DNS: A record for domain?
Trying to configure BIND in Snow Leopard Server so I can migrate current DNS to an XServe. My goal is to be able to use Server Admin for as much as possible, but I know this won't be entirely possible in my setup (wildcards, bizarre reverse delegation limit my options here). I've used generic names here on purpose, but yes, I do know what I am doing.
Currently, I'm trying to create an A record for a domain so that I users will hit my website whether they enter domain.com or www.domain.com. I have the following entry to my domain in SA:
+domain.com. Machine 1.2.3.4+
I verified that this entry was correct in the zone file itself. Indeed, I found the following entry in the appropriate zone file:
+domain.com. IN A 1.2.3.4+
However, when I attempt to query the server using dig, I do not get an answer:
dig a domain.com @server.domain.com
; <<>> DiG 9.6.0-APPLE-P2 <<>> a domain.com @server.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;domain.com. IN A
;; AUTHORITY SECTION:
domain.com. 10800 IN SOA server.domain.com. admin.domain.com. 2010070702 86400 3600 604800 345600
;; Query time: 10 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Fri Jul 9 06:02:13 2010
;; MSG SIZE rcvd: 95
What am I missing here?
Be aware that this is not a production server yet, and I acknowledge that this isn't fully kosher yet. I am just testing the config to see if it will work.
Server is 206.123.100.18. Zone is a3dtech.com. Zone file:
;GUID=4EAE5E10-15F4-457B-8CAC-D9702FB1E186
;selfResolvingHostname=0
$TTL 10800
a3dtech.com. IN SOA ns1.a3dauto.com. admin.a3dauto.com. (
2010070901 ;Serial
86400 ;Refresh
3600 ;Retry
604800 ;Expire
345600 ;Negative caching TTL
a3dtech.com. IN NS ns1.a3dauto.com.
a3dtech.com. IN NS ns2.a3dauto.com.
* IN A 206.123.100.18
a3dtech.com. IN A 206.123.100.18
mail IN CNAME mail.a3dauto.com.
svn IN CNAME daniel.a3dauto.com.
a3dtech.com. IN MX 10 mail.a3dauto.com.
Similar Messages
-
The spf record for Microsoft has a “ ~ALL “. What does this do and how do we make use of the same for our domain names?
NSLOOKUP Output for Microsoft.com:
> server 4.2.2.1
Default Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1
> set type=ANY
> microsoft.com
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1
Non-authoritative answer:
microsoft.com text =
"v=spf1 mx include:_spf-a.microsoft.com include:_spf-b.microsoft.com inc
lude:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com ~all"
microsoft.com
primary name server = dns.cp.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2007053102
refresh = 300 (5 mins)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com internet address = 207.46.232.182
microsoft.com internet address = 207.46.197.32
microsoft.com nameserver = ns4.msft.net
microsoft.com nameserver = ns5.msft.net
microsoft.com nameserver = ns1.msft.net
microsoft.com nameserver = ns2.msft.net
microsoft.com nameserver = ns3.msft.net
==
Thanks,Mechanisms are prefixed with qualifiers:
"+" Pass
"-" Fail
"~" SoftFail
"?" Neutral
Mechanisms are evaluated in order and when no matche, the default will be "Neutral".
If there is no SPF for a domain, the result is "None". If a domain has a temp error during DNS processing, you get the result "TempError" (called "error" in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized
mechanism) the result is "PermError" (formerly "unknown").
Evaluation of an SPF record can return any of these results:
Pass -The SPF record designates the host to be allowed to send accept
Fail -The SPF record has designated the host as NOT being allowed to send reject
SoftFail - The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
Neutral - The SPF record specifies explicitly that nothing can be said about validity accept
None - The domain does not have an SPF record or the SPF record does not evaluate to a result accept
PermError - A permanent error has occured (eg. badly formatted SPF record) unspecified
TempError - A transient error has occured accept or reject
Marcus @ www.wormy.com -
While running dcdiag /test:dns getting Warning: The AAAA record for this DC was not found
DCDIAG /test:dns result is pested here.
C:\Users\administrator.SUD>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MUM-ADS-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: Connectivity
......................... MUM-ADS-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MUM-ADS-01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sud
Running enterprise tests on : sud.in
Starting test: DNS
Test results for domain controllers:
DC: MUM-ADS-01.sud.in
Domain: sud.in
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: sud-ad.sud.in. IP:<Unavailable>
[Missing glue A record]
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Warning:
Missing AAAA record at DNS server 10.1.6.132:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.132:
gc._msdcs.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
gc._msdcs.sud.in
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: sud.in
MUM-ADS-01 PASS WARN FAIL FAIL PASS WARN n/a
......................... sud.in failed test DNSHi Meinolf,
Please find the IP Details as well as DNS test results.
C:\Users\Administrator.SCI>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MDCDCDNS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: Connectivity
......................... MDCDCDNS passed test Connectivity
Doing primary tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
......................... MDCDCDNS passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sci
Running enterprise tests on : sci.com
Starting test: DNS
Test results for domain controllers:
DC: MDCDCDNS.sci.com
Domain: sci.com
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000009] Microsoft Virtual Network Switch Adapter:
Warning:
Missing AAAA record at DNS server 10.64.7.32:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.32:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
gc._msdcs.sci.com
Warning: Record Registrations not found in some network adapters
MDCDCDNS PASS WARN PASS PASS PASS WARN n/a
......................... sci.com passed test DNS
C:\Users\Administrator.SCI>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MDCDCDNS
Primary Dns Suffix . . . . . . . : sci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sci.com
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : External Internal Virtual Network
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.64.7.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.64.7.1
DNS Servers . . . . . . . . . . . : 10.64.7.32
10.64.7.35
10.20.33.72
10.20.33.71
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TEAM : Team #1
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.105.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2D5A4A27-298F-48E5-A376-EA886EF1E
42A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{14FA7CD4-8B69-4C86-A58B-056793B7D
901}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please check and revert back for any queries..
Thanks...
Deva Self-trust is the first secret of success. -
Creating a DNS Record for a Host with Two or More IP???
Can we create DNS A Record for a Host with Two or More IP ... ( we like to use my website "mysite.com" pointing to two Ips )
Please help...Sure, no worries.
In a production environment DNS will query always the first record it will stores in cache, you need to find a dynamic or NLB way to achieve the automatic fail over else when you will have an outage with the first IP, then you need to ask your clients to
clear the cache and register to DNS again, this i will not suggest in a production environment, lots of manual efforts and doesnt sound like a solution in a production environment, i would suggest you to explore windows NLB, it's easy to set and use the OS
license.
Thanks
Inderjit -
DNS is waiting for AD to signal the initial replication has completed
Hello,
First off, thank you for your help in advanced. Any help you can offer would be appreciated, and let me know if there's more information you need
me to provide, or utilities to run.
I have just joined a Server 2012 R2 DC to my Server 2008 R2 domain. Topology is it only had one DC previously, the 2008 R2, running AD/DNS/DHCP.
I ran the forest prep & domain prep on the 2008 R2 domain controller, then ran a dcpromo on the 2012 R2. From there, I migrated the FSMO roles over to the 2012 R2 server using ntdsutil.exe. The ultimate goal is to retire the 2008 R2 DC and
bring on line a 2nd 2012 R2 DC for this domain.
My Issues
Windows 7 client PC's do not always resolve/pass traffic to the Server 2012 R2 server, sometimes I need to ping
the server by IP before it will resolve, other times if I just repeatedly double click on the shared folder mapped to the Server 2012 R2 DC it will work eventually. This is intermittent/random,
and not always repeatable with any specific procedures. Sometimes the user will be working, then all of the sudden they can't resolve DNS to the internet, nor internally.
I am getting the following errors in the event log on my 2012 R2 DC
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:34 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will
be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Partitions,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: DFS Replication
Source: DFSR
Date: 3/16/2014 11:21:43 PM
Event ID: 5014
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DFS Replication service is stopping communication with partner CARMANSERVER for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 1726 (The remote procedure call failed.)
Connection ID: 020D5B10-4876-4888-9214-45E3D8B3206D
Replication Group ID: 8A8ADB84-CB25-495E-8C28-AE9FD1761E85
From the Server 2008 R2 DC, I get the following errors/warnings in my event log:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:02:45 PM
Event ID: 2088
Task Category: DS RPC Client
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: CARMANSERVER.carman.local
Description:
Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy,
users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest,
including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
HSSserver.carman.local
Failing DNS host name:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following
diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source
domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view <DC
name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered,
using the DNS Enhanced version of DCDIAG.EXE available on
dcdiag /test:dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the
destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:19 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be
logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 3/16/2014 8:01:55 PM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: CARMANSERVER.carman.local
Description:
Name resolution for the name _ldap._tcp.dc._msdcs.carman.local timed out after none of the configured DNS servers responded.
Log Name: System
Source: NETLOGON
Date: 3/16/2014 8:02:07 PM
Event ID: 3096
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The primary Domain Controller for this domain could not be located.
Log Name: System
Source: Microsoft-Windows-WinRM
Date: 3/16/2014 8:05:08 PM
Event ID: 10154
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The WinRM service failed to create the following SPNs: WSMAN/CARMANSERVER.carman.local; WSMAN/CARMANSERVER.
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/16/2014 10:50:55 PM
Event ID: 10009
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocolsSorry, the forum limited me to only 60000 characters per post, so here is some more detailed information:
Here's some initial diags/info from my server 2012 DC:
c:\windows\system32\dcdiag /test:DNS /v /e
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine HSSserver, is a Directory Server.
Home Server = HSSserver
* Connecting to directory service on server HSSserver.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CARMANSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HSSSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CARMANSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
The clock difference between the home server HSSSERVER and target
server CARMANSERVER is greater than one minute. This may cause
Kerberos authentication failures. Please check that the time service
is working properly. You may need to resynchonize the time between
these servers.
......................... CARMANSERVER passed test Connectivity
Testing server: Default-First-Site-Name\HSSSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... HSSSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CARMANSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\HSSSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
Starting test: DNS
See DNS test in enterprise tests section
for results
......................... HSSSERVER passed test DNS
See DNS test in enterprise tests section for results
......................... CARMANSERVER passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : carman
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : carman.local
Starting test: DNS
Test results for domain controllers:
DC: HSSserver.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 R2 Standard
(Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is F0:1F:AF:E1:D1:C4
IP Address is static
IP address: 192.168.17.7, fe80::35d3:8713:ce0a:3680
DNS servers:
192.168.17.7
(HSSSERVER) [Valid]
192.168.17.5 (carmanserver.carman.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000010] Broadcom NetXtreme Gigabit Ethernet:
Matching CNAME record
found at DNS server 192.168.17.7:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.pdc._msdcs.carman.local
Matching CNAME record
found at DNS server 192.168.17.5:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.pdc._msdcs.carman.local
DC: CARMANSERVER.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard
(Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client):
MAC address is A4:BA:DB:12:D1:77
IP Address is static
IP address: 192.168.17.5
DNS servers:
127.0.0.1
(carmanserver.carman.local.) [Valid]
192.168.17.7 (HSSSERVER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client): -
DNS "A" Record Preventing Networked Users from Seeing Own Website
I just set up a DNS "a" record in Server Admin to point "mail.xyz.com" to my server's internal ip (10.0.1.1).
I did this so users could stay on the network with sending and receiving mail, as opposing to going out onto the web to do so. (I have MX records on Network Solutions point "mail.xyz.com" to my server's external ip.) All of their mail clients list "mail.xyz.com" as the mail server, instead of the server's internal ip.
Trouble is, when users on the network try to access our website, "xyz.com," their browsers now return an error, saying they cannot find the server.
Any idea?
Lost count Mac OS X (10.4.9)Steve and David --
This works. I am using Server Admin. To reiterate, I
added a zone "mysite.com" and a primary server "mail"
and pointed it at my server's internal ip so my users
can stay "inside" while checking mail.
Then, to follow your suggestion, I added a machine
named "www" to zone "mysite.com" pointed to my
server's external ip.
Some questions: How can I be sure the client's
machines are going interally to the server for mail?
(When I dig it in terminal, "mail.mysite.com" returns
an "a" record for the server's internal ip -- I
suppose that is sufficient.)
Yep!
Should the primary name server for the zone be "mail"
with "www" as an added machine, or vice versa?
The primary name server just identifies the machine which is responsible for holding records for that zone (domain). Add www as a 'machine' - think of each 'machine' as a specific IP address which identifies a host, hence IP / Name partnership. Any other hostname on same IP is an 'alias' (which becomes a CNAME record in the dns file).
You say I have to do this with "any record hosted in
my public dns as a mirror." I am running three
websites from my server, all with public dns pointed
at my server. (I use the same mail
server--mail.mysite.com--for all three.) Do I need to
set up a "www" record for each website? I have no
problem accessing the sites from internal client
machines.
the basic issue is that any zone (domain) defined in your own dns becomes 'authoritative' for that domain. So when clients ask your internal dns about any zone (domain) which is defined in it, and your server does not have that record, it will respond with "no such record" and your clients must take that on face value.
Therefore, you only need to mirror records for domains which you have defined in your own dns. If you have external www.domain1.com and www.domain2.com but only have domain1.com established on your internal dns, then you only need that domain's www record mirrored. Your server will therefore not be authoritative for domain2.com and will pass all requests out to whichever external dns is authoritative for it.
-david -
AD DS Config problem (The AAAA record for this DC was not found) Cannot connect to ADUC
I am trying to figure out what is wrong with my AD DS Config. I ran dcdiag. The results were:
C:\Users\Administrator>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = R210_1_2K12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: Connectivity
......................... R210_1_2K12 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... R210_1_2K12 passed test DNS
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : bcas-tbf
Running enterprise tests on : bcas-tbf.local
Starting test: DNS
Test results for domain controllers:
DC: R210_1_2K12.bcas-tbf.local
Domain: bcas-tbf.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter [00000017] Hyper-V Virtual Ethernet Adapter:
Warning:
Missing AAAA record at DNS server 172.16.0.202:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server 172.16.0.202:
gc._msdcs.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.bcas-tbf.local
Warning: Record Registrations not found in some network adapters
R210_1_2K12 PASS WARN PASS PASS PASS WARN n/a
......................... bcas-tbf.local passed test DNS
IPCONFIG info:
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : R210_1_2K12
Primary Dns Suffix . . . . . . . : bcas-tbf.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bcas-tbf.local
Ethernet adapter vEthernet (Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client
) #36 - Virtual Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-26-B9-7E-81-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bda9:1a28:974a:5fc3%19(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.0.202(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
DHCPv6 IAID . . . . . . . . . . . : 335554233
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0A-52-45-00-26-B9-7E-81-75
DNS Servers . . . . . . . . . . . : ::1
172.16.0.202
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{AE70C63E-0A8A-4461-A789-8E4CD99CEA46}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1cf5:1d4f:53ef:ff35(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::1cf5:1d4f:53ef:ff35%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
I'm unsure of what the problem is or what to do next. Thank You.Disable IPv6 according to Pauls blog:
Disabling
IPv6 on Windows 2008
After disabling run:
ipconfig /flushdns
ipconfig /registerdns
restart the netlogon service or reboot.
For co-existence from IPv4 and IPv6 see:
Configuring DNS for IPv6/IPv4
Coexistence
IPv6
for the Windows Administrator: How Name Resolution Works in a Dual IPv4/IPv6 Scenario
IPv6 for the Windows Administrator: IPv6 Fundamentals
Hopefully, that fixes your issue. Added some links to read in cause you want to.
If it answered your question, remember to “Mark as Answer”.
If you found this post helpful, please “Vote as Helpful”.
Postings are provided “AS IS” with no warranties, and confers no rights.
Active Directory: Ultimate Reading Collection -
SRV Record for TC Software(SX20,C20)
Hi all,
We tested DNS SRV record for two VCS-Cs that are not clustered.
MCU works fine with those SRV records, but C20, SX20 do not work.
Can't TC endpoints receive SRV records?
VCS:X8.2.1
MCU5300:4.5(1.45)
C20,SX20:TC7.2.0
Best Regards,
KotaroHi Patrick,
Sorry for the late reply.
I mentioned "MCU works fine with those SRV records, " but actually it didn't work.
The MCU just received two GKs IP addresses as Alternative Gatekeeper.
Now we use records below.
We configure "vcs1.test.local" as an SX20's Gatekeeper.
But when "vcs1.test.local" fails, the SX20 never register with "vcs2.test.local".
=====DNS Records=====
vcs1.test.local(A) and its Pointer record.
vcs2.test.local(A) and its Pointer record.
_h323cs._tcp.test.local
priority=1
weight=0
port=1720
svr hostname=vcs1.test.local
_h323cs._tcp.test.local
priority=10
weight=0
port=1720
svr hostname=vcs2.test.local
_h323ls._udp.test.local
priority=1
weight=0
port=1719
svr hostname=vcs1.test.local
_h323ls._udp.test.local
priority=10
weight=0
port=1719
svr hostname=vcs2.test.local
_h323rs._udp.test.local
priority=1
weight=0
port=1719
svr hostname=vcs1.test.local
_h323rs._udp.test.local
priority=10
weight=0
port=1719
svr hostname=vcs2.test.local
Best Regards,
Kotaro -
#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
Hi,
This is my first post here.
My exchange server of late is facing a peculiar problem. I get the error message that I have posted below when sending mails to any outside domain. However when I restart the server the mails can be resend to the address without any issue. After a certain
time again the issue pops up upon which I am forced to restart the server again. I am running 2007 Exchange on Windows 2003.
Generating server: name.mydomain.com
[email protected]
#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
[email protected]
#554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
Original message headers:
Received: from name.mydomain.com ([1xx.xxx.xxx.xx5]) by MHDMAILS.mouwasat.com
([1xx.xxx.xxx.xx5]) with mapi; Wed, 19 Oct 2011 08:56:29 +0300
From: <[email protected]>
To: <[email protected]>
CC: "Al Alami,Tareq" <[email protected]>
Date: Wed, 19 Oct 2011 08:56:27 +0300
Subject: RE:
Thread-Topic:
Thread-Index: AcyAQ5tu8z9CvBfdT5+1pcGQkk6x0AIuwczAAAGZjeABQyW5sAADeeJQAAETNDA=
Message-ID: <[email protected]>
References: <[email protected]com>
<[email protected]com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
boundary="_004_EEC8FA6B3B286A4E90D709FECDF51AA06C0588CA11namedomain_";
type="multipart/alternative"
MIME-Version: 1.0On Sun, 23 Oct 2011 15:05:15 +0000, Jobin Jacob wrote:
>
>
>Even af
>
>ter removing my domain from the send connector I continue to receive the error. I would like to say I do have a firewall, Cyberoam. However, it was the same configuration till now in the firewall. I did try Mx lookup and found the following.
>
>Could there be any other solution to this issue ?
Sure, but it's necessary to ask a lot of questions since none of us
know how your organization is set up.
I see you also have "Use the External DNS Lookup settings on the
transport server" box checked. How have you configured the "External
DNS Lookups" on the HT server's property page? Is there any good
reason why you aren't just using your internal DNS servers? If the
internal DNS servers are configured to resolve (or forward) queries
for "external" domains then there's no reason to use that checkbox. In
most cases checking that box is a mistake.
http://technet.microsoft.com/en-us/library/aa997166(EXCHG.80).aspx
The behavior you describe (it works for a while and then fails;
restarting the server returns it to a working state) sure sounds like
some sort of DNS problem.
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP -
DNS Help: Configure for local and extenal services using same domain name?
Hello all. I'm setting up a 10.5 server, have scoured these great forums and gotten close, but am still stuck. Any help would be greatly appreciated.
My network setup is as follows: Internet (2xT1) > modem > router/firewall/NAT device > XServe > switches > rest of network, clients, etc. Pretty standard, I believe.
I'd like to use this XServe on our local network/intranet/LAN only for OD, networked home directories, AFP, iCal, Time Machine, Print and Software Update.
My website is hosted on an external server.
My email is also hosted on a (different) external server.
Domain is school.edu
XServe name is xserve.school.edu
XServe is 10.0.0.25
I've gone through Apple's recommended DNS setup (supplemented by some great info found here on the forums....), and am able to connect to other Internet sites (with client's DNS server set as 10.0.0.25), but unable to connect to www.school.edu, or send/receive mail to/from mail.school.edu.
In short, connecting to external domains that are NOT related to my school are fine, but I'm unable to connect to any domain that IS related to my school.
If anyone out there can shoot me some notes on how to configure the DNS settings, zones, forwarding, etc. to accomplish this, I'd be VERY appreciative.
Thanks, in advance, to anyone who can help me out.
Cheers,
TimIn short, connecting to external domains that are NOT related to my school are fine, but I'm unable to connect to any domain that IS related to my school.
If your server thinks it's authoritative for 'school.edu' then you have to add records for every host in the school.edu zone.
For example, if you want to be able to resolve 'www.school.edu' then you have to have a 'www' record. If you want to send/receive mail you have to add an MX record, and so on.
It doesn't matter that you're not responsible for those servers, it's just that since this machine thinks it 'owns' school.edu it will only respond with records in its own zone and won't care about what any other name server says, even if that other name server is authoritative for the zone.
FWIW, that's often why people running stub servers like this choose a separate subdomain (like 'dept.school.edu') so they can leave the main school.edu records on the main server and have full control over a subdomain. -
DNS/LDAP Issue for Trusted Domain
Hi
I'm trying to configure Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
Contact LDAP Server".
I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
When I check the log ADForestDisc.log I get this error message:
"Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
I have setup Conditional Forwarders in DNS in both domains.
I have also read other forums about this issue and should have the answer:
"This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
"The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
We are using Windows AD integrated DNS in both domains.
I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
Thanks in advanceHi
Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
I don't Think this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically? -
DNS Server working for top level domain but not host
Hello,
I just set up the DNS server on my server and thought I had it working until I tried the sub-domains. I could get to example.com but mail.example.com and www.example.com did not resolve properly even though I had specified them as aliases for the machine record.
Does anyone know where to look for the cause of this problem? Below I have included my zone file for the domain:
ns1:/var/named$ more shenzhenguide.com.zone
$TTL 3600
shenzhenguide.com. IN SOA ns1.shenzhenguide.com. info.shenzhenparty.com. (
2006061012 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
shenzhenguide.com. IN NS ns1.shenzhenguide.com.
shenzhenguide.com. IN NS ns2.shenzhenguide.com.
shenzhenguide.com. IN A 61.145.163.184
ns1 IN A 61.145.163.184
shenzhenguide.com IN CNAME ns1
www.shenzhenguide.com IN CNAME ns1
mail.shenzhenguide.com IN CNAME ns1
*.shenzhenguide.com IN CNAME ns1
shenzhenguide.com. IN MX 1 ns1
ns1 IN TXT "aliases don't work"
ns2 IN A 210.17.235.228If you enter "www.shenzhenguide.com IN CNAME ns1" there has to be a dot after the .com like : "www.shenzhenguide.com. IN CNAME ns1" but you usually drop it to "www IN CNAME ns1" instead.
(I don't think you can call the host in a domain for a subdomain).
Try it like this:
$TTL 3600
shenzhenguide.com. IN SOA ns1.shenzhenguide.com. info.shenzhenparty.com. (
2006061012 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
shenzhenguide.com. IN NS ns1.shenzhenguide.com.
shenzhenguide.com. IN NS ns2.shenzhenguide.com.
shenzhenguide.com. IN A 61.145.163.184
ns1 IN A 61.145.163.184
www IN CNAME ns1
mail IN CNAME ns1
shenzhenguide.com. IN MX 1 ns1 (maybe use: shenzhenguide.com. IN MX 1 mail.shenzhenguide.com. instead)
ns2 IN A 210.17.235.228
What's this? :
*.shenzhenguide.com IN CNAME ns1
And the domain is now handled by zoneedit (with all A records for mail and www.):
host -v www.shenzhenguide.com
Trying "www.shenzhenguide.com"
;; QUESTION SECTION:
;www.shenzhenguide.com. IN A
;; ANSWER SECTION:
www.shenzhenguide.com. 7200 IN A 61.145.163.184
;; AUTHORITY SECTION:
shenzhenguide.com. 6688 IN NS ns17.zoneedit.com.
shenzhenguide.com. 6688 IN NS ns3.zoneedit.com.
host -v -t mx shenzhenguide.com
Trying "shenzhenguide.com"
;; ANSWER SECTION:
shenzhenguide.com. 7200 IN MX 0 mail.shenzhenguide.com.
And there's no reverse:
host -v 61.145.163.184
Trying "184.163.145.61.in-addr.arpa"
Host 184.163.145.61.in-addr.arpa not found: 3(NXDOMAIN) -
When do I have to update my DNS records for my URLs, such as mail and autodiscover?
We currently have EX2010, with autodiscover.domain, owa.domain, and outlook.domain records in DNS. The outlook.domain is used for the CAS array and would not be modified during this.
We are going to install new EX2013 servers soon. When we do that, we plan to set all the URLs to be the same as EX2010 (like above).
From what I can tell, I do not have to change the DNS records until we actually start to migrate mailboxes. Would that be correct? I would rather do some additional testing, and get our load balancers configured correctly, before pointing autodiscover
and owa at EX2013.
Most of the documentation I have seen says change the DNS records at the end of your installation, but that would be if I was ready to migrate mailboxes I would think.
Thanks for any help or assistance on this. I have read all of the articles on the Exchange Blog site, but nothing really says make this change immediately.Hi DarlonJeel,
Based on your description, I know you want to upgrade Exchange 2010 to Exchange 2013.
After you've completed the installation of Exchange 2013, you could update the MX record and the Autodiscover record to the Exchange 2013 CAS Server.
Don’t worry about that the users whose mailboxes are located in Exchange 2010 server. When a user uses OWA or OutlookAnywhere, Exchange 2013 CAS server will redirect to the Exchange 2010
CAS server automatically.
Hope it helps,
Best regards,
Eric -
DNS server returns IP addresses even for domain na...
Like a number of other people I have been looking at the BT Broadband service and have found that there is an issue with the current DNS server. What I / we have found is that the DNS server returns IP addresses even for domain names which should not resolve. See following -
DNS results wildcarding (?): Warning
Your ISP's DNS server returns IP addresses even for domain names which should not resolve. Instead of an error, the DNS server returns an address of 92.242.132.15, which resolves to unallocated.barefruit.co.uk.
There are several possible explanations for this behavior. The most likely cause is that the ISP is attempting to profit from customer's typos by presenting advertisements in response to bad requests, but it could also be due to an error or misconfiguration in the DNS server.
The big problem with this behavior is that it can potentially break any network application which relies on DNS properly returning an error when a name does not exist.
The following lists your DNS server's behavior in more detail.
www.{random}.com is mapped to 92.242.132.15.
www.{random}.org is mapped to 92.242.132.15.
fubar.{random}.com is mapped to 92.242.132.15.
www.yahoo.cmo [sic] is mapped to 92.242.132.15.
nxdomain.{random}.netalyzr.icsi.berkeley.edu is mapped to 92.242.132.15.
Moderators could you please investigate this for us.
Infinidim
Megadodo Publications
Ursa Minor Beta
If you want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side
If the the reply answers your question then please mark as ’Mark as Accepted Solution’
Solved!
Go to Solution.RedAmberGreen wrote:
BT use a Barefruit (which your post seems to suggest) service called 'Error Resolution'.
http://www.barefruit.com/background/error_resolution.php
Any DNS that can not get resolved goes via this service and returns a page showing paid adverts and/or links related to what they think you were looking for.
BT refer to this as 'BT Web Address Help' and can be turned off on an opt-out basis via this link: http://preferences.webaddresshelp.bt.com/selfcare/
I assume BT's view is this helps improve the user experience and provides some directed help instead of a blank error page.
Further details: http://www.bt.com/help/webaddresshelp
Thanks for this RedAmberGreen.
Infinidim
Megadodo Publications
Ursa Minor Beta
If you want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side
If the the reply answers your question then please mark as ’Mark as Accepted Solution’ -
Pushed my site live, need to modify domain records for Gmail
Was able to push my site live and now the site domains in site settings has all the correct settings for
www.mydomain,com going to start page, mydomain.worldsecuresystems.com going to start page, mydomain.com forwarding to www.mydomain.com, and mydomain.businesscatalyst.com going to start page.
Somewhere in the process of connecting the domain name with the test site, i said that Gmail would be used. in the mx records listed in Site Domains in my BC dashboard show the 5 standard google servers (aspmx.l.google.com, alt2.aspmx.l.google.com, etc)
I added a CNAME record for mail.mydomain.com to point to ghs.googlehosted.com
now, when i browse to www.mydomain.com or mydomain.com i do see the site that i'm publishing through muse, that i pushed live.
when i go to mail.mydomain.com i get a google 'can't find' error. i'm thinking i just need to be patient, even thought the basic site stuff seems to direct correctly. if a BC person is looking at this, have i set this up correctly and just need to wait for it to catch?I have checked the sites under your account and the mail domain seems to be working well for all of them.
Thanks,
Vinayak
Maybe you are looking for
-
Unicode String in JFrame's Title Bar / why is java a non-Unicode pgm in XP?
My big question: Why is Java detected as a non-Unicode program by Windows XP? I need to do the following before I can write Japanese characters on the JFrame's title bar on Window XP: From the Control Panel -> Regional Settings and Languages -> Set t
-
Anyway to connect a USB jump drive to the ipad?
Is there an adapter for the ipad that lets you use a USB device?
-
Dynamic programming( how to read a dynamic node )
Hi, i have a node consists of four static and 5 dynamic attributes, how to capture all the data as a table or how do i read full node as a table. i have used get_static_attributes_table( ), it works only for static attributes,but i need to read c
-
Asset Transaction of Previous yr 2008 not reversing in yr 2009
Dear All, We have an issue in FI-AA. We are trying to reverse one document in Asset transaction TTYPE 100 & 101 posted in 2008 in yr 2009. The system says - Reversal not possible (asset val. date in diff. Fyear frm posting date) Message no. AA453 Dia
-
Log Pro 9.1.8 - Won't Start after migration to iMac 27.5"
Just upgraded from late 2009 21.5" iMac to new 27.5" imac Migrated all program data from old to new machine using TimeMachine All seemed to have gone well until I tried to use Logic Pro (worked fine on old iMac - which was also running Yosemite) Won'