DNS lookup on a new tree in an existing forest
Hi! I have a small question
I am labbing for an exam, and just created a domain like this
I was just curious why i cannot resolve the IP adress to the DC in wingtiptoys, when I can to contoso and canberra domains.
Isnt that supposed to be added automatically in CONTOSO.COM DNS when I created WINGTIPTOYS as a new tree in the contoso forest? I can easily lookup CONTOSO and CANBERRA from the WINGTIPTOYS DNS server
This is what I get testing from the CONTOSO DNS server
Freddy
Hi,
Add a new domain tree in the current forest:
A new and first DC of the tree –> a new and first domain of the tree -> a new domain tree in the forest.
Add domain tree wingtiptoys.com to forest contoso.com, there are different choice about DNS:
1. Both wingtiptoys.com and contoso.com use the same DNS server. New a primary zone named
wingtiptoys.com and enabled dynamic update on the DNS server.
2. Use different DNS server, both DNS servers has its domain’s primary zone, and other domain’s secondary zone. Copy zone file by zone transfer.
3. By default, when you add the first DC for wingtiptoys.com, DNS server is selected and automatically created a zone named
wingtiptoys.com. Transfer is also automatically added and another domain name will be transferred to the first DNS server.
Here is a test lab which is corresponding to the 1 condition, just for your reference:
http://social.technet.microsoft.com/wiki/contents/articles/12781.test-lab-guide-mini-module-creating-a-second-forest-and-domain.aspx
check to see if corresponding zone is created, and then, do the NSLOOKUP test. If the problem still exits, how do you deploy your DNS server, and the zone.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
New Edge server fails with DNS lookups - incoming mail stuck in queue
I just setup an Edge server, together with 2 Ex2013 servers with DAG. Sync works fine, however incoming mails are stuck at the edge server. The queue looks like this:
451 4.4.0 DNS query failed. The error was: DNS query failed with error ErrorRetry
Checking the logs, it also shows errors like this:
2014-07-12T16:32:06.599Z,08D16C05D02E2774,SMTP,"ex2.internal.contoso.com,ex3.internal.contoso.com,ex4.internal.contoso.com",>,DNS server returned ErrorRetry reported by 0.0.0.0. [Domain:Result] = EX2.internal.contoso.com:ErrorRetry; EX3.internal.contoso.com:ErrorRetry; EX4.internal.contoso.com:ErrorRetry;
2014-07-12T16:32:06.599Z,08D16C05D02E2774,SMTP,"ex2.internal.contoso.com,ex3.internal.contoso.com,ex4.internal.contoso.com",-,"Messages: 0 Bytes: 0 (The DNS query for 'SmartHostConnectorDelivery':'ex2.internal.contoso.com,ex3.internal.contoso.com,ex4.internal.contoso.com':'e01d6f93-e25b-4e36-9f2f-c1c7c73889ae' failed with error : ErrorRetry)"
Now the network is a little special, as the edge server is not in DMZ, but simply in a workgroup in the same LAN as the other Exchange servers. The edge server NIC's are configured to use the internal AD DNS servers, and the edge server is able to lookup
all the other exchange servers (ie. ex2.internal.contoso.com).
So I wonder why the edge servers logs DNS lookup errors as long as the server it self can lookup the internal hostnames for Exchange.
Any help would be great, as all incoming mail is now stuck at the edge server.This is from the Edge server:
[PS] C:\Windows\system32>Get-SendConnector | fl
AddressSpaces : {smtp:*;100}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : True
DomainSecureEnabled : True
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
FrontendProxyEnabled : False
HomeMTA :
HomeMtaServerId :
Identity : EdgeSync - MyCity to Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : 100 MB (104,857,600 bytes)
Name : EdgeSync - MyCity to Internet
Port : 25
ProtocolLoggingLevel : Verbose
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
AddressSpaces : {smtp:--;100}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
FrontendProxyEnabled : False
HomeMTA :
HomeMtaServerId :
Identity : EdgeSync - Inbound to MyCity
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : Unlimited
Name : EdgeSync - Inbound to MyCity
Port : 25
ProtocolLoggingLevel : Verbose
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : ExchangeServer
SmartHosts : {--}
SmartHostsString : --
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
This is from the Hub/CAS/MBX server:
[PS] C:\Windows\system32>Get-SendConnector | fl
AddressSpaces : {SMTP:*;1}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : True
DomainSecureEnabled : False
Enabled : False
ErrorPolicies : Default
ForceHELO : False
Fqdn : mail.va-world.com
FrontendProxyEnabled : False
HomeMTA : Microsoft MTA
HomeMtaServerId : EX3
Identity : outgoing SMTP
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : 151.6 MB (158,965,760 bytes)
Name : outgoing SMTP
Port : 25
ProtocolLoggingLevel : Verbose
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {EX4, EX3}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
AddressSpaces : {smtp:*;100}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : True
DomainSecureEnabled : True
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
FrontendProxyEnabled : False
HomeMTA : Microsoft MTA
HomeMtaServerId : Edge01
Identity : EdgeSync - MyCity to Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : 100 MB (104,857,600 bytes)
Name : EdgeSync - MyCity to Internet
Port : 25
ProtocolLoggingLevel : Verbose
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {Edge01}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
AddressSpaces : {smtp:--;100}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
FrontendProxyEnabled : False
HomeMTA : Microsoft MTA
HomeMtaServerId : Edge01
Identity : EdgeSync - Inbound to MyCity
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : Unlimited
Name : EdgeSync - Inbound to MyCity
Port : 25
ProtocolLoggingLevel : Verbose
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : ExchangeServer
SmartHosts : {--}
SmartHostsString : --
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {Edge01}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
I should note that all the Exchange servers are behind the same public IP, I just use NAT in my firewall to seperate the ports (50636 and 25 into the Edge server, 80/443 into the CAS/MBS server). -
Wireless Intermittent Super Slow DNS lookup bug in 10.6.4
I don't normally post things on forums these days, as usually I can find just about any solution by searching long enough, but this issue has perplexed me to the point I actually had to come on here.
Believe me, that's a big deal, I don't give up easily.
I have spent -countless- hours searching, on here, on google, on any "solutions" or "technical" sites I could find, and the closest I can find to a solution are countless people complaining about the EXACT SAME PROBLEM that I have observed and, repeatedly, reproduced again and again, which in every single case boil down to this:
You had 10.6.x (x being 3 or less) with a wireless connection on your home network and all is well.
You upgraded to 10.6.4 and all seemed fine for maybe 24 hours or so... then it happens. You go to load a website, and it's "looking for site" or "waiting for site" in your status bar... hmm, maybe it's just this site you say, so you try another, or a few others in other tabs, but they all have the same problem.
You try to ping the sites, but the network utility can't resolve the domain to even ping them.
Your roommate, all the while, is surfing and gaming just fine on the exact same router you are on, so no, it's not the network hardware, it's not your ISP, hmm, what could it be?
All of a sudden, ALL of the sites you had in like 20 tabs load up at screaming speeds, "WOW" you say, "guess there must have just been some gunk in the wires or something" (notice the irony of the situation: no wires)... anyway, all seems fine again suddenly, surfing is fine for a few minutes, you're back to normal... and it happens again, suddenly NO site will resolve, NO dns will resolve, you can't check email or ping any domain... and so the cycle begins. Of course, you can just plug an ethernet cable straight into the router, but doesn't that kind of defeat the purpose of having wireless networking in the first place?
It continues like this, indefinitely, and it all starts roughly 24 hours after 10.6.4 has been installed.
I have read reports of people on macbooks, people on imacs, people on all sorts of different wireless hardware, but the symptoms are the same.
I know the problem is with the OS update, it's purely software. I know that it has nothing to do with hardware because simply reverting to 10.6.3 solves the problem -every single time- and then "upgrading" to 10.6.4 causes the problem to come back within 24 hours -every single time- (have been reverting using Time Machine to simplify this testing process), so no, where the problem is isn't what perplexes me; what perplexes me is that there are posts that started almost a few days after 10.6.4 came out, and so far there's STILL no fix? Are you freaking serious? Does the Apple programming team not have access to anything other than Apple-Branded Airport Extreme Base Stations to perform wireless network QA testing on?
Get a Linksys guys, grab a D-Link, go get some of the hardware people actually USE and test it on that and see what happens, it doesn't take long to see what's happening.
I blame the programmers because I am one myself and know how easy it is to screw up a rock-solid system with one little typo. Heck, which patch was it, 10.5.7 or 10.5.8 I think? Can't remember exactly, but it was supposed to be such a great "bug fix" patch... and it came with the config file for Apache set to DENY ALL INCOMING EXTERNAL CONNECTIONS by default (in a hidden file that can only be modified by the root user mind you... so much for the average user running a personal web server on THAT version), so yeah, one tiny mistake and it has huge consequences, my question is: what's taking so long to track down what's going on in 10.6.4 and fix it? Can we at least get a patch or something?
I find it really lame and really such a cop-out to see so many irrelevant "solutions" offered, "try specifying different DNS servers" (doesn't matter, whatever causes this bug doesn't care which servers you have specified, it simply sits there and does NOTHING for 2-3 minutes, and THEN when it actually DOES do a dns lookup, it gets the results in the time expected: instantly), to more extreme matters, like resetting hardware, which again has absolutely nothing to do with this bug.
Here is why anyone can see this is an obvious bug that the programming team needs to admit, investigate and correct:
A. happens immediately after the software update
B. happens to EVERYONE who uses traditional wireless routers for internet use
C. is 100% repeatedly reproducible
D. occurs on all different models of computers and all different ISP's and with all different DNS servers specified.
E. has the same symptoms on every system (lightning fast internet for 2-3 minutes, then "waiting for site" for 1-3 minutes)
F. affects EVERY network-using program on the computer (email, network utility, firefox, safari) SIMULTANEOUSLY
G. does not affect surfing to or interacting with IP addresses directly, only with trying to perform DNS lookups from ANY program with ANY dns server (or no dns server) set in network preferences.
Come on guys, just read it through, think about it for a few minutes, for anyone that has worked with and knows the underlying source code, and what changes went in between 10.6.3 and 10.6.4 specifically to networking, should have a light bulb pop up over their head and say "oh YEAH, we never uncommented that one line..." or something to that effect.I see a very similar issue, but it's been occurring on my laptop for 4 or 5 months, which must be way before 10.6.4. My roommate and friend's laptops all work fine on my network. And my laptop works fine on anyone else's network. But MY laptop on MY network always gives the abysmal DNS performance as described in the original post: 40% of requests time out. Wireless or wired, it doesn't matter. Exact same behavior.
It also doesn't matter whether I use my Netgear router as DNS server, or my ISP, or OpenDNS, or Google. Exact same behavior.
When I do a network trace, it looks like most DNS requests my computer sends out simply never get responded to. (Could they be malformed when they hit the wire? I don't even see an error reply) A few make it through. And when there's a IPv6 (AAAA) record sent, my computer returns a "port unreachable" ICMP message. A screenshot of all of this dialogue is here:
http://img545.imageshack.us/i/screenshot20100913at114.png/
I recently had opportunity to cancel my cable service, and reinstate it for a lower price. They came out, tested the line (strong signal), gave me a new cable box. Yet the issue persists. Exact same behavior.
Firewall is disabled. I've deleted the network interfaces and added them back. Nothing helps.
(As I recall, this issue may even have been present before I reinstalled 10.6 over 10.5, so I'm not too confident a total reinstall would help.)
Any help? I'm about ready to buy a new laptop to fix this damned problem. Web browsing is nearly impossible, as is. -
DB connection is doing a DNS lookup
I have an application coded in Java which checks the oracle database if any new record is added.
so the line of code for eastablishing the conection is :
java.sql.Connection conn = � DriverManager.getConnection ( "jdbc:oracle:thin:@10.3.7.197:1521:DEV", "lot3","lot3" );
the application checks the database every 2 mins for any new records.
everytime the appln tries connecting to the DB, it is doing a DNS lookup. IS there any way to stop this DNS lookup?
the appln is running on AIX Unix machine.
Can anybody please help me?I have an application coded in Java which checks the
oracle database if any new record is added.
so the line of code for eastablishing the conection
is :
java.sql.Connection conn =
DriverManager.getConnection (
"jdbc:oracle:thin:@10.3.7.197:1521:DEV",
"lot3","lot3" ); Wow, what a wasteful way to do it.
>
the application checks the database every 2 mins for
any new records.
everytime the appln tries connecting to the DB, it
is doing a DNS lookup. IS there any way to stop this
DNS lookup?Stop your application.
Maybe a better solution would be to pool database connections. That would amortize the cost of acquiring the connections.
Who writes the records in your database? If it's another application outside your Java app you're out of luck, but if it's just other objects inside your app I'd recommend that you take better advantage of the Java Beans event model and have writers notify others when they've written to the database. It's far less wasteful of resources.
he appln is running on AIX Unix machine.
Can anybody please help me? -
WLC 5508 and WPA/WPA2 causes client DNS lookups to fail
Hi all, we just recently received a brand new 5508 with 6.0.199.4 firmware. We currently have three LAP-1250s that associate just fine to the WLC.
For testing purposes only, we enabled WPA2 with both types of encryption TKIP and AES with an ASCII PSK. The clients are able to connect, authenticate and get an IP address from our local (same subnet) DHCP server. They also get the DNS info from our DHCP server. However, the problem is that they are not able to do any DNS lookups. I haven't run wireshark yet to confirm, but it sounds very familiar to this problem: https://supportforums.cisco.com/message/3202369
I've even had clients use nslookup with both of my DNS servers and they are not able to resolve. I'm not sure if the request or the reply is being blocked/dropped, but I can find out tomorrow.
Now the strange part - if I turn off WLAN security altogether, it works! That's right, I just disable L2 security for the WLAN and re-connect the clients and they are able to do full DNS lookups.
AND - if I leave L2 security configured (WPA2 with PSK), and enable L3 Passthrough security - the clients get to the auth web page, click the "accept" button and are then able to do full DNS lookups too.
What could be the problem here? There's nothing I see configured for the L2 or L3 security settings that could be the culprit. We're using default (from Cisco) configuration, so there's no ACLs configured or anything like that to block DNS.
Another strange thing here which may or not be related - during initial configuration the setup asked for a virtual IP - so I gave it one - 1.1.2.2. Now when I do an ipconfig /all on the client, I see this 1.1.2.2 address listed as the DHCP server. Why is this? It's definitely getting an IP address and DNS info from the correct DHCP server, so not sure why this is showing up.
Thanks, Matt/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi Matt,
Just wanted to jump in, and also mention it may be worth attempting to disable the fastpath feature on the 5508, and test your failing client again. You may be hitting CSCti34667.
debug fastpath cfgtool --fc.disable
This command can be run via Telnet/SSH. Please keep in mind that fastpath will automatically re-enable periodically, so we recommend disabling every 10 minutes as a workaround for any known fastpath issues. You can do so by running the following Macro in TeraTerm:
:mainloop
sendln "debug fastpath cfgtool --fc.disable"
pause 600
goto mainloop
If you find that disabling fastpath resolves your concern, you can reach out to TAC for an Escalation Image with the fix for this one.
Best,
Drew -
Finding LDAP server names by DNS lookup.
Hi,
I'm very new with JNDI and DNS
We are hardcoding the ldap server name in our configuration to connect to the Active directory, but the requirement is to know the ldap server name dynmaically by querying the DNS server.
The input given to us are below.
Dns domain : indbank.is.
SRV RRecord : ldap.tcp.
Query dns : ldap.tcp.indbank.is.
The domain controller should be found by a DNS lookup for the domain, then a DNS for Domain controllers that advertise the service, then try to see if the domain controllers areanswering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Kindly help me.I am beginner and some code sample and tip will be welcome. :)
Thanks in advance.
HiubertThanks a lot to All.
My code is as follows...
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class dns1
public static void main(String[] args) {
try {
Hashtable env = new Hashtable();
env.put("java.naming.factory.initial","com.sun.jndi.dns.DnsContextFactory");
env.put("java.naming.provider.url", "dns://indbank.is");
DirContext ctx = new InitialDirContext(env);
System.out.println("Intial context created...");
Attributes attrs = ctx.getAttributes("_ldap._tcp.indbank.is",new String[] {"SRV"});
System.out.println("Attributes are been retrieved...");
for (NamingEnumeration ae = attrs.getAll();ae.hasMoreElements();)
Attribute attr = (Attribute)ae.next();
String attrId = attr.getID();
System.out.println("Attribute ID retrieved is" + attrId);
for (Enumeration vals = attr.getAll();vals.hasMoreElements(); System.out.println(attrId + ": " + vals.nextElement()));
ctx.close();
catch(Exception e)
System.err.println("Problem querying DNS: " + e);
e.printStackTrace();
The code runs fine and I get the output as follows
0 100 389 ib500ad1.indbank.in
0 100 389 ib500ad2.indbank.in
I have following questions
1) Do these servers which are returned are the domain controllers or the ldap servers.?(or both domaincontrollers and ldap server are same)
2) how to extract the server name alone from this string.
3) If these two server names are domain controllers then how can I query for a DNS for Domain controllers that advertise the service, then try to see if the domain controllers are answering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Thanks in advance.
-Hiubert -
Installing DsFW for the First Time, new tree?
I've been reading the documentation but there is some stuff I don't get.
It seems I can install into a new tree and choose the non-name-mapped deployment. Is this a popular choice?
Does this provide flexibility or limit it?
I read the following statement "Novell doesn't support installing other Novell products within a Domain Services for Windows (DSfW) partition." at Novell Doc: OES 11 SP1: Domain Services for Windows Administration Guide - Unsupported Service Combinations
I think that if I choose a non-name-mapped install then the entire new eDirectory tree will live inside the DSfW partition, or was that statement meant for name-mapped setups? Does that mean that we would not be able to install ZenWorks, Filr or GroupWise into the new tree? If true this suggests non-name-mapped setups are more limiting than name-mapped setups, and probably to be avoided.
Thanks for the free wisdom.
Background:
There is an existing Netware server 6.0 serving about 20 users as a file server but there doesn't appear to be any interest in migration or coexistance. A fresh clean tree is a core element of the plan so far. I'm thinking of three or four OES servers: Two DSfW servers (DHCP, DNS, eDir, domain controllers, SLP), a file server and a Filr server.
There is other stuff in the environment, including openSUSE DHCP and DNS, SLES application server, various other servers for databases and web stuff, Windows domain for 4 users to use Remote Desktop Services. A bunch of Windows desktops and a proliferation of mobile devices (hence interest in Filr is drive the change right now).
Hopefully over time the other servers will be part of the new eDirectory tree for authentication and ease of management.
If I choose a name-mapped setup, I think I need to install 4 or 5 servers: one eDirectory base server (Certificate Server and root partition), then at least one DSfW server (DHCP, DNS, eDir, domain controller), then file server and Filr server.Originally Posted by psahukar
Hi,
...snip...
1. Install OES CIFS server on the first server. This will give a new eDirectory tree with a file server.
2. Install 2 DSfW servers (using name mapped mode) into the eDirectory tree. You have the option to choose the top most container (i.e. whole tree) or a partition for the DSfW installation / configuration. DSfW will install DNS service on the first DSfW server by default. It is recommended to keep the DHCP server on a non-DSfW server.
3. Install the Filr server on the fourth server
Thanks for the recommendations, Pavreen.
Please confirm the main message you are conveying is that a name-mapped installating is best. Is it true that the reason this is best is to allow other Novell products (ZenWorks, for example) to be installed? Is it also true that non-name-mapped installs are rare and offer few (if any) advantages?
When you say, with respect to the DSfW servers, that I have the option to install DSfW using the top-most container, are you recommending that the second server be a DSfW server with DSfW in the top of the tree? This seems to be the thing that is against the rules according to Novell Doc: OES 11 SP1: Domain Services for Windows Administration Guide - Unsupported Service Combinations "Novell doesn't support installing other Novell products within a Domain Services for Windows (DSfW) partition." But it also the thing I'm sure I don't understand (and hence the post).
In my reading I didn't encounter a hint that DHCP should be separate from DSfW. DHCP conflicts with DSfW specifically or it introduces challenges more generally with other OES components?
The number of servers (all Xen PV on SLES) will be chosen to accomodate flexibility. So I think I will not make the CIFS server the first. The first server will be the permanent "Novell Certificate Server" and I think I should make that small and simple to be sure that future upgrades or restore operations are less likely to create challenges for such a critical, and seemingly inflexibly permanent, piece of eDirectory infrastructure.
What do you think of this modification to your recommendation:
1. First server is OES Novell eDirectory "Novell Certificate Server" + DHCP + iManager
2. Then two DSfW servers (DNS). Necessarily name-mapped. The partition question, which was the thing I was least certain about, is still uncertain to me.
3. Then one file server (NSS, CIFS and NCP). I'm also inclined to have a second DHCP as backup.
4. Then one Filr
5. Then probably a ZenWorks server in the further future -
LMS 4.2.2 ipsla http operation without DNS Lookup Time
Hi,
i´ve setup a add hoc device (webserver) and created a http operation with following options (see image 1) This operation polls the device every 10secs. So far so good. However, in the monitor graphic chart i do not see the DNS Lookup Time (image 2). What´s wrong with this setup?
Thank you,the patch for BugID CSCtz29665 is released here on CCO:
"http://www.cisco.com/cisco/software/release.html?mdfid=284259296&flowid=31102&softwareid=280775103&os=Windows%20CE%202.11&release=CSCtz29665_4.2.2&relind=AVAILABLE&rellifecycle=&reltype=latest"
I do not know whey they opend a new section for Windows CE 2.11, - but on CCO you have to follow this path to find it:
Downloads Home > Products > Network Management and Automation > Routing and Switching Management > Network Management Solutions > Cisco Prime LAN Management Solution > Cisco Prime LAN Management Solution 4.2 > LMS Patches > Windows CE 2.11-CSCtz29665_4.2.2 -
Slow DNS Lookups after connecting via PPP VPN
I have this very annoying problem and just can't seem to find a method to resolve it.
When I connect to my work network via a PPP VPN connection, all internet connectivity thereafter takes forever to do a DNS lookup. So when I browse the internet it takes ages before the page is displayed back.
If I also do a ping in finder for a random URL, www.google.com for example, it sits there for nearly a minute before I get a response. If I then immediately perform the ping again, I get a response straight away. So it seems once it's resolved the domain name, it gets stored in a cache somewhere. If I try another domain name, I get the same delay and then it eventually gets through.
As soon as I close the VPN connection, service is resumed and DNS lookups work fast.
I've also made sure I've unchecked the option to "Send all traffic over VPN connection".
I've also set my 'Service Order' to have my wireless Airport connection in the No #1 position.
The other thing I've tried is deleting the default route (via Terminal) and adding one manually that points to my wireless router, again without success.
Does anyone have any other ideas I could try? I've also recently re-installed a fresh copy of Leopard in case something was stuffed up, but the problem is still there after installation.
Hoping someone has an easy solution!
Many thanksI seem to have found a work-around. There is probably a neater way of doing this but here goes.
Here is my setup:
Airport Wireless to my home router
PPP VPN connection to my office windows network
3G connection via mobile phone
My aim was to be able to connect to my office network via wireless at home or via my cellular data connection, but continue to route all non-work traffic via the main connection (wireless/3G).
The #1 problem I had once I connected to my office VPN on either wireless or 3G, was that DNS lookups to general internet sites took forever. So to get around this, I created TWO VPN connections to my office network in Network Preferences and in both connections I made sure the option to send all traffic over VPN was left UNCHECKED.
The first connection I then designated for use when connecting wirelessly at home. Here I manually added the IP address of my home router as a DNS entry.
The second connection I did the same by adding a new DNS entry, except here I used the DNS server of my cellular data connection, in this case T-Mobile UK.
When connecting to my office network I just use either of the above connections depending on whether I am connecting wirelessly at home or via my mobile phone.
It seems a bit long winded I grant you, but after literally months of trying to resolve this annoying problem, this appears to be the only fix that works.
The downfall of this would be that DNS resolution to any servers on your office network might not work, but that isn't a problem for me since I manually add any servers I use at work to my local hosts file. This negates any need for DNS lookups and actually speeds up access to my work servers.
In amongst this I did several reboots, so you give your machine a reboot once you've completed the above steps, just in case.
The 3G connection won't work for you if your provider changes the DNS server every time you connect, but this is unlikely.
If anyone's got any comments, I'd love to hear them.
Cheers
Phil -
Issue with very slow DNS lookup. SBS 2008 R2.
(Preface: sorry if this is the wrong forum...new at this! X-posted from Reddit)
I'm stumped with this one. Last week, the server installed a few updates, no problem, a handful of security stuff. Since then, I've been having issues with DNS lookups on every computer on the network. It will hang on "looking up <domain>.com..."
and then after 20-30 seconds, it will show a "can't find the server" error. BUT THEN! When you click try again, it loads right up. And then it works fine. For a day or so. Then, the next day, or maybe just a few hours later, sometimes while browsing
the same site, it will do the same thing. It's like the DNS server just forgets the lookups it's already done after a time.
Things I've tried:
restarting server (duh)
rolling back updates
reinstalling said updates
restarting all network hardware from the gateway outwards
restarting the service itself while the server is running
The only thing the event log shows is a single error during startup - event ID 4015. The text reads:
"The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is ' '."
This error has only occurred once that I saw and did not occur on the most recent startup, but the issue is still present
Active directory seems to be fine. No errors or warnings in it and no info from the event log is showing anything that seems to be helpful.
I've looked around the KB but every article seems to be troubleshooting a much more specific problem or a different problem altogether, such as a misnamed, stuck, or incorrect DNS zone, or a DNS lookup that fails to complete altogether.Hi Craigglesofdoom,
Would you please let us know current situation of this issue? Did you refer to above suggestions and solve this problem? If any update, please feel free to let us know.
Please also run SBS BPA tool and check if find relevant issues.
For Event ID 4015, please refer to following article and check if can help you.
Event ID 4015 — DNS Server Active Directory Integration
-->The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly.
Please use dcdiag command-line tool. Any find?
Domain Controller Diagnostics Tool (dcdiag.exe)
Dcdiag for DNS: Test details explained
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
MBP - Too Long doing DNS lookups?
I've noticed that my brand-new MBP seems to take an excessively long time to do DNS lookups. I'll load Firefox and type in google.com in the URL bar. In the status bar below it will say "looking up google.com" for at least 10 seconds. Meanwhile, I've opened a terminal window and done an nslookup on google.com and received the IP address. Any idea why I can do a quick lookup in the terminal but the browser takes quite awhile?
Change your DNS servers in the network system preferences.
Use Verizon's Level 3 servers.. they're very fast
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Or the OpenDNS servers:
208.67.222.222
208.67.220.220 -
DNS Lookup Timeout Problems with Cisco SA520w
Hello,
We are trying to configure our new Cisco SA520w with our Internet connection.
As soon as we replace our existing Linksys RV042 with the Cisco SA520w, we find that DNS lookups start to take longer and longer to resovle. For example, an nslookup against yahoo.com will timeout, or take 10-12 seconds. Web browser requests simillarly take 30-45 seconds to resolve.
We've tried using both Google's and OpenDNS servers, as well as our ISP's nameservers. In all cases, the long DNS resolution takes place.
At first we thought that the firewall was misconfigured. However, we removed all firwall rules, and continued to experience the problem.
We've tried checking and unchecking the DNSProxy checkbox, but this doesn't seem to have any noticeable impact.
Does anyone have any idea about which setting impact DNS looksups, or what else we might try to troubleshoot this issue?
Thanks,
ChrisRegarding the question on 5-10 days for product support to become active, I followed up with the CA team and received the following, which is good for All partners to know...
Below is a description of the primary cause of delays in contract registration.
Contract registration takes 24-48hrs. Delays are generally caused by the Reseller/Partner who doesn't provide the product serial numbers to Cisco when they purchase the service. The contract cannot be registered until the Reseller or the Disti provides the serial numbers to Cisco via SMS3 (or B2B). In cases where Disti doesn't have a mechanism to collect the serial number before the product is shipped, or in cases of drop-ship, the Distis often have to track down their Resellers to get the serial numbers to Cisco.
There is a new program being discussed (drawing board now, so not available today) which will to allow the end-user to register the contract themselves, thus eliminating the need for the Disti or the Reseller to collect the serial number an input it into SMS3.
But in any case (now or later), when a customer calls in for support, if their contract has not yet been registered, the SBSC can work with the Global Entitlement Team to look-up the contract via the PO or SO number and complete the registration so service can be provided.
Hope this helps...
Steve -
DNS lookup failing on Macbook with Fios
Hello all
I've had Verizon Fios for over a year and had no problems connecting wirelessly to my MacBook. Out of the blue today, both my MacBook and my brother's began to have issues accessing the internet. Every attempt would yield the same response:
This webpage is not available
The server at google.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.
Here are some suggestions:
Reload this web page later.
Check your Internet connection. Reboot any routers, modems, or other network devices you may be using.
Check your DNS settings. Contact your network administrator if you're not sure what this means.
Try disabling network prediction by following these steps: Go to Wrench menu > Preferences > Under the Hood and deselect "Predict network actions to improve page load performance." If this does not resolve the issue, we recommend selecting this option again for improved performance.
Try adding Google Chrome as a permitted program in your firewall or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
If you use a proxy server, check your proxy settings or check with your network administrator to make sure the proxy server is working.
If you don't believe you should be using a proxy server, try the following steps: Go to Applications > System Preferences > Network > Advanced > Proxies and deselect any proxies that have been selected.
Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.
I called Verizon for support, and while their reset of my internet has allowed me to connect directly from a ethernet cord from my router, I'm still getting the same result on any attempts to connect via wi-fi. Since Verizon decided it was a Mac issue and not a Verizon issue at this point, they pointed me in the direction of applecare, but I don't have the money to spend right now on a support call.
It seems that the router is connecting to the internet, and I can connect through ethernet, but their is a problem with the wireless communication between my computer and the router. Any suggestions?That is a different issue. Most likely, your university IT has misconfigured their network and only tested it on Windows where little details like TCP/IP subnets aren't even checked. This sounds pretty typical for university IT. Unfortunately, you will have zero luck getting them to fix the problem because they don't support MACS.
First of all, your question is pretty important and shouldn't be tucked inside a Verizon FiOS thread where no one will see it. I suggest starting a new question so that people looking for this topic in the future can find the answer.
I am familiar with this problem. It is an IT configuration problem. I just rolled my own hack for it. I should probably try to improve my hack since obviously other people are experiencing the same problem.
Before I get started. Why are you even looking? What is the exact problem that you are having? My problem was specific to VPNs but your issue seems even more basic than that. What, exactly, does or does not happen to cause you to search for a fix?
In the Terminal, run the command "scutil list". How many DNS entries are listed? What are they? You should have one that says "State:/Network/Global/DNS". Type "show State:/Network/Global/DNS". What does it return? Are these the DNS servers that you added?
Let me know the respones to the above and then I can craft a command that will correct and possibly override those servers properly. -
For anyone who is experiencing slow DNS lookups...
I finally worked out what was wrong with my network config last night and thought I'd share it with everyone in a simgle post in the hope it'll help someone else.
I tried the BIND work around, but it wasn't all that much faster.
I tried disabling IPv6, but that didn't do much...
The solution?
In 'System Preferences' -> 'Network'
Go to configure the adaptor (Airport / Ethernet / etc)
In 'DNS Servers' where you'd normally specify the DNS servers given to you by your ISP... don't do this! As crazy as it sounds don't
Of course, if you're using newer routers you'd not be having this slow DNS lookup problem and specifying the ISPs DNS Servers would be appropriate... still
What you want to specify here is your ROUTER's IP:
eg. 192.168.0.1
With this simple modifcation you'll be fine. Why? You ask?
In Linux / OSX (I imagine in Unix as well) the way the lookups are carried out are different from Windows. I have other Windows computers on our network and they never had DNS lookup problems and they've been given the ISPs DNS IPs... anyway I think I'm talking out of my depth now heh.
This works!
Remember: Specify your router as the DNS Server!I've had this problem on a G4 PowerMac running Panther, and it still had it after a Tiger upgrade. I just replaced it with a Core Duo MacMini, 10.4.7, same problem of slow DNS lookups (i.e., slow initial start to loading a web page, then it goes quickly). Windows machines on the same subnet have no such problem. I've tried the various suggestions on various forums, none of which worked. I tried:
- turn off IPv6 (no help)
- directly enter my ISPs DNS servers (no help)
- manually configure both IP and DNS (no help, went back to DHCP)
- swear at the computer (a little help, mentally)
After some more reading, I tried resolving some addresses using the host command from the Terminal:
host -v www.apple.com 24.34.240.9
where the IP address is one of the DNS servers for my ISP (Comcast). I got a no server found message! I then tried the second DNS server in the Comcast list (found from my router), also no server found. Tried the third one in Comcast's list of DNS servers, and it worked. Entered it in System Preferences -> Network as a DNS server, and now web browsing is zippy! I verified that the two DNS servers that MacOS couldn't see are also down as far as Windows was concerned (using the nslookup command in windows).
What this tells me is that the OS X algorithm for handling unreachable or slow DNS servers is different from that in Windows. Maybe Windows remembers a bad experience with a DNS server and uses ones that it has success with, while OS X just keeps trying them in order, slowing timing them out until it finds one that works?
This could also explain many of the puzzling symptoms people have been seeing (things work some times, other times not; some people have luck specifying the DNS server manually, others don't). It all depends on what DNS servers got distributed to the Mac via DHCP, and how far down the list you have to go to find one that is responsive.
Anyone reading this forum with technical knowledge of both UNIX and Windows DNS lookup implementations? Is there some way to tweak in MacOS to make it perform more like Windows in this situation (like, maybe shortening the DNS server failure timeout)? -
I have a 20inch iMac that I connect wirelessly in my home network. I never had any problems with the wireless connection until a few months ago.
For the past few months, DNS lookups have been failing when browsing the web. I see "looking up cnn.com" as an example in the status bar. I have to wait for it to fail and then hit reload and then the page will load. Sometimes, certain parts of the page will not load if it has to do a lookup to a new domain e.g. images.cnn.com.
I have several other computers on my network [notebooks wired and wireless as well as wired pcs] with no issues.
Today, I moved my iMac to my office where my router is and plugged it in via an ethernet cable. Looks like there are no issues and I can browse any site without any lookup failures.
I have read a lot of posts about slow wifi, so I'm not sure if this is related. Anyone else have a similar issue? Looks like I'm going to have to run a cable to my kitchen since the wireless is just too flaky.HI--
I guess it's better, but not 100% fixed.
If you're using a router, I'd suggest putting your router's address into the DNS field in your TCP/IP settings. I've found, especially when running an Airport base station behind my Netgear router, that helps out quite a bit. In my case, I couldn't get get internet access from my wireless laptop without that.
I didn't try the 4.xxxx DNS suggestion. No offense,
but that sounds really hokey.
No, Eric's right, that's a great way to get around poor ISP DNS performance. I use those servers when my ISP has trouble keeping their DNS servers running.
Also, you can time different servers if you want, using the dig utility in the Terminal application:
<pre class="command">dig [email protected]</pre>You should get the query time near the bottom of the output. There are lists of publicly accessible DNS servers on the internet. Run some time tests and see if you can find some faster ones. Here's what I got:
<pre class="command">; <<>> DiG 9.3.2 <<>> [email protected]
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12531
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.apple.com\@4.2.2.1. IN A
;; AUTHORITY SECTION:
. 900 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006120100 1800 900 604800 86400
;; Query time: 37 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Dec 1 17:05:21 2006
;; MSG SIZE rcvd: 114</pre>
charlie
Maybe you are looking for
-
Photoshop cs6 lags on macbook pro retina 15'
Recently I got my hands on photoshop cs6 but my brush lags quite a bit while using it. This happens when I'm zooming in to do minor details or if I'm using a brush more than 200 I've heard good things about design production on macbooks but so far I'
-
Download file CS5 Win Standard
Can someone please help me with the download file for CS5 (standard). I bought a new laptop and this does not take CDs.
-
How can I make a DVD from videos I downloaded from internet? I made a DVD and my DVD players can't read it. I remember there was a warning about burning data or something. Thank you,
-
How do i unsinstall a specific App, like Photoshop CS6?
How do i unsinstall a specific App, like Photoshop CS6? thanks, max
-
Is there an advantage to opening an adjustment layer to do a levels adjustment VS just opening a background copy layer and doing a levels adjustment there?