DNS forwording to 2 diffrent ISP

Similar Messages

• How to setup DNS behind Airport Extreme and ISP that will not reverse DNS

  Hi,
  I am having issues setting up my Mac Mini with SLS. Right now my server is connected to the internet through my Airport Express. It gets a static address from the router (10.0.1.13). The router also has a static address from my ISP. I own the domain redcedarpoint.com. I have set the A record to point to my static router IP address. I also setup a CNAME for server.redcedarpoint.com to the same address.
  During the initial portion of setup SLS sees my ISP's domain versus my own domain and incorrectly fills the local domain name. I manually changed these to redcedarpoint.com and called the server 'server'. This puts server.redcedarpoint.com into all the host names. Everything seems to work, but now all my users get email addresses like [email protected] versus [email protected]. I have manually set mail host name to redcedarpoint.com (although this is wrong I think). It solves the email addressing issue, but now postfix gives me a warning about a duplicate:
  +Jan 27 21:20:45 server postfix/postmap[70670]: warning: /var/amavis/local_domains.db: duplicate entry: "redcedarpoint.com"+
  My question is: What should I fill in during setup and how should I setup DNS from my hosting service.
  By the way, I am also trying to funnel all inbound and outbound email through my premium Google Apps subscription.
  Here's also the result of postconf -n
  +Last login: Wed Jan 27 21:19:47 on ttys000+
  +server:~ ianknight$ postconf -n+
  +biff = no+
  +command_directory = /usr/sbin+
  +config_directory = /etc/postfix+
  +content_filter = smtp-amavis:[127.0.0.1]:10024+
  +daemon_directory = /usr/libexec/postfix+
  +debugpeerlevel = 2+
  +enableserveroptions = yes+
  +header_checks = pcre:/etc/postfix/customheaderchecks+
  +html_directory = /usr/share/doc/postfix/html+
  +inet_interfaces = all+
  +mail_owner = _postfix+
  +mailboxsizelimit = 0+
  +mailbox_transport = dovecot+
  +mailq_path = /usr/bin/mailq+
  +manpage_directory = /usr/share/man+
  +mapsrbldomains =+
  +messagesizelimit = 10485760+
  +mydestination = $myhostname, localhost.$mydomain, localhost, dmcwatering.com, internationalcardio.com+
  +mydomain = redcedarpoint.com+
  +mydomain_fallback = localhost+
  +myhostname = redcedarpoint.com+
  +mynetworks = 127.0.0.0/8,216.239.32.0/19,64.233.160.0/19,66.249.80.0/20,72.14.192.0/18,209.8 5.128.0/17,66.102.0.0/20,74.125.0.0/16,64.18.0.0/20,207.126.144.0/20,173.194.0.0 /16+
  +newaliases_path = /usr/bin/newaliases+
  +queue_directory = /private/var/spool/postfix+
  +readme_directory = /usr/share/doc/postfix+
  +recipient_delimiter = ++
  +relayhost =+
  +sample_directory = /usr/share/doc/postfix/examples+
  +sendmail_path = /usr/sbin/sendmail+
  +setgid_group = _postdrop+
  +smtpsasl_authenable = yes+
  +smtpsasl_passwordmaps = hash:/etc/postfix/sasl/passwd+
  +smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org permit+
  +smtpdenforcetls = no+
  +smtpdhelorequired = yes+
  +smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname+
  +smtpdpw_server_securityoptions = cram-md5,gssapi,login+
  +smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit+
  +smtpdsasl_authenable = yes+
  +smtpdtlsCAfile =+
  +smtpdtls_certfile =+
  +smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL+
  +smtpdtls_keyfile =+
  +smtpdtlsloglevel = 0+
  +smtpduse_pwserver = yes+
  +smtpdusetls = no+
  +unknownlocal_recipient_rejectcode = 550+
  +virtualaliasmaps =+
  +server:~ ianknight$+

  The first one is easy...
  Jan 27 21:20:45 server postfix/postmap70670: warning: /var/amavis/local_domains.db: duplicate entry: "redcedarpoint.com"
  You have redcedarpoint.com set as both the domain name and the hostname of the server. That is not correct:
  mydomain = redcedarpoint.com
  myhostname = redcedarpoint.com
  In this case, myhostname should be the reverse DNS hostname that the recipient mail server would see on outgoing mail - typically this would be something like 'mail.redcedarpoint.com
  You should also fix the mydestination parameter so that it includes your domain name as well:
  mydestination = $myhostname, localhost.$mydomain, localhost, dmcwatering.com, internationalcardio.com
  mydestination identifies the domains this server accepts mail for. In this setup it will accept mail addressed to @mail.redcedarpoint.com (assuming you fix myhostname, as above), @localhost.redcedarpoint.com, @localhost, @dmcwatering.com and @internationalcardio.com
  Nowhere here does @recedarpoint.com appear, so users won't get mail addressed to [email protected]
  It's easiest to just add redcedarpoint.com to the list of domains the server handles mail for.
  how should I setup DNS from my hosting service
  Your subject implies a reverse DNS question, but there's nothing in this post about reverse DNS. Other than that, you should have an MX record for your domain that points to the public IP address of your router.

• PRI LINES CONFIG FOR DIFFRENT ISP

  Dear All,
             Currently i am using AIRTEL PRI and I am going to another TATA PRI ,Currently my icmonig and outgoing are via AIRTEL
  1)I want to Configure all incomnig call to TATA as well as AIRTEL and OUTGOING CALLS via TATA
      Is this Scenerio Logically Possible and If yes can you please help me what changes in need to make in CCM end
         Thanks in Advance

  Yes it's possible. What protocol are you using between CUCM and the gateway?
  Also, be advised that multiple PRIs from separate providers typically means different clock sources. This will cause slip errors on the T1 if they are placed in the same Clocking Domain. You'll want to isolate the second clock source onto a NM-HDV2 with its own VWIC and PVDM resources (as well as ensuring that dsp sharing is disabled).
  Please remember to rate helpful responses and identify helpful or correct answers.

• BigPond - Mail from your ISP is temporarily rejected due to DNS Block List

  I've been trying to send mail to people who have Bigpond.com email addresses and received the following message concerning the unable to deliver the emails. For some reason, Mac.com is being seen as a spam address and is currently blocked.
  Who at Mac.Com can following the instructions below to resolve the problem which are relatively straight forward, but it's not a specific mac issue, but their mail servers
  Anybody through any light on how to get Mac.com to investigate the problem?
  ----- Transcript of session follows -----
  ... while talking to extmail.bigpond.com.:
  MAIL From:<[email protected]> SIZE=318276
  <<< 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here <a class="jive-link-external-small" href="http://">http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  <[email protected]>... Deferred: 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  Warning: message still undelivered after 4 hours
  Will keep trying until message is 4 days old
  
  Reporting-MTA: dns; smtpoutm.mac.com
  Arrival-Date: Sun, 30 Sep 2007 03:12:48 -0700 (PDT)
  Final-Recipient: RFC822; [email protected]
  Action: delayed
  Status: 4.3.0
  Diagnostic-Code: SMTP; 451 Mail from your ISP is being temporarily rejected due to a DNS block list. Your ISP can resolve this issue. More information is here http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/stdadp.php?pfaqid=12829
  Last-Attempt-Date: Sun, 30 Sep 2007 08:07:49 -0700 (PDT)
  Will-Retry-Until: Thu, 4 Oct 2007 03:12:48 -0700 (PDT)

  Resolving such issues can be complex. It is important to recognize that you've done nothing wrong.
  The bounces occur because your ISP has chosen to subscribe to a blocking list maintained by one of several such services. In your case, BigPond is querying the Trend Micro MAPS RBL list each time it receives inbound smtp transactions, and for some reason, addresses or address ranges assigned to .Mac mail for such traffic have been added to this MAPS RBL.
  BigPond can do nothing, really, but sever its link to MAPS, and is highly unlikely to do so. Beyond reporting the issue to Apple as indicated above via .Mac support using the web form located here, there is really nothing you can do. It is up to MAPS to remove the block based upon a request from Apple.
  This sort of relative stupidity occurs quite frequently. We have chosen to use the services of spamhaus.org to limit SPAM on our internally operated mail server, and face the same issue with mail originating through domains maintained by T-Mobile, who has unfortunately found themselves on the Spamhaus PBL, or policy block list. I haven't been able to locate someone at T-Mobile responsible for resolving the issue, so mail originating outside our domain via T-Mobile HotSpots or the T-Mobile cellular data network—traffic that is legitimately relayed through our server to users outside our subnet—is blocked.
  While I generally applaud the efforts of SPAM blocking services like MAPS and Spamhaus, I am beginning to believe that the unintended consequences of their services negate the value they otherwise provide. And, they operate with impunity and are unwilling to talk to affected users or notify sanctioned providers on behalf of affected users. They simply add the offending addresses to their many block lists, and leave it to others to correct what they see as a violation.

• 2 ISP link failover in ASA 5505

  Hi,
  I have ASA 5505, want to configure the 2 ISP link Tata and Airtel with failover.
  I want to configure the WebVPN with failover, so that user don't need to change the public address when one link goes down.
  thanks with regards
  Ashish Kumar

  Hi michael,
  First of thanks for reply.
  Can we do it by public certificate or DNS entry e.g. both ISP Public ip address entry will be in DNS and user will hit particular DNS name. You r right that once link down so user will disconnect but when he will retry then he will connect via another link.
  Is it possible??
  Ashish

• DNS - external DNS internal - Domainname?

  Hello, I have the following problem:
  Private IP network (192.168.0.0) behind router, which has a fixed external IP and an ADSL connection.
  The Leo server on the internal network has a fixed IP: 192.168.0.20.
  The Domain Name "firma.com" is hosted on a external provider, there is also a external web server running, which can be and should be accessible under "firma.com" and "www.firma.com".
  I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20".
  The Mailxchange (MX) record also redirects on "intranet.firma.com."
  And now the DNS server on the Leo-server? Which are the correct entries?
  IP address: 192.168.0.20
  subnet mask: 255.255.255.0
  router : 192.168.0.1
  Primary DNS: 192.168.0.20
  DNS Secondary: I 192.168.0.1
  Which has to be primary zone name: "firma.com" or "intranet.firma.com"? I mean, can there be "firma.com", when there is a external webserver which needs that name?
  When I use "firma.com" for the Leo DNS and the server’s name is "intranet ", the it resolves to the internal server very well. But how can I get my externally hosted web "firma.com" or "www.firma.com", if I DNS server "firma.com" as the primary zone there? Which is the right configuration that I can send mails internal, external and from external? And use the external webserver as is?
  Thank you
  Willi

  First using a 192.168.0.0/24 or 192.168.1.0/24 network on your LAN is a bad thing if you are going to use VPN later.
  "I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20". "
  You can use this if you want but you probably don't want the mail to require a an address like:
  <user/mailaccount-name>@intranet.firma.com do you? The MX pointer can use firma.com with an address of intranet.firma.com:
  firma.com MX 10 intranet.firma.com
  You could also look at intranet(.firma.com) as a hostname instead of a subdomain.
  (Maybe you should use an other domainname internally: firma.private or firma.internal)
  If you want to use the same domainname (firma.com) internally setup "all" the public names/IPs in the internal DNS and use only the server (private IP) DNS (with forwarders to your ISP DNS IPs) not the router DNS proxy for all internal machines.
  If you want to run an intranet webserver why not call it intranet.firma.com and the public one keeps it's name www.firma.com.

• Open DNS vs TWC DNS (Dallas)

  Should I use an open DNS or stay with TWC DNS (Dallas, TX)?
  Are there really benefits to speak of as a second year Computer Engineering student?
  Thanks all.

  This is a comment on OpenDNS and other public domain-name system (DNS) services, such as Google DNS. You should use such a service if it solves a problem for you, and not if it creates problems you don't already have. To summarize:
  1. Using public DNS will probably not make your network faster, and may make it slower.
  2. It will probably not stop your browser from being redirected when you try to connect to a valid web address.
  3. It will not make you safer from malware attacks.
  4. It could cause confidential information to be compromised.
  5. It has other privacy implications that you should take into account.
  A DNS server resolves the human-readable "domain name" of an Internet host, such as www.apple.com, to the numerical address by which that host can be reached. The process is analogous to looking up a phone number by name. There is no chance that changing the DNS server you use will have any effect on a network problem not related to name resolution.
  There are two valid reasons why you might want to use a public DNS service:
  The DNS servers provided by your ISP are misconfigured (perhaps deliberately) or don't perform well.
  You have a use for the filtering controls provided by OpenDNS and others.
  Although some DNS services are touted as responding faster than others, there will be no noticeable difference if your ISP is delivering what you pay for. Most likely, the difference in response time among the DNS servers available to you is on the order of a hundredth of a second or less. But under some conditions, public DNS will significantly slow down network performance. Here is a case in point.
  A content-distribution network (CDN), such as the one used by Apple to deliver software updates and iTunes content, relies on the location of the DNS server to optimize performance. If your query goes to a distant server, you may get slow downloads of Apple content, among other things. From the report of a test carried out by a networking consultant:
  We listed 9 CDNs that would benefit from supporting/using edns-client-subnet, and only two actually support edns-client-subnet: CDN77 and ChinaCache. Others, including Akamai, Internap and CDNetworks, do not currently. This really is too bad, because from the performance data we collected, it is clear these CDNs deliver (much) worse performance currently in many countries to Google DNS and OpenDNS users.   
  Another reason often given for using public DNS is to avoid "redirection," that is, false results from a query for a valid domain name. Ethical ISP's do not intentionally redirect valid DNS queries, though it might happen unintentionally because of a misconfiguration; for example, because the address of a network host has recently changed, or because of a "poisoning" attack on the DNS server. Recently, some low-quality commercial ISP's such as CenturyLink have taken to redirecting DNS queries for search engines such as Google. Do not tolerate this practice. If your ISP is doing it, then you should demand that the redirection be stopped, or else switch to another ISP. Note that many ISP's may, and OpenDNS certainly will, redirect invalid queries to ad sites, in violation of published standards for DNS.
  Some ISP's have been said to re-route all DNS queries to their own name servers, regardless of where the queries were directed. This is another intolerable practice. I don't know of any commercial ISP that is currently doing this, but if yours is, you won't be able to use a public DNS service, even if you change the network settings on your computer or router.
  If your Internet access is provided by an employer or institution, rather than a commercial ISP, then you have to take what is dished out.
  The claims on the OpenDNS website that it blocks malware attacks such as "Flashback" are false advertising. A DNS service does not and cannot block anything. All it can do is to selectively refuse to answer queries. It's trivial for a malware attacker to evade such controls. It's just as easy to evade the parental controls offered by OpenDNS. Nevertheless, you may find those control features useful, despite their limitations. Here is an example of an ASC user who had undesirable results from OpenDNS content filtering.
  There is one exception to the rule that OpenDNS and Google DNS don't improve performance. The "prefetching" performed by modern web browsers, including Safari, may confuse some DNS servers, with the effects described in this Apple Support article. The article suggests testing OpenDNS, Google DNS, or another third-party DNS service as a possible way to overcome the problem.
  If you need to switch DNS providers because of a misconfiguration of your ISP's servers, the change will most likely only need to be temporary. The problem may be resolved automatically within a matter of hours.
  If you intend to use public DNS, such as OpenDNS, on a long-term basis, you should be aware of the privacy implications. As a user of the free service, you are not an OpenDNS customer, and the service provider  — a for-profit corporation — doesn't have a contract with you. The marketers to whom OpenDNS sells access and information are its customers.
  OpenDNS will know, and store, the address of every Internet server you use from now on. This is from its privacy policy:
  When you use our Services, OpenDNS stores certain DNS, IP address and related information about you to improve the quality of our Service, to provide you with Services and for internal business and analysis purposes.
  Concerning personal information, the policy states:
  ...[I]t is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements...
  You can't opt out of those disclosures. Read the privacy policy carefully and draw your own conclusions. The privacy policy of Google DNS seems to be somewhat more benign, but again, you should judge for yourself.
  That's not the worst of it, though. The practice of hijacking nonexistent domains followed by most public DNS services could result in leaking confidential information to a hacker:
  For example, consider the "same origin trust model" used for Web cookies. If you're holding a cookie for GOOGLE.COM and you can be fooled into following a link to KJHSDFKJHSKJHMJHER.GOOGLE.COM, and the resulting NXDOMAIN response is remapped into a positive answer to some advertising server, then you're going to send your cookie to that advertising server when you send your HTTP GET request there. Not such a bad thing for a GOOGLE.COM cookie, but a real problem for a BANKOFAMERICA.COM cookie.  
  To emphasize, NXDOMAIN remapping is not something that only happens when you randomly mistype a domain name. It can be exploited deliberately by malicious links placed on any web page. In the case of OpenDNS, the result would be that a cookie intended for another server would be sent to the OpenDNS web server instead. A rogue OpenDNS employee, or anyone who managed to break into the web server, might then be able to impersonate you on another website. If this scenario seems far-fetched, it's the stuff that network exploits are made of.
  See also a brief. somewhat outdated, critique of OpenDNS on a Harvard Law School blog, with a response from the company's founder.

• Externally Hosted DNS - How do I set up my 2003 DNS server for sub domain to point to internal IP address??

  I have a domain name(domain.com) DNS hosted at my ISP. I also have 3 sub domains DNS hosted at the same ISP pointing to various external ip addresses (mail.domain.com, vpn.domain.com and ts.domain.com). We want to set up sales.domain.com to point to an
  internal 10. IP address. We have AD integrated DNS servers for our 2003 AD domain. The AD domain name is totally different than the hosted domain name in question. I currently edit the host file for a couple of PC's but this isnt practical company wide so
  I want to add entries on our internal AD DNS servers to resolve the locally hosted site. If i recall, someone once told me that you cannot just put an A record for one sub domain, I would have to have entries on my 2003 DNS server to resolve anything related
  to the domain.com name. Is this accurate? If so, what is the proper way to configure my 2003 AD DNS server to resolve anything domain.com related for my internal users while still allowing my ISP to do the DNS lookup for the internet.

  On my 2003 AD integrated DNS server...i rightclick forward lookup zone and choose...new zone..primary zone (store zone in AD checkbox checked)..i chose to all DNS servers in the AD domain for replication...zone name sales.domain.com....allow secure updates
  option....then i added an A record in that zone...sales.domain.com..pointed that towards my internal 10. IP address...is this correct? It seems to be working correctly for the sales.domain.com DNS record...and i tested the other sub domains...and those look
  like they are going to my ISP for DNS resolution...
  Is this the correct procedure? I did this on a test AD domain and not my production...i want to make sure i dont break everything under the domain.com by incorrectly adding 1 sub domain..

• Help with Proper DNS Setup for Leopard Standard Server Setup

  Hello All,
  Problem Description-
  I was reviewing some training today on DNS setup and checking for proper setup with the sudo changeip - checkhostname tool and I seem to have an incorrectly configured DNS setup. So I need some help on correcting it. When I go to the "Server Preferences" tool I cannot log in using apple.ourdomainname.com instead in order to use the tool I have to input localhost as the server name. Now I just thought that the system was broken or something and with the help of my training I now see it's a DNS problem. I thought I had everything proper since I followed the steps of creating proper DNS/RDNS entries with my ISP. Now I am stuck wondering what else isn't working properly due to the DNS issue. Thanks in advance.
  Technical Info-
  My ISP provides us with 5 static IP's and we have asked them to create entries and verified the setup of apple.ourdomainname.com = x.x.x.x which is one of our public IP's assigned currently assigned to the WAN port of our Apple Airport Extreme. We have also had them create a PTR record which also is present, verified and functional. Our MacMini running 10.5.5 is connected directly to one of the ethernet ports on our Apple Airport Extreme which is our NAT/Firewall for the LAN. So during the setup of the Standard Server install the OS configured the Airport with the required ports for chat/web/vpn. And mobile Mac's can VPN in and gain folder access and web works fine too. We don't use the e-mail portion so I can't say how that works. The server is using the DNS of 10.0.200.1 which is the IP of the Airport and the airport is programmed with the DNS of OpenDNS servers 208.67.222.222 and 208.67.220.220. The reason for this whole long shpeal is that I want to give as much technical background as possible for the best possible help.
  Thanks
  DM

  What happens when you use 'Localhost' instead of 'localhost' (i.e. capitalizing the 'L')?

• How do I create a DNS record on my Mac Server?

  How do I create a DNS record on my Mac Server?

  The following is info that I found in another post that I have been trying to follow.
  MrHoffman      New England
  Re: Configure DNS - OS X Server Next Steps
  Feb 13, 2011 6:36 AM (in response to Jimbooooooo)
  You're setting up internal DNS services, you referenced your ISP DNS servers and you should not have, and now those servers have no translations for your hosts. This is a common misconfiguration.
  See [configuring DNS on Mac OS X Server|http://labs.hoffmanlabs.com/node/1436] for how to set up your internal DNS server.
  And if there are any references to your ISP DNS servers here (within your client settings, within your server settings, your Airport settings, etc), then you're usually going to have DNS and connectivity problems. You're running a server now, so you'll be running your own services, and (particularly because of NAT here) referencing only your own DNS server(s).
  You may be setting up external DNS (if and when you need that), but that should happen after you set up your internal DNS. The above article has a link to setting up external DNS, when you get around to that, if/when you need in-bound connections into your LAN.

• Configuration of standard server, 10.5.4 install disk, small office, DNS

  I've reinstalled more times than I care to count.
  Been on the phone with support people- no one seems to know how to install standard in my config.
  I have a fixed business class IP-
  it connects from their modem to my Apple Extreme basestation N gigabit
  which then connects to a 24 port gigabit ethernet switch.
  The server is manually mapped by MAC address to 192.168.0.2
  In the standard setup-
  It asks for login to Apple Extreme basestation N gigabit- I provide- password- then configure manually (rest of computers use DHCP)
  I supply.
  Manual configured ip at 192.168.0.2
  subnet 255.255.255.0
  router 192.168.0.1
  left DNS blank.
  Standard install.
  The ethernet is configured to run through an ethernet card from my xserve- since the internal one doesn't seem to register.
  I used the MAC address for the machine in the Basestation to route to this mac address and reserve .2
  once it gets completed- it whines: server cannot connect be found on the network check that the server hostname
  etc.
  System prefs> Network settings- DNS I've tried with 192.168.0.1, I've tried with 127.0.0.1 and with 127.0.0.1, 192.168.0.1
  nothing works. I've even tried with 192.168.0.2
  It can't find server.name.lan (note I changed my actual 3 letter name for "name" in this example)
  it can find 192.168.0.2 sometimes - but slowly.
  I've reinstalled this about 50 times now.
  I've even done it with someone on the phone-
  at no time have we had:
  Jabber working at server.name.lan
  server.name.lan resolving to the wiki page
  calender working
  and vpn enabled.
  I've lost countless hours with this-
  My employees haven't been able to work at times (like tomorrow morning- because we keep all our files shared on this server).
  this is getting to be uber ridiculous.
  suggestions?
  The last install- I tried it name.private
  going to terminal- it still says to repair dns.
  There is a spot in the airport Internet settings for domain name- should I put in name.private or server.name.lan?
  I've also tried the disconnect the ethernet cable routine- that one tech had me do-
  I now know how to go into terminal and check- using sudo ipconfig -checkhostname
  where I have not been able to get the two entries- always get the message to repair dns.
  This shouldn't be that difficult.
  Thanks in advance

  The most obvious problem from your posted details is:
  left DNS blank.
  You can't do this. You HAVE to have working DNS somewhere.
  For the initial setup this could be a DNS server managed by your ISP. If you're configuring internal DNS then it could be your internal DNS server (or even 127.0.0.1), but not until that server is up and running.
  I used the MAC address for the machine in the Basestation to route to this mac address and reserve .2
  I don't understand this statement. MAC addresses don't (or, at least, shouldn't) come into the picture at all.
  System prefs> Network settings- DNS I've tried with 192.168.0.1, I've tried with 127.0.0.1 and with 127.0.0.1, 192.168.0.1
  nothing works. I've even tried with 192.168.0.2
  192.168.0.1 won't work - that is your base station and your base station is not a DNS server.
  127.0.0.1 won't work until you configure and start up the DNS server in Mac OS X Server.
  192.168.0.2 won't work either - for the same reason as 127.0.0.1. It will work once you configure the DNS server on this machine.
  So it sounds to me like your first order of business is to setup the DNS server. During the installation process you were asked which services to run. Make sure you enabled DNS then use Server Admin to configure your DNS zone.

• DNS and Static IP Address Question on Solaris v10 X86

  I�ve recently installed Solaris v10 X86 and have two questions. The system is a Dell E521 with 4GB RAM and 1GB SysKonnect NIC, and internet is provided via a cable modem, that�s plugged into a Netgear router, and the Solaris 10 box is plugged into the Netgear router via a CAT5 ethernet cable.
  1. I can connect to my router login page using the following URL:
  http://192.168.1.1/start.htm and I can also connect to various web pages such as yahoo, if I first "ping yahoo.com" (on another machine that�s internet enabled) and then plug the web site�s ip address into the Solaris/Mozilla browser. So it appears that I haven�t been successful at pointing the Solaris x86 at a DNS server to resolve the DNS name.
  2. I've purchased a commercially available software package and it requires a static ip address for this Solaris x86 server. If the ip address changes, it�ll stop working by design and require that I reacquire the license file. When connecting through this Netgear router, how do I lock this Solaris v10 x86 server into a specific ip address? (the ip address floats presently when cycling my PC�s on/off) presently, and assume the Solaris box will too, usually through an ip range of 192.168.1.<1 through 5>
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  skge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
  ether 0:0:5a:9b:1f:10
  # netstat -rn
  Routing Table: IPv4
  Destination Gateway Flags Ref Use Interface
  192.168.1.0 192.168.1.3 U 1 1 skge0
  224.0.0.0 127.0.0.1 U 1 0 lo0
  default 192.168.1.1 UG 1 0
  127.0.0.1 127.0.0.1 UH 8 163 lo0
  Some of the present Netgear router settings:
  Internet IP Address
  Get Dynamically From ISP (yes)
  Use Static IP Address      (no)
  IP Address           75.185. CROSSED-OUT3
  IP Subnet Mask      255.255.248.0
  Gateway IP Address      75.185.CROSSED-OUT4
  Domain Name Server (DNS) Address
  Get Automatically From ISP (yes)
  Use These DNS Servers (blank)
  Primary DNS      ... (blank)
  Secondary DNS      ... (blank)
  Netgear Router Status Page:
  Account Name      WGT624v3
  Hardware Version      V3H1
  Firmware Version      V2.0.16_1.0.1NA
  Internet Port
  MAC Address      00:40:ca:a8:CROSSED-OUT2
  IP Address           75.185.CROSSED-OUT3
  DHCP           DHCPClient
  IP Subnet Mask      255.255.248.0
  Domain Name Server      65.24.7.3
            65.24.7.6
  LAN Port
  MAC Address      00:18:4D:85:CROSSED-OUT1
  IP Address           192.168.1.1
  DHCP                ON
  IP Subnet Mask      255.255.255.0
  Excerpt from doing a prtconf -D command:
  pci10de,26f, instance #0 (driver name: pci_pci)
  pci1028,8010, instance #0 (driver name: hci1394)
  pci1148,5021, instance #0 (driver name: skge)
  pci1028,1ed
  pci1022,1100
  The NIC is a SysKonnect 9821 1GB Ethernet card. The drivers in Solaris 10 were apparently very old and didn't install drivers or configure/plumb when I installed Solaris 10, so I downloaded the
  latest drivers (hard to find!), followed the instructions and got the NIC drivers installed and then plumbed.
  My router's ip address appears to be 192.168.1.1 and in one of the articles I've read, there is a recommendation to create a file (touch) within /etc named defaultrouter and enter the router's ip address. I did this, and the file now contains:
  192.168.1.1
  I also read where another file called resolv.conf needed to be pointed to a DNS server, which in this case, according to my Netgear router, and according to ipconfig/all on another WinBox on the same network, also shows the same 192.168.1.1 address for the DNS, so I created that file too (wasn't there) and it contains:
  nameserver 192.168.1.1
  There is a host name file called hostname.skge0 and it contains one line:
  INTHOST
  There is a hosts file, and it contains:
  127.0.0.1 localhost loghost homex86
  192.168.1.3 INTHOST
  There is a netmasks file, and other than the commented out lines, it appears to contain one relevant line:
  192.168.1.0 255.255.255.0
  There is a nsswitch.conf file and other than the commented out lines, it contains:
  passwd: files
  group: files
  hosts: files
  ipnodes: files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: files
  automount: files
  aliases: files
  services: files
  printers: user files
  auth_attr: files
  prof_attr: files
  project: files
  tnrhtp: files
  tnrhdb: files
  There is an nsswitch.dns file:
  passwd: files
  group: files
  ipnodes: files dns
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: files
  automount: files
  aliases: files
  services: files
  printers: user files
  auth_attr: files
  prof_attr: files
  project: files
  tnrhtp: files
  tnrhdb: files
  Finally, I've also seen some advice using the folling command (and I tried it):
  "route add default 192.168.1.1" as an alternative method of setting up route table
  The only other command I've tried is:
  "ifconfig skge0 192.168.1.1 netmask 255.255.255.0 up" but I suspect that was redundant as the plumb command I used to get the NIC functioning earlier probably already provided what was needed.
  Finally, on this small network, I ran an ipconfig/all on a Windows based PC, to see what network settings were reported through the wireless connection, and this is an excerpt of that information:
  C:\Documents and Settings\mark_burke>ipconfig/all
  Windows IP Configuration
  Ethernet adapter Local Area Connection:
  Media State . . . . . . . . . . . : Media disconnected
  Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
  Physical Address. . . . . . . . . : (withheld)
  Ethernet adapter {xxxxxxxx}:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Nortel IPSECSHM Adapter - Packet Scheduler Min
  iport
  Physical Address. . . . . . . . . : (withheld)
  Dhcp Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 0.0.0.0
  Subnet Mask . . . . . . . . . . . : 0.0.0.0
  Default Gateway . . . . . . . . . :
  Ethernet adapter Wireless Network Connection:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card
  Physical Address. . . . . . . . . : (withheld)
  Dhcp Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IP Address. . . . . . . . . . . . : 192.168.1.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCP Server . . . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 192.168.1.1

  I�ve recently installed Solaris v10 X86 and have two
  questions. The system is a Dell E521 with 4GB RAM
  and 1GB SysKonnect NIC, and internet is provided via
  a cable modem, that�s plugged into a Netgear router,
  and the Solaris 10 box is plugged into the Netgear
  router via a CAT5 ethernet cable.
  1. I can connect to my router login page using the
  following URL:
  http://192.168.1.1/start.htm and I can also connect
  to various web pages such as yahoo, if I first "ping
  yahoo.com" (on another machine that�s internet
  enabled) and then plug the web site�s ip address into
  the Solaris/Mozilla browser. So it appears that I
  haven�t been successful at pointing the Solaris x86
  at a DNS server to resolve the DNS name.You can either copy nsswitch.dns to nsswitch.conf, or you can modify nsswitch.conf so that 'dns' is used for hostname lookups.
  2. I've purchased a commercially available software
  package and it requires a static ip address for this
  Solaris x86 server. If the ip address changes, it�ll
  stop working by design and require that I reacquire
  the license file. When connecting through this
  Netgear router, how do I lock this Solaris v10 x86
  server into a specific ip address? (the ip address
  floats presently when cycling my PC�s on/off)
  presently, and assume the Solaris box will too,
  usually through an ip range of 192.168.1.<1 through
  5>One method is setting the router so that the server's MAC address is tied to a specific IP.
  Otherwise you can edit /etc/hostname.<interface> and place a static address there, forgoing DHCP services from the router. You may want the address to appear outside the router's DHCP range.
  Darren

• SBS 2011 DNS Resolution Slow

  I have a customer running SBS2011 Standard.  We've had problems with slow DNS resolute for a very long time.  When users on their workstations go to a web site in IE, it usually takes a couple of seconds to load the site.  The best example
  of the problem is on Yahoo!.  When users click a link there, IE will spin for a while and then time out.  If they click on the link again, it usually loads the second time.
  We recently switched internet providers and I was hoping that might resolve the issue, but it has not.  The server is up-to-date as of a month or so ago and I've run BPA and the only issue there is with WSUS Group Policy objects, which I don't care
  about.  I wouldn't think this would be related to that.  There are no errors in the DNS logs.  This server was originally a clean install of a new domain, not a migration.
  I have Forwarders configured and have tried using the DNS servers of the old ISP, the new ISP and OpenDNS.  No improvement with any of those changes.  On the Monitoring tab of the DNS server properites, "A simple query against this DNS server"
  and "A recursive query to other DNS server" both fail every time.  If I get rid of the Forwarders, those queries still fail and DNS resolute at the clients is still slow.
  I know there was a DNS issue that was reported by the BPA a while ago and I fixed that.  I think it was a registry setting that needed to be adjusted, but I can't recall the details right now.
  I ran DCDIAG last night and was receiving messages about running Chkdsk to fix errors.  I was hopeful that that would fix something, but I'm no longer getting that message.  Now, the only errors in DCDIAG are SystemLog errors about not being able
  to contact a machine that has been off the network for a while.
  Restarting the server or just the DNS server has never helped.
  My server has a PTR record in the reverse lookup zone and a static A record in the Forward Lookup Zone.
  When I run NSLookup, it only responds with
  Default Server:  UnKnown
  Address:  fe80::9fcf:d19d:a86e:46cd
  On another SBS server that I have, it has all of this information:
  x.x.2.0.3.x.8.6.x.x.x.2.0.d.f.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.x.x.ip6.arpa
          primary name server = localhost
          responsible mail addr = nobody.invalid
          serial  = 1
          refresh = 600 (10 mins)
          retry   = 1200 (20 mins)
          expire  = 604800 (7 days)
          default TTL = 10800 (3 hours)
  Default Server:  UnKnown
  Address:  fe80::dfd0:2dca:68f3:2cf
  Is that a helpful clue?  Where do I start with troubleshooting and/or checking settings?
  Any help would be appreciated.
  Thank,
  Mike

  I would certainly change the router, just to rule it out.
  Have you run the SBS BPA and fixed any issues it highlights?
  If pointing a client directly to an external DNS, improves, but does not fully resolve, i would be inclined to say the Server is 'ok' and that it may be the router at fault.
  It has been too long since i looked at a ProSafe router, but there may well be some firewall settings you can tweak.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Pb to reach ISE Guest portal due to DNS constraints

  I have set up a Guest Portal with WLC 5508 7.4 and ISE 1.1.1 ;
  everything is OK, except one thing :
  the  Guest VLAN, associated to the Guest SSID is, actually, a DMZ behind my  customer firewall and the DHCP parameters provided to the wireless Guest  equipement connected on this VLAN include the public ISP DNS servers  addresses, not the customer internal DNS serveurs addresses;
  this  seems OK since the idea of this Guest SSID is to give a pure Internet  access to the Guests, and no connection at all towards the customer  internal servers;
  the  problem is that, when the wireless guest receives the redictect URL  from ISE (URL to access the ISE Guest Portal), this URL is based on the  ISE DNS name, not on its IP address; so, the PC can't resolve this  internal DNS name by using the ISP DNS servers addresses provided by the  DHCP server, and, so, it can't access the Guest Portal at all ;
  Apart  from changing those DNS values in the DHCP server (the customer does  not accept this solution), how could we solve this problem ?
  I have tried to code manually , in the CWA Authorization profile, the equivalent URL redirect via the CISCO av-pair as follows :
  cisco-av-pair=url-redirect=https://192.168.1.10:8443/guestportal/gateway?sessionId=sessionIdValue&action=cwa,
  but, it does not work, since the sessionIdValue variable is not replaced by its real value when sent to the wireless client
  any comment welcomed

  We had the same issue. Our solution was to advertise the internal IP address from our external facing DNS server and let it propagate publicly.  Our ISE box is in a DMZ and the firewall rules do not allow outside traffic to it, however the clients will get the correct internal IP address and since they are already inside the firewall on the DMZ segment they are able to get to the ISE box with the publicly resolved internal IP address.  The other option we entertained was a firewall DNS redirect.  That would work by intercepting the DNS request for that specific URL and return the proper internal IP, all other DNS requests would pass through to the public DNS server.

• DHCP reservation & DNS for content filtering

  Hi All,
  I am working around with server 2008 for quite a while and facing a problem as below,
  1.DHCP reservation error
  Server Ip:192.168.0.254 (configured as DNS server for local use only with AD & DHCP)
  DHCP scope: 192.168.0.100 to 192.168.0.200 excluded 192.168.0.100 to 192.168.0.110
  earlier the same scope was 192.168.0.10 to 192.168.0.100. I was facing a error when I make a IP reservation against a MAC number error was " The unique identifier may not be correct do you want to use the identifier anyway" when I click yes "DHCP
  server received a message from a client that is not valid" and by this error I am not able to make any reservations now against MAC numbers.
  The same error was also on the earlier scope and that's why changed to a new scope but did not work. Any solutions will me much appreciated
  2.DNS fine tuning. 
  I have an open DNS account on which my WAN IP number is configured to do a content filtering. I have two LAN ports with the below IP number
  Local : 192.168.0.254 ( configured with no gateway and DNS as loopback (127.0.0.1)
  ISP: 192.168.0.253 (with ISP gateway and DNS as loop back adapter & open DNS)
  I have did a content filtering and things are working fine. But I got to open up some machines out of this content filtering and when I try to give the IP number in this below fashion.
  192.168.0.115
  255.255.255.0
  192.168.0.1
  DNS
  192.168.0.254
  ISP DNS to avoid filtering
  I find that 192.168.0.254 does the resolving and things are still filtered as per the schedule. Is there a way where we can configure 192.168.0.254 (Local DNS server) to stop resolving web requests and only cater to resolving local names for connectivity.
  I do know its too long but solutions for the same will be help me out to solve it. Thanks in advance.
  Regards,
  Vaschell

  Hello,
  I have found something strange on the DHCP reservation. When I try to add a MAC number out of the network its able to make out a reservation.
  Is there any way to clear the MAC number cache or something else which I can try.
  A copy of the ipconfig /all for the server is below,
  C:\Users\Administrator>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : server
     Primary Dns Suffix  . . . . . . . : xyzabc.com
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : Yes
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : xyzabc.com
  Ethernet adapter LOCAL:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
  #2
     Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DC
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.254(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : 127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter ISP:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
     Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DB
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.0.1
     DNS Servers . . . . . . . . . . . : 127.0.0.1
                                         208.67.222.222
                                         208.67.220.220
     NetBIOS over Tcpip. . . . . . . . : Enabled
  PPP adapter RAS (Dial In) Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : RAS (Dial In) Interface
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.205(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter Local Area Connection* 8:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{0602F6CF-4B32-491F-994A-3C0952D
  B54}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{6A14710B-A078-4AF9-BD7A-989767F
  377}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 11:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 02-00-54-55-4E-01
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 12:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\Administrator>
  Thanks,
  Vaschell