DNS NS Record

Similar Messages

• Unable to run the application via DNS CName record.

  I have  Windows Server 2008R2 running an application that connects to a database via a DNS CNAME record. The application was working fine until after yesterday when it could no longer
  connect to the database. The database server is up and running without any issues. You have verified remote connectivity to the database server from your workstation.
  How would you troubleshoot the issue and what are the steps to resolve it?

  It might be that the application does not support using aliases for DNS resolution. You will need to contact your application developer/vendor for assistance.
  To make sure that DNS resolution works properly from the infrastructure level, you can simply use
  nslookup and make sure that the resolution is done properly.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• DHCP Reservation Sync and DNS Host record sync etc shown in IPAM GUI

  Hello all,
  I am aware of the scripts in the TechNet script center to sync DHCP leases etc to IPAM, however my question is about something else -
  If you highlight an IP address (IP address inventory->select an IP), You can see fields that say: "DHCP reservation sync", "DNS PTR record sync" and "DNS host record sync" as below:
  I was curious as to what these are for. Is there some built-in sync functionality for these that I perhaps have not enabled? (Don't see such options any where..)
  thanks,
  -Ravi

  Hi  Ravi ,
  The three columns tell us the information of the synchronization between IPAM server and DNS server (or DHCP server) .
  Here is the detailed guide for using IPAM :
  Using the IPAM Client Console :
  https://technet.microsoft.com/en-us/library/jj878351.aspx#inventory
  IPAM can sync DNS and DHCP records .
  The IPAM database is separate from DHCP and DNS servers on our network ,and full synchronization of hosts and IP addresses between IPAM and managed DNS or DHCP servers does not occur automatically
  unless we have configured automated tasks to perform this synchronization .
  For detailed information ,see
  DNS and DHCP record synchronization chapter in the following link :
  Multi-server Management :
  https://technet.microsoft.com/en-us/library/jj878329.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• DNS "A" Record Preventing Networked Users from Seeing Own Website

  I just set up a DNS "a" record in Server Admin to point "mail.xyz.com" to my server's internal ip (10.0.1.1).
  I did this so users could stay on the network with sending and receiving mail, as opposing to going out onto the web to do so. (I have MX records on Network Solutions point "mail.xyz.com" to my server's external ip.) All of their mail clients list "mail.xyz.com" as the mail server, instead of the server's internal ip.
  Trouble is, when users on the network try to access our website, "xyz.com," their browsers now return an error, saying they cannot find the server.
  Any idea?
  Lost count   Mac OS X (10.4.9)  

  Steve and David --
  This works. I am using Server Admin. To reiterate, I
  added a zone "mysite.com" and a primary server "mail"
  and pointed it at my server's internal ip so my users
  can stay "inside" while checking mail.
  Then, to follow your suggestion, I added a machine
  named "www" to zone "mysite.com" pointed to my
  server's external ip.
  Some questions: How can I be sure the client's
  machines are going interally to the server for mail?
  (When I dig it in terminal, "mail.mysite.com" returns
  an "a" record for the server's internal ip -- I
  suppose that is sufficient.)
  Yep!
  Should the primary name server for the zone be "mail"
  with "www" as an added machine, or vice versa?
  The primary name server just identifies the machine which is responsible for holding records for that zone (domain). Add www as a 'machine' - think of each 'machine' as a specific IP address which identifies a host, hence IP / Name partnership. Any other hostname on same IP is an 'alias' (which becomes a CNAME record in the dns file).
  You say I have to do this with "any record hosted in
  my public dns as a mirror." I am running three
  websites from my server, all with public dns pointed
  at my server. (I use the same mail
  server--mail.mysite.com--for all three.) Do I need to
  set up a "www" record for each website? I have no
  problem accessing the sites from internal client
  machines.
  the basic issue is that any zone (domain) defined in your own dns becomes 'authoritative' for that domain. So when clients ask your internal dns about any zone (domain) which is defined in it, and your server does not have that record, it will respond with "no such record" and your clients must take that on face value.
  Therefore, you only need to mirror records for domains which you have defined in your own dns. If you have external www.domain1.com and www.domain2.com but only have domain1.com established on your internal dns, then you only need that domain's www record mirrored. Your server will therefore not be authoritative for domain2.com and will pass all requests out to whichever external dns is authoritative for it.
  -david

• Hostname/DNS "A Record" name

  We are having an issue with one domain bellsouth.net we are basically getting this back from them.
  12:18:29 928 MSG 10801 Recipient: [email protected]
  12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
  12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
  12:18:59 480 MSG 10803 Analyzing result file: /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
  12:18:59 480 MSG 10803 Detected error on SMTP command
  12:18:59 480 MSG 10803 Command: bellsouth.net
  12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse. Contact [email protected]
  When I looked up the Detected error on SMTP command, I found some information about the Hostname, currently on our server it is setup as Hostname/DNS "A Record" name: ndhc.org (according to the internet domain holder (godaddy) the host name is ndhc.org and the "A" record name is mail. What should we have in the Hostname/DNS "A Record" name field? I believe that we have tried the servername.domain name (liberxx.ndhc.org) and that failed and I think that we also tried (mail.ndhc.org) I cannot confirm that we actually have it has been awhile since we did this project, but I am just wondering if someone can help clear this up for me. Thank you. This issue only started happen with Bellsouth.net when we switched from the NetWare GWIA to the Linux GWIA is there something else that might have been missed.

  Originally Posted by mrosen
  Hi,
  dschaldedfg wrote:
  >
  > We are having an issue with one domain bellsouth.net we are basically
  > getting this back from them.
  >
  > 12:18:29 928 MSG 10801 Recipient: [email protected]
  > 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
  > abuse. Contact [email protected].
  > 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
  > abuse. Contact [email protected].
  > 12:18:59 480 MSG 10803 Analyzing result file:
  > /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
  > 12:18:59 480 MSG 10803 Detected error on SMTP command
  > 12:18:59 480 MSG 10803 Command: bellsouth.net
  > 12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse.
  > Contact [email protected].
  >
  > When I looked up the Detected error on SMTP command, I found some
  > information about the Hostname, currently on our server it is setup as
  > Hostname/DNS "A Record" name: ndhc.org (according to the internet domain
  > holder (godaddy) the host name is ndhc.org and the "A" record name is
  > mail. What should we have in the Hostname/DNS "A Record" name field?
  mail.ndhc.org
  Okay, so you think we should try putting "mail.ndhc.org" into that section (Hostname/DNS "A Record" name field) instead of what we currently have "ndhc.org"
  But that error doesn't sound like it's related to DNS. It much more
  sounds like you're really blacklisted for sending spam. If it's really
  the hostname, then their system is giving out extremely stupid result
  messages. Have you tried to contact the given email address in the
  message?
  I know when we first setup the system we were having an issue with the GWIA relaying, but that has since been rectified, they are the only ones that are blacklisting us, because I have checked on other sites (blacklisting websites that is) and there is nothing about our site being blacklisted. I think basically the people that are trying to receive the messages respond back saying that they never received emails from the people here at ndhc. If memory serves they have been emailed from other accounts and those go through because Bellsouth.net is not blocking those accounts, like yahoo, gmail, etc.
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  Untitled Document

• SPA 5xx and 9xx phones registering to all proxies with DNS SRV records

  A weird situation -- I use DNS SRV records to prioritize the two Asterisk servers to register to (east coast vs west coast).  However it seems that phones are often registering to BOTH servers and show as live on both at the same time.  There seems to be little rhyme or reason as to when it occurs, but it's weird.  Fortunately the phone does seem to be preferring the higher priority SRV record but I can't figure out why it is registering to both.
  This happens with SPA-942s (6.1.5a) and SPA504Gs (7.4.9c). 
  Any ideas what makes this happen?  On the surface it seems like a good thing, but functionally the phones are registering the same port numbers and only the priority server can get through firewalls with traffic for the phones.  This screws up my "presence" indicators within the system.
  DNS SRV RECORDS:
  _sip._udp.west.server.net  (for west coast customers)
  Priority 10:  west coast machine
  Priority 20:  east coast machine
  _sip._udp.east.server.net (for east coast customers)
  Priority 10:  east coast machine
  Priority 20:  west coast machine

  We determined this was not actually happening.  There was a syncing taking place in the background that was giving the impression this was happening but it really was not.

• KMS: DNS A records

  hi,
  We have a KMS server with srv record KMSSERVER01.CONTOSO.COM pointing to 192.168.1.1
  We created DNS A record KMS.CONTOSO.COM also pointing to 192.168.1.1
  If we use the sethst parameter in KMS client and use KMS.CONTOSO.COM, will it work?
  Thanks

  Hi,
  According to the parameter I guess you used the tool ospp.vbs. It should work without issue.
  http://technet.microsoft.com/en-us/library/ee624350(v=office.15).aspx

• DNS Host Records Missing

  Hi,
  We are having an issue where DNS Host records seem to be missing, a user logs on and they don't get their group policies. They can logon again and get their group policies. However the DNS Host record is still not created on the DNS Servers.
  If we reboot the PC the DNS record is created. What is going on.
  We have 2 DC's running DNS, and one of them runs DHCP.

  Hi,
  According to your description, my understanding is that client does not registry record in DNS server when user logon. And the DNS record will be created after rebooting the client.
  DNS updates can be sent for any of the following reasons or events:
  1. An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
  2. An IP address lease changes or renews with the DHCP server any one of the installed network connections. For example, when the computer is started or if the
  ipconfig /renew command is used.
  3. The ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS.
  4. At startup time, when the computer is turned on.
  5. A member server is promoted to a domain controller.
  A user logon behavior will not trigger DNS update/registry. You may Open CMD on client and type
  ipconfig /registerdns command to manually force a refresh of the client name registration in DNS. 
  If I have any misunderstanding about your question, please correct.                           
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Serious bug: call set-up problem in case of several DNS SRV records

  Hello Cisco,
  We have a MCU that consists of two servers in cluster. We have SIP SRV DNS records that point to both servers with equal priority and weight.
  All applications work nice with such setup, except from Free Jabber. Jabber is unable to set up the connection most of the time. One time the connection is successful and 5, maybe even 10 times it is unsuccessful.
  For testing, we removed SIP DNS records pointing to one server. This way Jabber works much better. There are some cases when the call set up fails but in most cases it works.
  Looking the logs of the MCU, we can see three different ways, how call set-up may fail. It is probably unreasonable describe the details in this forum message. Anyway, it seems to be sure that in case there SIP SRV records point to one server then Jabber is able to connect the MCU, in case the records point to two servers equally then Jabber is pricnipally unable to connect the MCU. This bug should be fixed, IMHO.
  Btw, what record does Jabber follow, is it _sips._tcp or _sip._tls?
  Greetings and thank you in advance,
  Marko Laurits

  Hello Cisco,
  We have a MCU that consists of two servers in cluster. We have SIP SRV DNS records that point to both servers with equal priority and weight.
  All applications work nice with such setup, except from Free Jabber. Jabber is unable to set up the connection most of the time. One time the connection is successful and 5, maybe even 10 times it is unsuccessful.
  For testing, we removed SIP DNS records pointing to one server. This way Jabber works much better. There are some cases when the call set up fails but in most cases it works.
  Looking the logs of the MCU, we can see three different ways, how call set-up may fail. It is probably unreasonable describe the details in this forum message. Anyway, it seems to be sure that in case there SIP SRV records point to one server then Jabber is able to connect the MCU, in case the records point to two servers equally then Jabber is pricnipally unable to connect the MCU. This bug should be fixed, IMHO.
  Btw, what record does Jabber follow, is it _sips._tcp or _sip._tls?
  Greetings and thank you in advance,
  Marko Laurits

• DNS on Server 2008 R2: DNS A records strangely disappear

  Hello,
  I am experiencing very strange problems with my DNS (Server 2008 R2, AD integrated). Several A records for Windows clients are missing, and even if I register them as static they somehow disappear again. However, the AAAA records are still around (IPv6 is
  running in default configuration, I haven't touched that at all), but another strange thing here is, most of them are listed as STATIC records.
  At present, the DHCP server is set to NOT register the clients with DNS. DNS accepts only secure updates, scavenging is disabled. (I am somewhat reluctant to disable dynamic updates on the DNS server completely because I think the DCs register and update
  lots of records dynamically). When I register all missing A records, most affected clients loose it again within an hour or so but some seem be fine. It seems to me that about 20 % of the clients are affected.
  I have enabled Directory Service Changes auditing, and its in fact the machine account which appears to be responsible. Clients with A records generate 10 entries (ID 5136) in the DC's security log while the problematic clients generate only the
  first 5 events. So it appears to me that they can delete the record but not create a new one. All clients are set to register themselves with DNS.
  As far as I remember I had Windows clients with missing A records in the past once in a while but the problem became really serious only about one and half weeks ago.
  Does anyone have an idea of what might be going on here? Can I safely disable DNS dynamic updates without adversely affecting AD/DC functionality? Generally, we don't actually need dynamic updates.
  Cheers, Georg.

  What operating system are the clients?
  I would like to first point out how registration works with static and DHCP, and the differences depending on how DHCP is configured.
  =====================================================
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  =====================================================
  Therefore, based on that, even if you have DHCP set to not register, and the clients are 2008/Vista and newer, then DHCP is doing it. That explains why you see the system account doing it.
  Now, I think it will actually help you if you configure DHCP to register everything, configure credentials, and add the DHCP server computer object to the DnsUpdateProxy group. Don't add anything else to this group.
  This way DHCP controls everything and it's easier to track AND more importantly, DHCP can update already registered records.
  ====================================================
  In summary:
  DHCP DNS Update summary:
  - Configure DHCP Credentials.
    The credentials only need to be a plain-Jane, non-administrator, user account.
    But give it a really strong password.
  - Set DHCP to update everything, whether the clients can or cannot.
  - Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  - Add the DHCP server(s) computer account to the Active Directory,  Built-In DnsUpdateProxy security group.
    Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group.
    For example, some folks believe that the DNS servers or other DCs not be
    running DHCP should be in it.
    They must be removed or it won't work.
    Make sure that NO user accounts are in that group, either.
    (I hope that's crystal clear - you would be surprised how many
    will respond asking if the DHCP credentials should be in this group.)
  - On Windows 2008 R2 or newer, DISABLE Name Protection.
  - If DHCP is co-located on a Windows 2008 R2, Windows 2012, Windows 2012 R2,
   or NEWER DC, you can and must secure the DnsUpdateProxy group by running
   the following command:
    dnscmd /config /OpenAclOnProxyUpdates 0
  - Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway.
  - Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  References:
  This blog covers the following:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  
  Good summary
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  Another good Summary:
  Thread: "DNS problem" December 18, 2013
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
  Another good discussion that Microsoft support concurred with my settings for a poster that called in to Support, which verified my configuration suggestions in my blog are correct:
  DHCP Server Not Registering A Records for Windows Clients
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e4b285d6-5795-4045-83ff-3a3c793b2cfc/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Removing DHCP failover removes DNS A records

  We are running a windows 2012 r2 domain with 4 DCs all configured as DNS servers. One of the DCs is also our DHCP server. We configured a second dhcp server in January and joined it in failover mode. It was fine for a couple weeks, but then we got spammed
  with 20291 and 20292 errors. We decided to remove the failover relationship and unauthorize the second dhcp server which we did without any errors. However when we rebooted the original dhcp server, we immediately lost over 30 A records in dns, mostly printers,
  and we found that the dns server ip addresses on the nics of the dhcp server were changed to invalid addresses. Is there anything known that could explain this behavior? Otherwise the server seems to be working fine, and diagnostics (dcdiag, repadmin, event
  log) are not showing any errors.

  Hi,
  Was the second DHCP server also a DC? Which kind of DHCP Failover Modes did you used?
  Based on my experience, a DHCP server can register and update DNS PTR and address A resource records on behalf of its DHCP-enabled clients. I assume the lost A
  records may be due to the IP address of the DNS server was changed. Did you configure a static DNS server in the DNS settings on the DHCP server? I assume that you select "Obtain DNS server address automatically" as if you define a DNS
  server, it won't be changed after reboot.
  In general, it would be better to point the preferred/secondary DNS server to the DC instead of obtaining the DNS server address automatically.
  Besides, for event ID 20291, you can refer to the KB below:
  http://support.microsoft.com/kb/2955135
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• DNS: A record for domain?

  Trying to configure BIND in Snow Leopard Server so I can migrate current DNS to an XServe. My goal is to be able to use Server Admin for as much as possible, but I know this won't be entirely possible in my setup (wildcards, bizarre reverse delegation limit my options here). I've used generic names here on purpose, but yes, I do know what I am doing.
  Currently, I'm trying to create an A record for a domain so that I users will hit my website whether they enter domain.com or www.domain.com. I have the following entry to my domain in SA:
  +domain.com. Machine 1.2.3.4+
  I verified that this entry was correct in the zone file itself. Indeed, I found the following entry in the appropriate zone file:
  +domain.com. IN A 1.2.3.4+
  However, when I attempt to query the server using dig, I do not get an answer:
  dig a domain.com @server.domain.com
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> a domain.com @server.domain.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
  ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; WARNING: recursion requested but not available
  ;; QUESTION SECTION:
  ;domain.com. IN A
  ;; AUTHORITY SECTION:
  domain.com. 10800 IN SOA server.domain.com. admin.domain.com. 2010070702 86400 3600 604800 345600
  ;; Query time: 10 msec
  ;; SERVER: 1.2.3.4#53(1.2.3.4)
  ;; WHEN: Fri Jul 9 06:02:13 2010
  ;; MSG SIZE rcvd: 95
  What am I missing here?

  Be aware that this is not a production server yet, and I acknowledge that this isn't fully kosher yet. I am just testing the config to see if it will work.
  Server is 206.123.100.18. Zone is a3dtech.com. Zone file:
  ;GUID=4EAE5E10-15F4-457B-8CAC-D9702FB1E186
  ;selfResolvingHostname=0
  $TTL 10800
  a3dtech.com. IN SOA ns1.a3dauto.com. admin.a3dauto.com. (
  2010070901 ;Serial
  86400 ;Refresh
  3600 ;Retry
  604800 ;Expire
  345600 ;Negative caching TTL
  a3dtech.com. IN NS ns1.a3dauto.com.
  a3dtech.com. IN NS ns2.a3dauto.com.
  * IN A 206.123.100.18
  a3dtech.com. IN A 206.123.100.18
  mail IN CNAME mail.a3dauto.com.
  svn IN CNAME daniel.a3dauto.com.
  a3dtech.com. IN MX 10 mail.a3dauto.com.

• DNS - Machine Record vs Alias?

  Hello.
  Throughout my own postings and other reading, both on these forums and others, I've gotten about 50% of the people suggesting I use Machine Records and the other 50% saying I should use Aliases. For example, I have DNS set up like this:
  mydomain.com Primary Zone -
  xserve001 Machine 192.168.1.1
  xserve002 Machine 192.168.1.2
  xserve003 Machine 192.168.1.3
  ftp Machine 192.168.1.2
  wiki Machine 192.168.1.2
  filemaker Machine 192.168.1.3
  The three machines records for the three Xserves are fine. But what about things like ftp, wiki and filemaker. Should these be aliases or machine records (when managing DNS through GUI)? Like I said, I feel like, in all the advice I've received, and in all the posts I've been reading, it's 50-50 either way. I figured, with DNS being such a critical aspect to 10.5 Server running well, there'd be a yes or no answer to this?
  For me, I've had it as machine records, but when I made this post...
  http://discussions.apple.com/thread.jspa?messageID=9392260#9392260
  ...the response made it sound like what I'm doing is completely wrong?
  At this point, I just don't know, and since DNS is just so important to a properly working system, I'm hoping we can nail or some sort of definitive answer!?
  Regards,
  Kristin.

  Hmmm, yea, not sure how that would work in my situation.
  For instance, Xserve001 is my OD Master. It's also primary DNS, File Sharing and VPN. Xserve002 is "connected to a Directory Server" (Xserve001), but also hosts secondary DNS, iCal, Web (including wiki and WebDAV), SUS, File Sharing, as well as FTP (though, not using OS X Server FTP service, using 3rd party). Xserve003 is also "connected to a Directory Server" (Xserve001) and hosts FileMaker Server (utilizing OD user accounts within FileMaker).
  So, obviously, I have machine records for the three Xserves. Are you saying, for services such as iCal, SUS and Web you wouldn't have CNAME's and just refer to the actual hostname of the server the service runs on?
  If that's the case, there goes my 50% say Alias (CNAME), 50% say Machine Record as this would be a third option?
  Regards,
  Kristin.

• Migrating servers DNS MX records

  I am currently about to migrate an old Exchange 2003 email server to our new mac mini snow leopard server. I already have everything worked out and tested for migrating the email but I am having conflicting ideas on the DNS records. The challange is that I do not know when the old server will be physically turned off.
  The way that I have moved mail servers before is setup the new mail server to accept email by updating the mx records, replacing the old server and then after a full population (eg 24 hours) I would remove the old server without any messages being bounced back.
  My thought would be to use priority in the mx records to already have the new server at a lower priority so that if mail was sent and the old server was removed it would automatically start going to the new server.
  Would this work in real life?
  Thanks in advanced

  My thought would be to use priority in the mx records to already have the new server at a lower priority so that if mail was sent and the old server was removed it would automatically start going to the new server.
  That's precisely why MX priority records exist, and a perfectly valid use case. It also gives you a clear cutof - all mail will go to the old server until you shut it down (or take it off the network).
  Another option, depending on your network configuration, is to change your network edge (assuming you're using some kind of NAT/port forwarding at your network edge - just change your port forwarding to forward to the new server.
  A third option is to turn off the old server and configure the new server with the same IP address, so no-one's the wiser. This may be preferred if you have many clients configured to send mail through this server and aren't using port forwarding.
  As you can see, there are several options here. All of them valid. Which one is 'best' for you depends upon our situation.

• DNS (srv record missing for PDC)

  Hi,
  in our company we have a domain with 4 domain controller (all are Windows Server 2008 with domain functional level 2003).
  In the DNS, under _msdcs.OURDOMAIN.priv -> _tcp there are only the SRV _ldap record related to 3 domain controller; there isn't the record related to domain controller that holds the PDC role.
  From some months we have also issues about GPOs replicas between domain controller.
  It makes sense to create the missing record ? There may be a valid reason because it is not present ?
  Thank you.

   Hi,
  Did the PDC host the DNS role at the same time? If yes, please make sure that you have enabled secure dynamic updates on the DNS server. You can stop and restart
  DNS server by running the command below at the command prompt:
  net stop dns
  net start dns
  On the PDC, please stop and then restart the Netlogon service by running the commands below to see if the SRV record is created in the DNS server:
  Net stop netlogon
  Net start netlogon
  If the above solution is not helpful, please try to
  manually enter the SRV records from Netlogon.dns file in \Windows\System32\Config or create on the DNS console.
  Best regards,
  Susie