DNS lookups without DNS server
Hi Community,
some user in a German forum are reporting a functional DNS resolution without a configured DNS name server. Is there a hidden feature in the actual Snow Leopard release which make this possible?
Thx & Bye Tom
Kiwi Graham wrote:
Sounds like an oxymoron to me - doing a DNS lookup without DNS?
Yes, I agree.
It is certainly possible to store a set of local mappings, but it'd be a subset of the domain universe and it'd also be static. So further resolution would have to go out to a DNS server.
I thought that maybe it could be possible that there is an internal fallback server configured. But it seems that it isn't, because should this be a fact, more user should know this.
More information?
No sorry. I asked both user to make a tcpdump on port 53 to determine the answering DNS server but I got no response. But thanks for your attention
Bye Tom
Similar Messages
-
Layer 3 Web redirect without MD DNS Server
Hello there
Actually, I want to configure layer 3 web redirect and i dont have any DNS server. I tried to use the core switch to resolve the name into ip through the comment ip host webauth 1.1.1.1 but it did not work, I am using the DHCP currently local on the controller any suggestions?
Thanks,
ElieCan you elaborate on what you are trying to do?
Unless you've specified a DNS name on your Virtual Interface, webauth with redirect the client to the IP address of your Virtual Interface. Generally speaking you only put a DNS name on the Interface if you are using a certificate... For you to have a valid certificate, I would suspect it has a valid domain, and therefor you should be able to make a DNS entry global for that domain pointing webauth.domain.com back to 1.1.1.1......
But if all you're trying to accomplish is webauth without a dns lookup resolving 1.1.1.1, then this should already be in place if you haven't put a name on the Virtual Interface. -
Hi
I am Setting A Lab Scenario That the PC name "Core2012" i.e. Server Core 2012 Will be Domain Controller.
Using PowerShell I have done this Task
Change hostname ; Configure IP address and Preferred DNS address ; Disable IPv6 ;
Configure Firewall ; Even Active Directory Role install.
Now problem occur
Well I have know to install DNS role install-WindowsFeature DNS
Ok
But;
How to configure FQDN ; Restore mode password ; Setting up global catalog server ;and configure Reverse Lookup zone Using powershell
I have search many Forums but I am not getting to touch with it.
So I Need a help to set and Configure DNS using Powershell
Thank You!!!
sagarpdalviHi Sagarpdalvi,
To set the Safe mode password with powershell, please refer to the cmdlet Install-ADDSDomainController, to enable global catalog(GC), please run the cmdlet "Set-ADObject" after install Active Directory on the core server, to configure Reverse Lookup zone,
please refer to the cmdlet
Add-DnsServerPrimaryZone.
To configure DC with powershell, please check the scripts:
Installing a Domain Controller on Windows Server 2012
R2 Core
Enabling and Disabling the Global Catalog
To configure DNS, the Domain Name System (DNS) Server Cmdlets should be helpful for you:
http://technet.microsoft.com/en-us/library/jj649850.aspx
I hope this helps. -
Is that possbile to install CMWS 1.5 without DNS server
Hi Guys , we try to do some PoC work for CMWS1.5 , but we do not have DNS server in LAB yet , just want to know is that possible to install CMWS 1.5 without DNS server ?
Best regards
Zhen ShuHi Zhen Shu,
Unfortunately, DNS is required to deploy CWMS. The deployment can't complete without successful communication with DNS server and resolving the systems hostnames.
-Dejan -
Server 2008 R2 DNS Server can not open active directory erro 4000
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly
and reload the zone. The event data is the error code. Error 4000
This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access
Denied. Would you like to add it anyway?
PLEASE HELPHi,
According to your description, my understanding is that DNS unable to open Active Directory with error 4000.
This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC. This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
You may check AD DS using command line “DCdiag” (run as administrator). besides, you may try to stop and restart AD DS service(detailed steps reference the link:
http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx ), make sure that the AD DS is running correctly.
Then restart the DNS service, detailed steps reference the link:
http://technet.microsoft.com/en-us/library/cc735673(v=ws.10).aspx .
If the problem still exits, is there any other DC or DNS on your network? Post the TCP/IP parameters (ipconfig /all) of DC and DNS here.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi,
I'm trying to configure a router as DNS server without "luck".
I've tried various things:
ip domain name net.sub.tld
ip name-server 8.8.8.8
ip host r1.net.sub.tld
ip dns server
ip dns primary net.sub.tld soa ns.net.sub.tld mailbox.net.sub.tld 21600 900 7776000 86400
I can do lookups on the router, but through the router I can't.
After I've done a lookup on the router and it gets the reply, it enters it in the hosts table (show hosts). NOW clients are able to resolve only this entry.
Local entries in the zone net.sub.tld works perfectly!
Any suggestions?
I've also tried to configure forwarder and source interfaces in the ip dns view default, but it's all the same.
The platform is a 1921 running IOS Version 15.1(4)M7
Thanks,
/JZHi Jacob,
I dont know about it will work on router or not
But here are the steps:
1. enable
2. configure terminal
3. ip dns server
4. ip name-server server-address1 [server-address2...server-address6]
5. ip dns server queue limit {forwarder queue-size-limit | director queue-size-limit}
6. ip host [vrf vrf-name] [view view-name] hostname {address1 [address2 ... address8] | additional address9 [address10 ... addressn]}
7. ip dns primary domain-name soa server-name mailbox-name [refresh-interval [retry-interval [expire-ttl [minimum-ttl]]]]
8. ip host domain-name ns server-name
to check more please check this document.
Hope it helps.
Regards
Dont forget to rate helpful posts. -
DNS server responses extremely slow
I set up the DNS Server running on my LAN (authoritative for a fully-owned domain), and I do believe it's correctly set up - reverse mapping works fine, no error messages in the logs or while watching tcpdump, etc. It's behind my NAT/Firewall, is set to be recursive (but I have not tweaked it to make it recursive only for the subnet). My problem is with the performance. Using this internal DNS server to provide DNS for my client machines on the LAN, internet lookups are awfully slow - perhaps five to ten seconds to bring up a major site. Leaving everything else the same on a client machine, and removing the references to the internal DNS server - thus using my ISP's DNS servers outside my LAN - the same site can by fully up in one second.
Is this major lag in performance simply caused by the fact that the ISP's DNS server is so often caching many many more sites than I could ever request from my own LAN? Or should I be looking for something specific to hunt down perfformance problems?If your server is stand-alone, you can run without internal DNS.
If OD Master, you also can run without internal DNS but config of course needs to be correct. Many people say it's best to run with internal DNS, but it's not a requirement.
One reason to run internal DNS..
If you connect to your server by fqdn (host.domain.com).
Without internal DNS, the client will connect to the public IP (wan side of your router). If your router supports loopback, this will work- if it doesn't support loopback it won't work. Even if it does work, you are forcing your client-server traffic to be processed (NAT) by the router, incredibly inneficient (although a simple config for basic requirements). If you're moving big files with AFP, you don't want all traffic to go from client-router(NAT)-server-router(NAT)client. You can get around this by connecting using .local or IP addresses. So this all depends on your config, requirements, habits of the users, etc.
JJ -
Moving from Exchange 2007 to 2013 (leaving the DNS Server for it's own dedicated server)
Hello! I am quite new to Exchange and Server management in general. I will do my best to explain my situation.
I am looking to move my Exchange server off of our DNS server. When we installed them on the same server, we did not have the funds to buy 2 separate servers. I am told that it is best to separate the two. I have followed the Microsoft instructions for installing
the prerequisites for Exchange 2013 on a 2012 R2 server, and i am at the point where it wants me to configure AD LDS. As I have active directory running on the current server, I was a little hesitant to just install it without understanding what i am doing.
After the AD LDS is configured, I believe i can move forward with installing Exchange 2013 (all 3 roles will be hosted on the new server), export the mailboxes from 2007 server and import them into the new Exchange 2013 server. After 2013 is up and stable,
I plan on removing 2007 from the old server (DNS server).
What are my next steps after importing the mailboxes? Am i missing important details that I need to change or migrate?
My biggest fear is that nothing works after the installation and moving the mailboxes over. For that case, it makes sense to keep 2007 installed as a fallback for when my installation fails and all i have lost is just my time :)
Current Server:
Windows Server 2008 Standard (64 bit)
1. Roles: Active Directory, DNS, IIS
2. Software: Exchange 2007
New Server:
Windows 2012 R2 Server
1. Roles: ???
1. Software to install: Exchange 2013
Thank you for any help you can provide!These are good resources, but i am still caught up with the active directory issue. Am I able to keep the old Domain/DNS/Active directory on it's current server and move Exchange 2007 off onto a new server (with Exchange 2013)?
In the first example, he is moving everything (domain controller, exchange, users, etc) onto a different server and decommissioning it.I've been told that it would be better practice to keep the domain and exchange on 2 different servers. Is this true?
I go to run commands like:
.\setup /PrepareAD /OrganizationName: orgname /IAcceptExchangeServerLicenseTerms
on the new exchange server, as a prerequisite and it doesnt recognize the command - even after following the steps before. Is this because the new server is not a domain controller? does it have to be? What are the best practices for setting up a server(s)
with exchange + domain controller?
Thanks for responding. -
Internal DNS server and NAT routing issue.
Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
ThanksIs there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying. -
I have a domain name(domain.com) DNS hosted at my ISP. I also have 3 sub domains DNS hosted at the same ISP pointing to various external ip addresses (mail.domain.com, vpn.domain.com and ts.domain.com). We want to set up sales.domain.com to point to an
internal 10. IP address. We have AD integrated DNS servers for our 2003 AD domain. The AD domain name is totally different than the hosted domain name in question. I currently edit the host file for a couple of PC's but this isnt practical company wide so
I want to add entries on our internal AD DNS servers to resolve the locally hosted site. If i recall, someone once told me that you cannot just put an A record for one sub domain, I would have to have entries on my 2003 DNS server to resolve anything related
to the domain.com name. Is this accurate? If so, what is the proper way to configure my 2003 AD DNS server to resolve anything domain.com related for my internal users while still allowing my ISP to do the DNS lookup for the internet.On my 2003 AD integrated DNS server...i rightclick forward lookup zone and choose...new zone..primary zone (store zone in AD checkbox checked)..i chose to all DNS servers in the AD domain for replication...zone name sales.domain.com....allow secure updates
option....then i added an A record in that zone...sales.domain.com..pointed that towards my internal 10. IP address...is this correct? It seems to be working correctly for the sales.domain.com DNS record...and i tested the other sub domains...and those look
like they are going to my ISP for DNS resolution...
Is this the correct procedure? I did this on a test AD domain and not my production...i want to make sure i dont break everything under the domain.com by incorrectly adding 1 sub domain.. -
DNS Server Errors 4015 and 4010
Hi all,
we have upgraded a 2003 Domain to 2012 R2. All DCs now are 2012 R2. The Domain and Forest Level are 2008. Be checking the Eventlogs of the DNS Server we found that we have DNS Error 4010 and 4015 Events repeatedly.
4015:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
4010:
The DNS server was unable to create a resource record for f55ab78a-df8d-4c2c-8420-52dc8b5604e2._msdcs.domain.local. in zone Domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains
the error.
We found that the Errors are available on oll DCs. The errors occurs only after the DNS Server Service are restartet on the DCs.
We check the dcdiag /e /test:dns with all PASS
We check the netlogon Service are successfully update be a restart the _.msdcs records in the Zone if the record are not present
We check the _msdcs.Domain.local Zone, it is in the forest Root Partition and AD integrated. We move it to the root of the DNS like the KB817470 describe
We check the dns by the Best Practices Analyzer, wihtout a error
We check the AD replication by repadmin without error
Thanks for help
Regards StevenHi,
Can you tell more information about the migration?
The roles that installed on windows server 2003 before migration. Is DNS role installed on it?
You can refer to this similar thread:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/55c7a4cd-2932-4b0e-bfd2-b043490df000/eventid-4010-dns-the-active-directory-definition-of-this-resource-record-is-corrupt-or-contains-an?forum=winserverDS -
Running this router for 2 years without any problems (even on Windows7 since las year), recently it won't let me conect to the internet, Network and Sharing Center say that the pc's configuration are alright but no DNS Server response is present.
(Windows 7 Ultimate x86 RTM, Bellsouth/AT&T ISP in Florida, US. DSL conexion, brand new ethernet cables and hardware kept in the best shape, Network Adapter: Realtek RTL8102E/RTL8103 Family PCI-E Fast Ethernet NIC (NDIS 6.20)(v7.2)
================================================================================
What I tried:
Resetting the router and/or modem (connected to a Westell 6100), setting both to default settings over and over (Web based reset and reset buttons)
IP Flushing in CMD
Getting to the web based configuration for my WRT54GS v6, releasing DCHP, renewing, default settings, etc...
Upgrading firmware to v1.52.7 (latest) to no avail, going back to original 1.52.6.
Device manager shows hardware working properly.
Windows 7 shows me a link to look at the properties of my WRT54GS, when I right click on it, I can also see the option "Enable", but everytime I use it I get "Connection Failed!"
===========================================================================================
I'm not much of a tech guy, and reading the forum didn't help me much, so I'm asking for some help please.
Ps: Installed default CD for it with its old EasyLink Advisor to no avail, also tried the latest Lela 2 EasyLink Advisor to no avail.
Also, there was no Default Gateway looking at an IPCONFIG in CMD, and now there is (192.168.1.1), which I use to get into its web based configuration.
Message Edited by daydreamingby on 02-11-2010 07:49 PM
Message Edited by daydreamingby on 02-11-2010 07:50 PM
Solved!
Go to Solution.As your ISP is an DSL provider, Most of the DSL Modem has a DHCP on them, so they acts like an Router. So right now you connection type is NAT behind NAT.
To make your Linksys Router work with an DSL Modem. Login to the Linksys Router setup page and below the setup tab you need to change the "Local IP Address" to 192.168.2.1 and click on Save Settings...
Once the settings are saved, unplug the power from Router and Modem, wait for 30sec and then plug the power to the Modem and once all the lights are lid then you can plug the power to the Router and check if you are Online. -
Dear Experts,
In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
DNS
We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS.
How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
Please assist ASAP.
regards,Hello,
ok so the GPO setting doesn't apply in any case.
Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
the informations from the Master.
It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
DNS server cannot be created because the authoritative parent zone
I am working in 2008r2sp1. I tried adding DNS Server and DHCP Roles first. Then under DNS Forward Lookup Zones I added "mysite.com" as a New Zone.
Also I searched my computer for a "NTDS" folder and the only on I found was "C:\Windows\inf\NTDS".
A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "artisdextri.com". Otherwise, no action is required.
The folder C:\Windows\inf\NTDS> is not valid. Specify a valid path, including drive letter. For example: C:\NTDS.
dcpromo /unattend:"C:\Users\Administrator\Documents\ForestAdd.txt"
ForestAdd.txt
[DCINSTALL]
InstallDNS="yes"
NewDomain="forest"
NewDomainDNSName="mysite.com"
DomainNetBiosName="MYSITE"
ReplicaOrNewDomain="domain"
ForestLevel="4"
DomainLevel="4"
DatabasePath="C:\Windows\inf\NTDS>"
LogPath="C:\Windows\inf\NTDS"
SYSVOLPath="c:\Windows\SYSVOL"
SafeModeAdminPassword="pass1"Hello,
If this is the first forest root DC, just ignore the information.
Check the blog:
A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server.
http://blogs.technet.com/b/activedirectoryua/archive/2011/07/07/a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent-zone-cannot-be-found-or-it-does-not-run-windows-dns-server.aspx
Hope this helps. -
How to prevent changing DNS server address
I work for a public school district. We just purchased our first batch of Win 8.1 PCs, but they are not the Pro version, so there is no gpedit. I want to prevent students from accessing the TCP/IPv4 Properties dialog box in order to ensure that the
DNS server address is always obtained automatically. Can anyone tell me how to do this using regedit, or any other way? Thanks!Easiest way is to assign these students a standard user account (without admin rights).. They cant change any system setting then.. Other than restricting privileges I don't think you have option here since you don't have group policy editor ..
There could be a possibility to do this using regedit But it is not recommended since there are no any official article for this other than below untested third party article form ehow
http://www.ehow.com/how_8110801_disable-tcpip-properties-regedit.html
Besides it could be tedious.. enabling and disabling it..
Maybe you are looking for
-
IPod won't sync purchased music, games, or video?
Ok so i plugged my iPod in a few days ago to my computer to sync it. everything was going well until- "Some of the items in the iTunes library were not copied to the iPod because you are not authorized to play them on this computer." Now, i went into
-
Training Videos Not Accessible
Hi, I just got to come across these training videos and when I click on the links, a new window opens up but only keeps showing the message "loading player". I suppose the loading should not take more than few mins. Can someone please tell me if this
-
How to Use "IR IN" and "SERIAL OUT" Connectors
I tried an LED connected to a mini plug to see if I could place it in front of my concealed cable box, but there is no signal coming out of either connector. How do they work?
-
Disk0s5 and Disk0s6 won't go away
After I got rid of the main Ubuntu partitions via Disk Utility, I found that two partitions, disk0s5 and disk0s6 still liger around my hard drive. When I try to delete a partition, it just comes back instantly. Is ther any way, besides formatting, to
-
I was having trouble logging into a website so I added it as a security exception. I added it permanently but now I want to remove it because I don't want Firefox to override it permanently if it's going to be a security risk. How can I remove the si