Csa 5.2 defining dns suffixes as home nets

Similar Messages

• How to change the DNS suffix from "home" on home h...

  Strange question:  I noticed with the DHCP lease coming from the HomeHub that there is a DNS suffix applied of "home".
  I use a VPN connection to the office and I want it to take the VPN DNS suffix which it used to do on my old router where there was no other DNS suffix.
  How can I remove this on the HomeHub?  I have looked around in the DHCP settings in advanced mode but it isn't advanced enough!
  I have got round the issue by adding the addesses on the VPN to my local hosts file, but I want a proper solution.
  Any ideas how I can get really behind the scenes on the Home Hub?

  It wasn't anything to do with the DNS suffix afterall (not that I could find where to change it).
  From looking at other posts about VPN, it was to do with the BT automatic redirecting on DNS error which is automatically enabled.
  Once I disabled the setting (can't remember the link but it is easy to find on the forum) then all my VPN addresses were working again.
  Quite why BT would automatically enable a "service" that breaks a simple thing like a VPN connection is beyond me.

• Wrt160n connection specific dns suffix

  I have a WRT160N router that has been working great until I switched to a new ISP. The router configurations stayed the same, I just switched from a DSL modem to a cable modem (Motorola SB5100). The problem is the "connection specific DNS suffix" is being appended to the computer names and returning an incorrect IP address. Internet access is working fine. It appears that the DHCP is allowing the DNS suffix from the modem to push through to the DHCP clients.
  ping home-server
  returns
  home-server.zoominternet.net    74.63.164.153
  it should return
  home-server  192.168.1.102
  C:\>ipconfig /all
  Windows IP Configuration
          Host Name . . . . . . . . . . . . : home-office
          Primary Dns Suffix  . . . . . . . :
          Node Type . . . . . . . . . . . . : Mixed
          IP Routing Enabled. . . . . . . . : No
          WINS Proxy Enabled. . . . . . . . : No
          DNS Suffix Search List. . . . . . : zoominternet.net
  Ethernet adapter Local Area Connection 5:
          Connection-specific DNS Suffix  . : zoominternet.net
          Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
  Controller (3C905C-TX Compatible)
          Physical Address. . . . . . . . . : 00-E0-81-24-xx-xx
          Dhcp Enabled. . . . . . . . . . . : Yes
          Autoconfiguration Enabled . . . . : Yes
          IP Address. . . . . . . . . . . . : 192.168.1.100
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . : 192.168.1.1
          DHCP Server . . . . . . . . . . . : 192.168.1.1
          DNS Servers . . . . . . . . . . . : 192.168.1.1
                                              24.154.1.x
                                              24.154.1.xx
          Lease Obtained. . . . . . . . . . : Sunday, April 18, 2010 7:51:00 PM
          Lease Expires . . . . . . . . . . : Sunday, April 25, 2010 6:30:00 PM
  What do I tweak to fix this?
  Thanks

  Sorry about the misleading computer name, I'm not using a server for my DHCP. I'm using the router (WRT160N) as the DHCP server. This is just a home setup with 4-6 computers networked together. I use file sharing with the computer I call "home-server".  I use RDP to connect to the other computers. Now when I try to connect to another computer with just the computer name, the remote desktop fails to find the client. If I RDP the client computer with the IP address it connects, no problem.
  Netbios over TCP/IP is enabled.
  Here's the ipconfig..
  C:\>ipconfig /all
  Windows IP Configuration
          Host Name . . . . . . . . . . . . : home-office
          Primary Dns Suffix  . . . . . . . :
          Node Type . . . . . . . . . . . . : Mixed
          IP Routing Enabled. . . . . . . . : No
          WINS Proxy Enabled. . . . . . . . : No
          DNS Suffix Search List. . . . . . : zoominternet.net
  Ethernet adapter Local Area Connection 5:
          Connection-specific DNS Suffix  . : zoominternet.net
          Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
  Controller (3C905C-TX Compatible)
          Physical Address. . . . . . . . . : 00-E0-81-24-xx-xx
          Dhcp Enabled. . . . . . . . . . . : Yes
          Autoconfiguration Enabled . . . . : Yes
          IP Address. . . . . . . . . . . . : 192.168.1.100
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . : 192.168.1.1
          DHCP Server . . . . . . . . . . . : 192.168.1.1
          DNS Servers . . . . . . . . . . . : 192.168.1.1
                                              24.154.1.6
                                              24.154.1.68
          Lease Obtained. . . . . . . . . . : Monday, April 19, 2010 4:49:17 PM
          Lease Expires . . . . . . . . . . : Monday, April 26, 2010 3:28:17 PM
  When I ping a client...
  C:\>ping mywebcam
  Pinging mywebcam.zoominternet.net [74.63.164.153] with 32 bytes of data:
  Request timed out.
  Ping statistics for 74.63.164.153:
      Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
  It should return with 192.168.1.104

• How to define 'home net.'?

  I am the owner of a Nokia E61. I have configured my WLAN that I use at home without a problem. I am able to retrieve email over this connection.
  Now I would like my E61 to automatically retrieve headers when I am at home (through the WLAN - so not when I am travelling and my WLAN is not in reach).
  So I go to 'Messaging -> Mailbox name -> Options/E-mail settings -> Automatic retrieval' and try to change 'Disabled' to 'Only in home net.'.
  Then it says 'Unable to retrieve headers. Define access point first.'
  So how do I define what is my 'home net.' access point?? I have defined my WLAN but how do I make it my 'home net.'?
  Am I missing something here??
  Thanks, Rene.

  Hi,
  To define the home network, you just need to go to the settings for the email account you want to set up. Go to Connection Settings -> Incoming messages. Set up whatever network you want to use (either wifi or whatever) in Access Point in use (when you go in there, select "user defined" first, and it will show you a list of access points defined in the device).
   I hope this helps!
  Jordi
  PS: I've followed the steps in an e65, but it should be pretty much the same.
  Message Edited by jordi_jane on 05-Apr-2009 11:46 PM

• Switching from custom DNS suffix at work to no suffix at home with Access Connections

  I have 2 profiles defined in Access Connections: (1) Home, (2) Work. 
  At work, I need to have custom DNS suffixes defined to help find certain servers, e.g., development.int and marketing.int.  Notice that the TLD is "int", meaning it only resolves using our company's internal DNS servers.  In the Work profile, I selected the Override TCP/IP settings option and entered the suffixes in the Advanced DNS Settings dialog.
  However, at home, I do not have a need for these work related private DNS suffixes, and I don't want the system to try to append these 2 suffixes to the search order. I tried the following Advanced DNS Settings: (1) Use current advanced DNS settings, (2) Use the following advanced DNS settings / Append primary and connection specific DNS suffixes.
  When I come home from work, Access Connections automatically connects to the Home profile, detecting my Home WiFi network's SSID. 
  However, when I try to login to a server at home, e.g., media_server, using PuTTY, the system tries to connect to media_server.development.int instead of *just* media_server.  I, then, need to go to the TCP/IP settings manually and remove the DNS suffixes.
  How would I configure Access Connections so that when I come home from work, it doesn't keep appending the work related custom DNS suffxes?

  Could not find what you mentioned above. 
  I can go to "Additional Settings" tab, click "Settings" next to Override TCP/IP and DNS settings, click "Add Advanced DNS Settings".
  At this point, I have 2 choices: (1) Use current settings, and (2) Use the following advanced DNS settings.
  (1) would not work, since "current" would refer to my Work setup that *already* has the DNS suffixes entered in the search order.  If I choose, (2) and just leave it at "Append primary and connection specific DNS suffixes", this DOES NOT remove the existing list of suffixes from the TCP/IP stack configuration.
  Other than going into the Windows network adapter configuration UI for TCP/IPv4 and removing the sufixes manually, there is NO other solution at this point in time.
  The other solution that you propose of using a script doesn't work in an automated way, as in using it in the "Start an application automatically" setting, since these types of operations require Admin privileges, and I get an "Access denied" error back at the console session that runs my script (pasted below for reference):
  noDNSSuffix.cmd
  ===============
  cscript "c:\Users\JohnDoe\Documents\Scripts\noDNSsuffix.vbs"
  noDNSSuffix.vbs
  ===============
  strComputer = "."
  Set objNicConfig = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2").Get("Win32_NetworkAdapterConfiguration")
  intSetSuffixes = objNicConfig.SetDNSSuffixSearchOrder([""])
  WScript.Echo VbCrLf & "intSetSuffixes: " & intSetSuffixes
  It'd be nice if I could ask Access Connections to explicitly REMOVE any DNS suffixes defined.  In doing this, it would need Admin privileges, so you may need to use something else in the ThinkVantage toolset (UACSdk.exe ?) to give it the Admin privileges WITHOUT prompting the user to click the "Yes" button.

• Csa dns suffix wildcards in system state

  Has anyone tried using a dns wildcard in the system states ? I have a customer that uses something.net as common dns, but locally they get assigned to stuff like 123.something.net. If i use *.something.net it doesn't match, *something.net is a nogo as well, how is it supposed to be used ? do i really need to find all the subdomains and add these ?

  I think dns suffix matching field in system states sets can be used for this. Following link may help you
  http://www.cisco.com/en/US/docs/security/csa/csa51/user_guide/Chap5.html#wp1008928

• DNS Suffixes

  Is statement below true ? I can't find any information relating to the
  maximum search entries you can define that is feasible, whether its
  thru GPO or connection-specific settings.
  "The DNS suffix search list can only contain a list that
  can be searched in a maximum of 12 seconds, this translates to
  around 10 entries. Anything more than that will result in failed name resolution
  unless WINS is still being used. "
  Regards,

  Do not configure DNS suffix settings through a GPO, its unreversable and nasty.  To reverse it you need to modify a registry key on every workstation, or do a ADSI Edit workaround.
  By default, the Primary DNS Suffix of a member computer of an Active Directory domain is configured to automatically change when domain membership of a computer changes, or if the DNS name of the domain to which the computer is joined changes. This automatic DNS Suffix update change is controlled by this registry key:
  HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
  REG_DWORD SyncDomainWithMembership is set to 0x1
  This is default for every Windows 2K/XP/2K3 PC.
  If you enable a Group Policy object which applies the DNS Suffix to all workstations under Computer Configuration --> Administrative Templates --> 
   Network --> DNS Client, what this does is permanently change the default behaviour by deleting the SyncDomainWithMembership registry key from all Member Computers and adding a new registry key under:
  HKLM\Software\Policies\Microsoft\System\DNSclient
  If a previous administrator has done this, you can either setup a method to re-instate this registry key on every PC in your domain, or create a workaround using ADSI Edit to configure Active Directory to accept multiple DNS suffixes.
  The work around:
  1. Open up ADSIEdit and connect to the Domain Partition.
  2. Right click on the domain root and go properties.
  3. Modify the msDS-AllowedDNSSuffixes multi-valued attribute and adding in all DNS Suffixes you have on your domain.
  Sorry I didnt answer your question directly and going off topic but I hate when Administrators configure DNS suffixes through means of GPO because it does cuases these annoying problems especially if you ever need to do a Domain Migration or Domain Rename.
  Kind Regards,
  Clint Boessen

• Windows DHCP add DNS Suffixes, Option 119

  Hi, in Windows DHCP i need to add a DNS suffix (option 119), but it seems that it only accepts values in Decimal or Hexadecimal
  If i want to add the suffixes
   'mycomp.com','comp.mycomp.com'
  I will need to convert this to decimal or Hex first..
  function Create-ValidDNSSearchListHex ($Strings){
  foreach ($String in $Strings){
  foreach ($Part in $String.split('.')){
  $R += "0x{0:X2}," -f ($Part.Length)
  $ans = ''
  [System.Text.Encoding]::ASCII.GetBytes($Part) | % { $ans += "0x{0:X2}," -f $_ }
  $R += $ans
  $R += "0x00,"
  $R.Trim(' ',',')
  Then i use the fubction to convert my strings
  $sfx =Create-ValidDNSSearchListHex  'mycomp.com','comp.mycomp.com'
  And when i try to add the option it fails
  Set-DhcpServerv4OptionValue -scopeid 10.25.55.0 -OptionId 119 -Value $sfx
  error:
  Set-DhcpServerv4OptionValue : Parameters for option value to be set for option ID 119 do not match with option definition on DHCP server DHCPserver-01.
  At line:1 char:1
  Any ideas how can i fix this?
  Thanks

  Read this including the comments.  The option is only for NON-Windows clients and does not work as defined:
  https://technet.microsoft.com/en-us/library/dd572752%28v=office.13%29.aspx?f=255&MSPPError=-2147217396
  ¯\_(ツ)_/¯

• Set Primary DNS Suffix Using Powershell

  For a Windows Server 2012 installation, what Powershell cmdlet can be used to change the Primary DNS Suffix ? I've tried using 'Set-DnsClientGlobalSetting -SuffixSearchList contoso.com' but this only alters the DNS Suffix Search List, not the primary DNS
  suffix.

  You might want to take you question to one of two forums that specialist in scripting issues.
  For PowerShell specific questions -
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell
  For general scripting questions -
  http://social.technet.microsoft.com/Forums/en-US/home?forum=ITCG
  They have a lot of really sharp scripting people in those forums.
  .:|:.:|:. tim

• Adding multiple dns suffix

  hello
  is it possible to add an ADDITIONAL dns domain suffix to my W7 and maybe some XP machines, via GPO?
  thank you

  Hi Christopher Ream,
  As the Help of this setting says,
  the value of the DNS suffixes in this setting may be set using comma-separated strings.
  As RFC 398 document says, This specification uses the Augmented Backus-Naur Form (ABNF) notation of [RFC2234],
  including the following core ABNF syntax rules defined by that specification: ALPHA (letters), CR (carriage return), DIGIT (decimal digits), DQUOTE (double quote), HEXDIG (hexadecimal digits), LF (line feed), and SP (space).  Personally speaking, space
  is a reserved character which is not recommended to be used in the domain name to avoid misunderstanding. What's more, this setting doesn't use comma+space as separated strings which can help to reduce the workload of resolving package. 
  However, these are my personal guess. Hope that helps!
  For your information, please refer to the following article to get more help:
  http://tools.ietf.org/html/rfc3986#page-11
  Regards,
  Lany Zhang

• Adding DNS suffix to VPN

  I'm trying to add a DNS suffix to a VPN that I create to a windows 2000 server. On Win XP, I bypass the default gateway and add the dns suffix xxxxx.local and things work correctly. I'm not sure how to do this on OSX.
  Any tips much appreciated

  The DNS configuration, including DNS server addresses and search domains, is pushed out from the server when the client connects.
  Therefore there should be some setting in the server that lets you define what the clients should see/use when connected. I'm not familiar with the Windows VPN server to know how to advise further.

• RVS4000 DNS Suffix - How to change?

  I installed an RVS4000 router in my home network. When i try to ping a machine by name it resolves to some funky ip address not on my network. I noticed that my machines are now named MACHINENAME.RVS4000. the RVS4000 domain actually resolves to some IP. how do i go about changing this for my network?
  thanks
  GK

  It wasn't anything to do with the DNS suffix afterall (not that I could find where to change it).
  From looking at other posts about VPN, it was to do with the BT automatic redirecting on DNS error which is automatically enabled.
  Once I disabled the setting (can't remember the link but it is easy to find on the forum) then all my VPN addresses were working again.
  Quite why BT would automatically enable a "service" that breaks a simple thing like a VPN connection is beyond me.

• Setting the DNS Suffix in Windows-2000:

  This is a solution for the frequent problem that arises during installation of iPlanet Application Server on Windows-2000 platform.
  <b>Problem:</b> After installation completes, the installation directory remains empty, there is no entry of iAS in "Windows start menu". It doesn't install anything.
  <b>Remedy:</b> Set the DNS Suffix.
  <b>Procedure:</b>
  Right click on <b>My computer</b> (icon on desktop or in windows-explorer), then click on properties, go to <b>Network identification</b> Tab, Click on properties, then click the more button, set the <b>Primary DNS suffix</b> (like india.sun.com), and also check the <b>Change Primary DNS suffix when domain membership change</b> check box, click all Ok buttons.
  <b>Note:</b>
  1. Make sure that it is added to the windows registry:
  Just run regedit and click on the <b>My Computer\HKEY_LOCAL_MACHINE\SYSTEM \ControlSet001\Services \Tcpip\Parameters</b> key, you will see the <b>Domain</b> key value set to your domainname, otherwise enter the domain name into this key value, and than <b>reboot the m/c</b>, and than reinstall the iAS. It should work.
  2. Make sure you are using static IP address.

  Thanks Sanjeev Agarwal

• ASA Remote Access VPN Clients - Multiple DNS Suffixes?

  Hi community!
  I am setting up a new remote access VPN using the traditional IPSec client via ASA 5515-X runnning OS 8.6.1(5).
  We require to provide each client multiple DNS suffixes, but are only to provide a single DNS suffix in the grouip policy.
  I have tested using an external DHCP server, but using our Windows Server 2008 infrastructure and Option 119 the list is not provided to clients, and I have read that Windows 7 clietns may ignore this option anyway.
  Other than umanually configuring the clients , does anybody have any other suggestions on how we may get this to work?
  Full marks for helpful posts!
  Kind regards, Ash.

  Hi
  I am looking into the same issue, and I am finding conflicting documentation about this and wondered if you got the answers you were looking for.
  I have a remote access requirement for users from separate AD's to authenticate through an ASA.
  I was reading about Global Catalogue Server but this is not specifically what I want; and also creating a new AAA server group but the user would need to accept which group to use when they log in
  Regards

• Apache/Portal working with 2 dns suffixes

  I have 2 different DNSs on the network which currently access the intranet. One has the DNS suffix .name.org the other .name.local. How do I get Apache to work with both and for the login server, etc. to work with both? You can't just enter hostname:port for the login server, and seems to require the full DNS name (suffix included), which can change depending on which DNS the user is using.

  http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/portal.902/a90852/cgmidfw.htm#1013010
  might help.
  I have 2 different DNSs on the network which currently access the intranet. One has the DNS suffix .name.org the other .name.local. How do I get Apache to work with both and for the login server, etc. to work with both? You can't just enter hostname:port for the login server, and seems to require the full DNS name (suffix included), which can change depending on which DNS the user is using.