be aware that this is not a production server yet, and I acknowledge that this isn't fully kosher yet. I am just testing the config to see if it will work.
Server is 206.123.100.18. Zone is a3dtech.com. Zone file:
;GUID=4EAE5E10-15F4-457B-8CAC-D9702FB1E186
;selfResolvingHostname=0
$TTL 10800
a3dtech.com. IN SOA ns1.a3dauto.com. admin.a3dauto.com. (
2010070901 ;Serial
86400 ;Refresh
3600 ;Retry
604800 ;Expire
345600 ;Negative caching TTL
a3dtech.com. IN NS ns1.a3dauto.com.
a3dtech.com. IN NS ns2.a3dauto.com.
* IN A 206.123.100.18
a3dtech.com. IN A 206.123.100.18
mail IN CNAME mail.a3dauto.com.
svn IN CNAME daniel.a3dauto.com.
a3dtech.com. IN MX 10 mail.a3dauto.com. -
DNS - external DNS internal - Domainname?
Hello, I have the following problem:
Private IP network (192.168.0.0) behind router, which has a fixed external IP and an ADSL connection.
The Leo server on the internal network has a fixed IP: 192.168.0.20.
The Domain Name "firma.com" is hosted on a external provider, there is also a external web server running, which can be and should be accessible under "firma.com" and "www.firma.com".
I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20".
The Mailxchange (MX) record also redirects on "intranet.firma.com."
And now the DNS server on the Leo-server? Which are the correct entries?
IP address: 192.168.0.20
subnet mask: 255.255.255.0
router : 192.168.0.1
Primary DNS: 192.168.0.20
DNS Secondary: I 192.168.0.1
Which has to be primary zone name: "firma.com" or "intranet.firma.com"? I mean, can there be "firma.com", when there is a external webserver which needs that name?
When I use "firma.com" for the Leo DNS and the server’s name is "intranet ", the it resolves to the internal server very well. But how can I get my externally hosted web "firma.com" or "www.firma.com", if I DNS server "firma.com" as the primary zone there? Which is the right configuration that I can send mails internal, external and from external? And use the external webserver as is?
Thank you
WilliFirst using a 192.168.0.0/24 or 192.168.1.0/24 network on your LAN is a bad thing if you are going to use VPN later.
"I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20". "
You can use this if you want but you probably don't want the mail to require a an address like:
<user/mailaccount-name>@intranet.firma.com do you? The MX pointer can use firma.com with an address of intranet.firma.com:
firma.com MX 10 intranet.firma.com
You could also look at intranet(.firma.com) as a hostname instead of a subdomain.
(Maybe you should use an other domainname internally: firma.private or firma.internal)
If you want to use the same domainname (firma.com) internally setup "all" the public names/IPs in the internal DNS and use only the server (private IP) DNS (with forwarders to your ISP DNS IPs) not the router DNS proxy for all internal machines.
If you want to run an intranet webserver why not call it intranet.firma.com and the public one keeps it's name www.firma.com. -
DNS Host(A) records disappear after a while
Hi all,
a few weeks ago we started to change the TCP/IP configuration of our printers from "static" to DHCP with reservations. The DHCP server is configured to register forward Host(A) and reverse PTR record on DNS on behalf of (all) clients, both are W2K3 with SP2.
This works well for all our Toshiba printers/copiers and most of our HP printers. However, on a handful of HP printers the Host(A) record in the DNS zone get lost / disappeard after some time, leading into a non working name resolution. But only the Host(A) record, the reverse PTR record is still there. Currently we have this issue with Business InkJet 2800 attached via a JetDirect J3258G to our network.
In the past we noticed, that on another printer the Host(A) record re-appears after some hours, only to disappear after a while again. These intervals last some hours up to one day, but seem to follow no period or schedule, like DHCP lease time, DNS scavening etc.
I have intentionally not "listed" all the technical details in this first post. However, if you need specific details I will be happy to share them.
Any hint or comment is appreciated
regardsThis is by design.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/afd3c338-1706-4898-b269-550c018073c0/dns-entry-for-dc-not-dynamically-updating-server-2008-r2?forum=winserverDS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed97a286-d884-43d6-87e2-5cd5e59cfe9a/windows-2008-r2-domain-controllers-and-static-dns-entries?forum=winserverNIS
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
I have a domain name(domain.com) DNS hosted at my ISP. I also have 3 sub domains DNS hosted at the same ISP pointing to various external ip addresses (mail.domain.com, vpn.domain.com and ts.domain.com). We want to set up sales.domain.com to point to an
internal 10. IP address. We have AD integrated DNS servers for our 2003 AD domain. The AD domain name is totally different than the hosted domain name in question. I currently edit the host file for a couple of PC's but this isnt practical company wide so
I want to add entries on our internal AD DNS servers to resolve the locally hosted site. If i recall, someone once told me that you cannot just put an A record for one sub domain, I would have to have entries on my 2003 DNS server to resolve anything related
to the domain.com name. Is this accurate? If so, what is the proper way to configure my 2003 AD DNS server to resolve anything domain.com related for my internal users while still allowing my ISP to do the DNS lookup for the internet.On my 2003 AD integrated DNS server...i rightclick forward lookup zone and choose...new zone..primary zone (store zone in AD checkbox checked)..i chose to all DNS servers in the AD domain for replication...zone name sales.domain.com....allow secure updates
option....then i added an A record in that zone...sales.domain.com..pointed that towards my internal 10. IP address...is this correct? It seems to be working correctly for the sales.domain.com DNS record...and i tested the other sub domains...and those look
like they are going to my ISP for DNS resolution...
Is this the correct procedure? I did this on a test AD domain and not my production...i want to make sure i dont break everything under the domain.com by incorrectly adding 1 sub domain.. -
DNS/LDAP Issue for Trusted Domain
Hi
I'm trying to configure Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
Contact LDAP Server".
I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
When I check the log ADForestDisc.log I get this error message:
"Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
I have setup Conditional Forwarders in DNS in both domains.
I have also read other forums about this issue and should have the answer:
"This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
"The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
We are using Windows AD integrated DNS in both domains.
I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
Thanks in advanceHi
Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
I don't Think this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically? -
DNS Settings for multiple domains internal and external.
First forgive me if my post is in the wrong area. If it is, kindly show me to the right location..
OK, here is the deal. I have an xserve running 10.5.6 perfectly. 5 Domains running on it as well perfectly fine. lets call them domain1, domain2, etc...
I run web services and mail services for all 5 domains. but heres the problem...
I want to add another domain "domain6" but I only run the web services not mail. how can I set this up? I tried to add another Zone and only set up the www.domain6.com part but then no mail works as there is no mx record available.
I am behind a firewall. when I am on a local machine and there is no domain6 DNS entry the mail works as the address to the external mail server is correct. but no local web works because I am getting the external IP to the www server. I need to keep traffic on the LAN.
BEGIN Basic Question *
I want to add another domain that I own but only the A record for the WWW part. How do I add a single entry for www.domain6.com but for everything else like MX records forward outside my network.
END Basic Question *
Help Please... Thanks! BillOk that worked. but let me clue you in on something that was happening...
When I set up the domain6 then set up the ns record went on to create the www, mail1, anad mail2 entries when I went to save it addded domain6 to the end of the nameserver host name and both mail MX entries. That was my problem I just didnt see it the first time. I then edited the mail entries and removed the "domain6.com" and left the real mx host names and all is working now. Thanks for helping me. -
I am trying to figure out the proper configuration for DNS that will support multiple domains. I have DSN working now for just one domain.
My XServe has a static IP connected directly to cable modem and is the master nameserver. I also have an Ubuntu server with static IP connected directly to cable modem that is the secondary (slave) nameserver.
On the XServe, I currently have a primary zone created for domain1.com. with:
* an A record for domain.com. (Fully Qualified) and the same static IP as the XServe
* an A record for ns1 (not fully qualified) and the same static IP as the XServe
* Aliases for ftp, www and mail (not fully qualified) mapped to destination ns1.domain1.com. (Fully Qualified)
Nameservers under the Primary Zone is ns1.domain1.com. and Mail Exchangers is ns1.domain1.com. with a priority of 10.
The reverse zone is getting created appropriately for me as far as I can tell. I am able to access www.domain1.com just fine as well as mail and ftp.
Now I want to add a new domain2.com to this master nameserver. I know that I will need a new Primary Zone for domain2.com. to be recognized and to setup it's aliases?
Can I use the same static IP or do I have to have a unique static IP?
Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
Does domain2.com have it's own A records?
Does the mail exchangers need to be different for domain2.com?
It seems like all the documentation and information that I can find are just for configuring one domain and not so much for multiple domains. Any help would be greatly appreciated.
Spotted DogDon't think of subsequent domains as being any different from the first domain.
For every domain you need to provide certain information, including a list of the hostnames within that domain. There is no relationship between 'www' in domain1.com and 'www' in domain2.com (unless you point them to the same address, but that's a different issue).
Any host record in the zone can either be an A record (where you specify an IP address) or a CNAME (where you specify another hostname that it maps to).
In the case of your web server handling both domains you could set 'www.domain2.com' as an A record with the appropriate IP address, or you could set it as a CNAME with a value of 'www.domain1.com.' (essentially saying 'www.domain2.com has the same IP address of www.domain1.com, so go find that address').
It's also possible to use cross-domain records for things like name servers and mail servers - in other words you can set your MX record for domain2.com to mail.domain1.com (essentially saying that domain2.com's email is handled by mail.domain1.com).
Can I use the same static IP or do I have to have a unique static IP?
That's not a question for DNS. What you're defining are the hostnames in that domain. If you have one server (e.g. a web server) that can handle multiple domains (e.g. one apache server handling web traffic for both domain1.com and domain2.com) then, sure, you can use the same IP address for both.
If, on the other hand, you have specific services that cannot be multi-hosted (e.g. HTTPS) then you will need different IP addresses.
Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
Sure, it's entirely possible to use domain1.com's name servers for domain2.com.
Does domain2.com have it's own A records?
It can do, or not, as you choose. If you're running www.domain2.com on the same server as www.domain1.com then you could use a CNAME record to point www.domain2.com to www.domain1.com.,or you could set an A record with the same IP address.
The result would be the same, but the CNAME has the advantage that if your IP address changes you only need to change your DNS in one place (www.domain1.com) and all the other addresses would automatically follow.
Does the mail exchangers need to be different for domain2.com?
Not at all, if your mail server is configured to handle mail for both domains it's entirely possible to specify mail.domain1.com as the MX record for domain2.com. -
DNS / DHCP Issues in Server 2008R2 Domain
Hi folks,
We’ve been having an ongoing issue for a while now in that some PCs and laptops (Win 7) in our company can’t be contacted by hostname i.e. if we try and RDP from one Windows 7 PC to another the RDP session fails as if the PC isn’t turned on, but it
is indeed turned on and connected to the network.
Even if we ping the host name of a particular computer that is on it fails to reply but if I go into DHCP I can find the hostname bit it has a different IP address assigned to it other than what is listed in DNS for that host name.
So for some reason when some computers get switched on and be allocated a new dynamic IP address through DHCP the corresponding record in DNS doesn’t seem to get updated meaning we need to go into DNS and manually amend the Host A record with the new
IP address that it has been given so we can RDP onto that computer using the hostname.
At present aging and scavenging isn’t enabled in our environment as we are afraid to in case it removes live DNS entries that just haven’t been turned on in a wee while. Does aging and scavenging just ignore static DNS entires and does aging and
scavenging work in DHCP as well?
One other thing I noticed is that if I delete an incorrect DNS Host A record and create it manually and assign the hostname and the correct IP address it says static rather than having a timestamp on it. When I create the new record I always click on our
domain in the Forward Lookup Zone and on creation I always select Create the associated pointer (PTR) record so not sure why the manual record doesn’t get a time stand.
So any help/advice or suggestions would be greatly appreciated.
Thanks,
BonemisterHi David,
Thanks for your reply and for clarifying those things for me. Unfortunately in my workplace when I add a manual DNS Host A record it does become a static entry and doesn't have the '0'
you mention, do you have any idea why that would be as I'm worried about it affecting things if I were to enable aging and scavenging.
Is it possible to just enable aging and have it remove entries before a time of my choosing or does scavenging need to be enabled also?
I still can't understand why the relationship between DHCP and DNS isn't working correctly. Sure if DNS has an A record for a computer and the IP address changes via DHCP there is bound to be
a way to setup DNS to be able to update the records it holds - do you know if my reading of this is correct.
By the way, I can confirm that my adapters TCP/IP DNS settings are the same on of the PCs that had the DNS fault as in your screenshot the only different is we have the tick in Append parent suffixes... - would that make a difference.
Thanks also for that other link, it seems very interesting and I'll have a good read through it carefully before doing anything!!
Thanks again for you reply and I look forward to seeing any responses.
Regards,
Bonemister -
DNS Scavenging - Which Record are scavenged?
I am about to enable scavenging in a domain that has never had scavenging enabled properly. There are hundreds of records with old time stamps. We have done our due diligence in researching records to disable deleting the old record if it has
an old time stamp. Previous admin's would let a server grab a DHCP server and then static IP the DHCP address.
I know that Event ID 2501 will give me a summary of how many records were scavenged. I seem to remember that (its been a while since I have been in a mess like this), there is a way to get a list/log of the records that were scavenged. I hope
we have all the records set, but I the first scavenging period may be painful.
Is there a way to get a list of each record that was scavenged?You might want to setup DHCP credentials and add the DHCP server to the DnsUpdateProxy group. This way it will update the IP of the host instead of creating another one.
And you really don't want to go below 24 hours with a lease, because technically scavenging is in multiple of days. And you must set the scavenging NOREFRESH and REFRESH values
combined to be equal or greater than the DHCP Lease length.
DHCP DNS Update summary:
- Configure DHCP Credentials.
The credentials only need to be a plain-Jane, non-administrator, user account.
But give it a really strong password.
- Set DHCP to update everything, whether the clients can or cannot.
- Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
- Add the DHCP server(s) computer account to the Active Directory, Built-In DnsUpdateProxy security group.
Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group.
For example, some folks believe that the DNS servers or other DCs not be
running DHCP should be in it.
They must be removed or it won't work.
Make sure that NO user accounts are in that group, either.
(I hope that's crystal clear - you would be surprised how many
will respond asking if the DHCP credentials should be in this group.)
- On Windows 2008 R2 or newer, DISABLE Name Protection.
- If DHCP is co-located on a Windows 2008 R2, Windows 2012, Windows 2012 R2,
or NEWER DC, you can and must secure the DnsUpdateProxy group by running
the following command:
dnscmd /config /OpenAclOnProxyUpdates 0
- Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway.
- Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
More info:
This blog covers the following:
DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM 3758 2
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
I also recommend reviewing the discussion in the link below:
Technet thread: "DNS Scavenging "
https://social.technet.microsoft.com/Forums/windowsserver/en-US/334973fd-52b4-49fc-b1d8-9403a9481392/dns-scavenging
Some other things to keep in mind with registration and ownership to help eliminate duplicate DNS host records registered by DHCP:
=====================================================
1. By default, Windows 2000 and newer statically configured machines will
register their own A record (hostname) and PTR (reverse entry) into DNS.
2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
(reverse entry) record.
3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
Note: "This is a modified configuration supported for DHCP servers
running Windows Server 2008 and DHCP clients. In this mode,
the DHCP server always performs updates of the client's FQDN,
leased IP address information, and both its host (A) and
pointer (PTR) resource records, regardless of whether the
client has requested to perform its own updates."
Quoted from, and more info on this, see:
http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
4. The entity that registers the record in DNS, owns the record.
Note "With secure dynamic update, only the computers and users you specify
in an ACL can create or modify dnsNode objects within the zone.
By default, the ACL gives Create permission to all members of the
Authenticated User group, the group of all authenticated computers
and users in an Active Directory forest. This means that any
authenticated user or computer can create a new object in the zone.
Also by default, the creator owns the new object and is given full control of it."
Quoted from, and more info on this:
http://technet.microsoft.com/en-us/library/cc961412.aspx
=====================================================
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Creating a DNS Record for a Host with Two or More IP???
Can we create DNS A Record for a Host with Two or More IP ... ( we like to use my website "mysite.com" pointing to two Ips )
Please help...Sure, no worries.
In a production environment DNS will query always the first record it will stores in cache, you need to find a dynamic or NLB way to achieve the automatic fail over else when you will have an outage with the first IP, then you need to ask your clients to
clear the cache and register to DNS again, this i will not suggest in a production environment, lots of manual efforts and doesnt sound like a solution in a production environment, i would suggest you to explore windows NLB, it's easy to set and use the OS
license.
Thanks
Inderjit
Maybe you are looking for
-
Installation of Solaris 10 on T1000
Hi all, i have installed solaris 10 5/08 on T1000. I am using Xmanager to get display. Still i am unable to get display on this hardware. Please is there any configuration that needs to be done. Thanks, Sailesh
-
On win2000, non-standard keys generate a keyevent (keypress,type, reelase) with a Keycode=0. Our application has ~ 160 keys. The KeyCodes are seen by Windows, also seen by MS's VM (jview), but the SUN JVM sets the KeyCode to 0 and there is no way for
-
Hello. And before I get to the main point: I'm new to the forum, and have just drafted an entire message, gone to 'preview', found a couple of things to edit, and been unable to get back to my text in editable form, and have lost the whole message in
-
Hp expresscard tv tuner won't work on windows 8.1
Since upgrading my pavillion dv2815nr laptop from vista to 8.1 my analog/digital tv tuner will not work. Any suggestions for a fix?
-
Locked of iPod Touch and cannot access on computer.
I have an early version of the iPod touch, right after the speakers were added, and I'm permanently locked out. It says connect to itunes and when I do, the computer (which is not the computer it was originally used on) says it can't access the iPod