DNS / Ping Issues

Similar Messages

• Intermittent high ping issues

  I've been having occasional high ping issues for quite a while now. They come and go at irregular times, and I'm not sure how to resolve this. Other computers on the network are showing similar latency.
  A traceroute to google's public DNS:
  Traceroute to (8.8.8.8)
  1 L100.LSANCA-DSL-23.verizon-gni.net (71.104.144.1) 1644 ms 1088 ms 1346 ms
  2 G10-2-2823.LSANCA-LCR-08.verizon-gni.net (130.81.45.208) 886 ms 1118 ms 716 ms
  3 so-7-0-1-0.LAX01-BB-RTR2.verizon-gni.net (130.81.29.142) 1352 ms 1096 ms 1366 ms
  4 0.so-2-2-0.XL4.LAX15.ALTER.NET (152.63.10.121) 1026 ms 1432 ms 1246 ms
  5 0.so-1-0-0.XT2.NYC4.ALTER.NET (152.63.64.126) 550 ms 792 ms 590 ms
  6 TenGigE0-7-0-0.GW8.NYC4.ALTER.NET (152.63.22.45) 846 ms 884 ms 312 ms
  7 Internet-gw.customer.alter.net (152.179.72.66) 134 ms 180 ms 444 ms
  8 * (72.14.238.232) 274 ms 94 ms 712 ms
  9 * (209.85.252.2) 530 ms 1114 ms 1276 ms
  10 * (72.14.239.93) 1294 ms 1406 ms 1418 ms
  11 * (72.14.236.200) 1586 ms 690 ms 106 ms
  12 * (216.239.49.145) 106 ms 108 ms 354 ms
  13 google-public-dns-a.google.com (8.8.8.8) 296 ms 104 ms 148 ms
  Transceiver statistics:
  Transceiver Revision:
  7.2.3.0
  Vendor ID Code:
  4
  Line Mode:
  G.DMT Mode
  Data Path:
  Interleaved
  Transceiver Information
  Downstream Path
  Upstream Path
  DSL Speed (Kbits/Sec)
  3360
  736
  Margin (dB)
  13.5
  10.0
  Line Attenuation (dB)
  55.0
  31.0
  Transmit Power (dBm)
  17.8
  11.8

  #1 Visit http://www.giganews.com/line_info.html and post up the Traceroute the page shows, if you wish. Be aware that the final hop (bottom-most line of the trace) will contain a hop with your IP address in it. Remove that line. What I'm looking for is a line that mentions "ERX" in it's name towards the end. If for some reason the trace does not complete (two lines full of Stars), keep the trace route intact.
  #2 Have you tried connecting your modem to the NID ?
  I point to http://www.dslreports.com/faq/1317
  #3 What is the brand and model of this DSL modem?
  #4 If you have a RJ-45 WAN port router: What is the brand and model of it?
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Ping issues on 80Mb Inifinity

  Hello!
  So I'm getting an unsual ping issue. It's repeatable on all of my computers whether wireless or through ethernet/powerline, and I can only describe it as hangs in the traffic, where the entire connection will lock up for 500ms-2000ms and cause extreme issues while gaming. I'm attaching a ping test though which I have been using to monitor the issue, and that's done through a simple "ping www.google.co.uk -t" command in cmd.
  My pings are fantastic for a BT connection, except when this is happening. This is better than any ping I got with Virgin. I just wish I could get this resolved. I think because I'm using fibre that I am missing all of the ADSL information that's been posted around here. My router home page shows no power levels etc.

  I would just like to add to this, I am suffering exactly the same problems.
  Homehub5, tried wired pc, wireless laptop, and doen ping tests on 2 tablets
  UK Server    Minimum = 19ms, Maximum = 3166ms, Average = 132ms
  BBC.co.uk    Minimum = 19ms, Maximum = 3148ms, Average = 78ms
  ping.sunet.se    Minimum = 57ms, Maximum = 3477ms, Average = 179ms
  google.co.uk    Minimum = 18ms, Maximum = 3249ms, Average = 109ms
  it's all the time, not just at a specific time either.
  This problem affects any online gaming to the point the games are completely unplayable.
  Speaking with support yesterday, they informed me that the game servers website cache information was wrong and "we have fixed that now because we are able to"
  I'm a community moderator for EA Battlelog, and I know for a fact BT do not have access to the EA backend.

• DNS Server Issues with Comcast and Airport Extreme wifi routers

  I am having significant challenges with 3 Airport Extreme (latest gen) wifi routers and my Comcast Xfinitity service.  It once worked just fine, but now I continually get the blinking amber lights stating "No DNS servers" for each of the Airport Extreme (AE) routers.  My configuration is:
  Coax cable -> Comcast Xfinity cable modem -> ethernet to 16-port gigabit ethernet switch ->->-> ethernet to 3 Airport Extremes around the house direct connected with switch
  I have many wifi devices throughout the house (iPads, MacBooks, home automation devices) as well as direct-connected devices via ethernet (one PC connected to AE router).
  Each Airport Extreme router is set with these settings in the Airport Utility app: 
  Internet tab=  Connect using: DHCP
  Wireless tab=  Network mode: Create a wireless network
  Network tab=   Router mode: Off (Bridge Mode)
  I have attempted to put the Xfinity cable modem in bridge mode, and use the Airport Extreme to serve up the IP addresses, but still lost internet connectivity.
  I have also attempted to set the Network tab=> Router Mode to "DHCP and NAT" but get "Double NAT" error issues as well.
  I have tried using the Comcast DNS server addresses (75.75.75.75;75.75.76.76) setting on the Internet tab for the routers and do end up getting a green light, but NO internet connectivity.
  Lastly, I have tried using the Google DNS servers (8.8.8.8;8.8.4.4) setting on the Internet tab the routers giving me the No DNS servers amber light error and again, no Internet connectivity for either wifi-connected or even ethernet connected (directly to Airport Extreme router) devices (like my PC) despite getting a green light on the router.
  Any this point, it really seems that these AE routers are NOT compatible with the Xfinity cable modem or service… (and yes, I've tried power-cycling and restarting the modem, and then the AE routers, MANY times to little avail).
  Should I move one of these Airport Extreme wifi routers to before the switch, and have the other 2 in Bridge mode after the switch?  Do I need to setup a specific range of DHCP reservation addresses for each different AE router?
  Appreciate any insight anyone can share with this aggravating DNS server issue between Comcast & multiple Airport Extreme wifi routers.

  I do not see anything wrong with your basic setup.. the issue is indeed the WAN ports of the AE.. AC version are having problems with some network equipment.
  You have listed a stack of things you have tried.. but I want you to move the ethernet patch cable you use on each AE to its LAN port instead of WAN.
  Restart the airport when you do that.. and then see if it becomes stable.
  In bridge mode the airport moves the WAN port to LAN.. but the WAN port setup itself seems more problematic than the LAN ports.
  There are other methods we can try if this does not work.. but in the end.. I would be tempted to take the whole lot back to apple.. they need to start making equipment that works with standard modems and switches.
  BTW what brand is the 16 port switch?? Does it happen to be managed (smart type)?

• Problem with DNS - ping/Safari cannot resolve, but host/dig work OK

  Hi All,
  Have a weird problem with DNS which is a bit similar to the following ones:
  http://discussions.info.apple.com/thread.jspa?threadID=2190208
  http://forums.macrumors.com/showthread.php?t=337942
  I connect with remote internal network via OpenVPN and from time to time (yes, intermittent problem :)) internal DNS names cannot be resolved.
  When it happens I can still resolve names using host or dig utilities, but applications (like Safari) and ping cannot resolve them.
  resolv.conf has proper DNS server set:
  *$ cat /etc/resolv.conf*
  *# Mac OS X Notice*
  *# This file is not used by the host name and address resolution*
  *# or the DNS query routing mechanisms used by most processes on*
  *# this Mac OS X system.*
  *# This file is automatically generated.*
  *domain openvpn*
  *search openvpn*
  *nameserver 10.0.0.1*
  More than that - it can resolve those internal names when queried directly, for example using host:
  *$ host YYY.XXX.ru 10.0.0.1*
  *Using domain server:*
  *Name: 10.0.0.1*
  *Address: 10.0.0.1#53*
  Aliases:
  *YYY.XXX.ru has address 192.168.x.y*
  but at the same time ping reports "*Unknown host*":
  *$ ping YYY.XXX.ru*
  *ping: cannot resolve YYY.XXX.ru: Unknown host*
  I tried "*dscacheutil -flushcache*" and it did not help. Also tried to comment out domain and search directives in resolv.conf and it did not help as well (and actually it should not matter).
  Any ideas why this can happen and what else can I check when it happens again?
  Thanks!

  I have the same issue. It cropped up after I installed updates to MS Office 2008 and Firefox in which I also saw issues with the icons disappearing in the dock of the applications that were open when I started the Office update. I rebooted to try to get them back, but ended up deleting them and restoring from the Applications folder. I don't know if that's a red herring or not, but I generally try to figure out what has recently changed that may cause something to suddenly start failing.
  I'd been working successfully all morning before it started acting up. Switching from wifi to cat5 had no effect.
  @realaaa, were you able to resolve without a major undertaking, like reinstalling your OS?
  pnmbp:~ pn$ dig goo.gl
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> goo.gl
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40996
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;goo.gl. IN A
  ;; ANSWER SECTION:
  goo.gl. 140 IN A 74.125.45.139
  goo.gl. 140 IN A 74.125.45.102
  goo.gl. 140 IN A 74.125.45.113
  goo.gl. 140 IN A 74.125.45.138
  goo.gl. 140 IN A 74.125.45.101
  goo.gl. 140 IN A 74.125.45.100
  ;; Query time: 27 msec
  ;; SERVER: 192.168.2.1#53(192.168.2.1)
  ;; WHEN: Mon Dec 13 16:59:34 2010
  ;; MSG SIZE rcvd: 120
  pnmbp:~ pn$ ping goo.gl
  ping: cannot resolve goo.gl: Unknown host
  pnmbp:~ pn$ curl <a class="jive-link-external-small" href="http://">http://goo.gl
  curl: (6) Couldn't resolve host 'goo.gl'
  pnmbp:~ pn$ host goo.gl
  goo.gl has address 74.125.45.100
  goo.gl has address 74.125.45.101
  goo.gl has address 74.125.45.138
  goo.gl has address 74.125.45.113
  goo.gl has address 74.125.45.102
  goo.gl has address 74.125.45.139
  pnmbp:~ pn$

• DNS / DHCP Issues in Server 2008R2 Domain

  Hi folks,
  We’ve been having an ongoing issue for a while now in that some PCs and laptops (Win 7) in our company can’t be contacted by hostname i.e. if we try and RDP from one Windows 7 PC to another the RDP session fails as if the PC isn’t turned on, but it
  is indeed turned on and connected to the network. 
  Even if we ping the host name of a particular computer that is on it fails to reply but if I go into DHCP I can find the hostname bit it has a different IP address assigned to it other than what is listed in DNS for that host name.
  So for some reason when some computers get switched on and be allocated a new dynamic IP address through DHCP the corresponding record in DNS doesn’t seem to get updated meaning we need to go into DNS and manually amend the Host A record with the new
  IP address that it has been given so we can RDP onto that computer using the hostname.
  At present aging and scavenging isn’t enabled in our environment as we are afraid to in case it removes live DNS entries that just haven’t been turned on in a wee while.  Does aging and scavenging just ignore static DNS entires and does aging and
  scavenging work in DHCP as well?
  One other thing I noticed is that if I delete an incorrect DNS Host A record and create it manually and assign the hostname and the correct IP address it says static rather than having a timestamp on it. When I create the new record I always click on our
  domain in the Forward Lookup Zone and on creation I always select Create the associated pointer (PTR) record so not sure why the manual record doesn’t get a time stand.
  So any help/advice or suggestions would be greatly appreciated.
  Thanks,
  Bonemister

  Hi David,
  Thanks for your reply and for clarifying those things for me.  Unfortunately in my workplace when I add a manual DNS Host A record it does become a static entry and doesn't have the '0'
  you mention, do you have any idea why that would be as I'm worried about it affecting things if I were to enable aging and scavenging.
  Is it possible to just enable aging and have it remove entries before a time of my choosing or does scavenging need to be enabled also?
  I still can't understand why the relationship between DHCP and DNS isn't working correctly. Sure if DNS has an A record for a computer and the IP address changes via DHCP there is bound to be
  a way to setup DNS to be able to update the records it holds - do you know if my reading of this is correct.
  By the way, I can confirm that my adapters TCP/IP DNS settings are the same on of the PCs that had the DNS fault as in your screenshot the only different is we have the tick in Append parent suffixes... - would that make a difference.
  Thanks also for that other link, it seems very interesting and I'll have a good read through it carefully before doing anything!!
  Thanks again for you reply and I look forward to seeing any responses.
  Regards,
  Bonemister

• Ping issue

  I recently added a new server to my network, 2008 r2 box and it acts as my storage server. It has a storage array connected to it via iSCSI and there is a GP to automatically map it to all the workstations. This works great, however no matter what domain
  site I am on I cannot ping it. I have no issues at any of my 3 sites getting the mapped drives to connect and work properly but I cannot rdp into it or ping it using the IP address or the servers name. It is in the DNS server with the correct IP address and
  everything it seems. All the other servers and computers at the site this storage server is at can be pinged no problems. So I'm guessing it's not the DNS server at that particular site. I have ipv6 turned off on the nic and primary dns server is the dns server
  located at that site and the secondary dns server is setup to point to the main dns server at our main office. 
  Here is what I get when I try to ping it.
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  C:\Users\administrator>ping ta-storage
  Pinging TA-storage.tracys.local [192.168.1.12] with 32 bytes of d
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Ping statistics for 192.168.1.12:
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  Any ideas?

  This one may help.
  http://technet.microsoft.com/en-us/library/cc749323(WS.10).aspx
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• DNS nslookup issue

  Hello,
  It is in continuation of my previous thread;
  http://social.technet.microsoft.com/Forums/en-US/4cb781c2-7da5-4da8-aa4a-b62dd8b122c4/nslookup-issue?forum=winserverNIS
  I have two sites main and dr. In each site we have 4 domain controllers running on windows 2008 r2. when i try to nslookup from dr domain controllers to our Domain name (ads.pnu.edu.sa), it gives me two times "Time out for 2S" and after that it
  properly shows me the IP addresses of the servers of my domain. I need to investigate why the RTO is coming. i am attaching the nslookup and ipconfig snapshots.
  I disabled ipv6 from registry. all is working through normal ping and there is PTR for the server in DNS. Appreciate if anyone please guide.

  When you put a period on the end of it, it will not use the search suffixes. Here's more info on that and how and why it works:
  Nslookup suffixing behavior
  http://blogs.msmvps.com/acefekay/2013/02/17/nslookup-suffixing-behavior/
  Are you concerned that your servers, applications or something else is not properly working? Nslookup is good for testing, however, you have to remember that an app doesn't use nslookup. It has its own built-in resolver. If you use ping, which uses the machine's
  client side resolver, do you see any delays or non-resolution issues?
  Are your DNS server patched and updated?
  ===
  If it's doing it for other records too, then Run the following, and if the hotfix is already installed or it doesn't apply
  due to service pack level or operating system version, no fret, the installer will tell you right away and will tell you to
  stop. Some of them require restarts.
  DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
  Post Windows 2008 R2 SP1 HOTFIX available.
  APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
  Requires a restart.
  http://support.microsoft.com/kb/2616776
  DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2
  Hotfix release - (released 4/15/2011)
  http://support.microsoft.com/kb/2508835
  Windows 2008 -
  DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008
  Post Windows 2008 SP2 Hotfix available
  Requires a restart.
  http://support.microsoft.com/kb/2625735/
  DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in
  Windows Server 2008 R2 - Post Service Pack Hotfix available.
  Does not require a restart.
  http://support.microsoft.com/kb/2655960
  And if nslookup times out on MX records, it's by design:
  NSLOOKUP Returns Time-out Error When Query for an MX Record
  http://support.microsoft.com/kb/198551/en-us
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• SRP541w DNS Proxy issue

  I'm running FW 1.02.01 (23) and I'm having problems with the DNS proxy.  I have DNS Proxy enabled for my DHCP server on the router and I have my dns server programmed into the global dns location.  I cannot ping any DNS names for my IPSEC VPN tunnel.
  Thanks,
  Adam De Lay

  Hi Adam,
  Could I first recommend that you upgrade to version 1.2.4.  This is available for free download, just go to www.cisco.com/go/srp500 and look for the link on the right.
  If you are still seeing the issue after upgrade, could you please grab the device status file (Administration > Remote Support) and send to me please. [Don't post it here]
  Regards,
  Andy

• Remote access VPN on ASA5520 Ping Issues.

  Hi I hope someone might be able to help me. I have setup a remote access VPN on an ASA 5520. The VPN client connects ok, accepts my username and password and then I am in. I get an allocated IP address of 172.16.1.1 from the local pool. The problem is that I cannot then ping the inside LAN which is 192.168.1.1. I've got isakmp nat traversal set to default which is 20. I've been looking at this all day and I think I've gone crossed eyed, a fresh pair of eyes are definitley required, so any help would be gratefully received. My config is
  Saved
  ASA Version 7.0(8)
  hostname Hospira-firewall
  enable password 2KFQnbNIdI.2KYOU encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface GigabitEthernet0/0
  speed 100
  duplex full
  nameif outside
  security-level 0
  ip address 213.212.66.52 255.255.255.248
  interface GigabitEthernet0/1
  speed 100
  duplex full
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface GigabitEthernet0/2
  shutdown    
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  shutdown
  no nameif
  no security-level
  no ip address
  ftp mode passive
  same-security-traffic permit intra-interface
  access-list NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
  access-list Split standard permit 192.168.1.0 255.255.255.0
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip local pool mypool 172.16.1.1-172.16.1.253 mask 255.255.255.0
  no failover
  asdm image disk0:/asdm-508.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONAT
  nat (inside) 1 192.168.1.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 213.212.66.49 1
  route outside 172.16.1.0 255.255.255.0 213.212.66.49 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
  timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  group-policy hospira internal
  group-policy hospira attributes
  vpn-simultaneous-logins 400
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split
  webvpn
  username user password 08S9WUsiSMr3RauN encrypted
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set hospira esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map dmap 1 set transform-set hospira
  crypto dynamic-map dmap 1 set security-association lifetime seconds 28800
  crypto dynamic-map dmap 1 set security-association lifetime kilobytes 4608000
  crypto dynamic-map dmap 1 set reverse-route
  crypto map mymap 1 ipsec-isakmp dynamic dmap
  crypto map mymap 2 match address NONAT
  crypto map mymap 2 set security-association lifetime seconds 28800
  crypto map mymap 2 set security-association lifetime kilobytes 4608000
  crypto map mymap interface outside
  isakmp identity address
  isakmp enable outside
  isakmp policy 1 authentication pre-share
  isakmp policy 1 encryption 3des
  isakmp policy 1 hash sha
  isakmp policy 1 group 2
  isakmp policy 1 lifetime 86400
  isakmp policy 65535 authentication pre-share
  isakmp policy 65535 encryption 3des
  isakmp policy 65535 hash sha
  isakmp policy 65535 group 2
  isakmp policy 65535 lifetime 86400
  isakmp nat-traversal  20
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
  tunnel-group hospira type ipsec-ra
  tunnel-group hospira general-attributes
  address-pool mypool
  default-group-policy hospira
  tunnel-group hospira ipsec-attributes
  pre-shared-key *
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
  inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  Cryptochecksum:98f85c39a5cbffe66b0f6585d5083c7c
  : end
  Many thanks

  Hi Richard ,
  - we don't need access-list with RA connection , we have the dynamic map that acts as a template , so your crypto config :
  crypto map mymap 1 ipsec-isakmp dynamic dmap
  crypto map mymap 2 match address NONAT
  crypto map mymap 2 set security-association lifetime seconds 28800
  crypto map mymap 2 set security-association lifetime kilobytes 4608000
  crypto map mymap interface outside
  map with seq 1 is being binded to the dynamic map , now map 2 you are using the nonat access list as the encryption trigger for this map , so this should not be there as it encrypt traffic from the inside subnet to the pool .
  please remove the second entry, then test if not working please provide a capture from the inside interface .
  HTH
  Mohammad.

• DNS/LDAP Issue for Trusted Domain

  Hi
  I'm trying to configure  Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
  Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
  Contact LDAP Server".
  I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
  When I check the log ADForestDisc.log I get this error message:
  "Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
  I have setup Conditional Forwarders in DNS in both domains.
  I have also read other forums about this issue and should have the answer:
  "This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
  "The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
  We are using Windows AD integrated DNS in both domains.
  I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
  Thanks in advance

  Hi
  Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
  The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
  I don't Think  this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

• DNS Doctoring issue - ASA 5540

  I am in the process of setting up a segrated Guest Wifi network in my office and in doing so realized that I can not access my NAT'd externally facing web servers through this network. This guest network is using 8.8.8.8 for DNS and is properly resolving the external IP for the servers, but the pages refuse to load. If I go directly to the Private IP of the servers, the pages load. These NAT'd servers are on the DMZ interface of my ASA, whereas the "Guest network" resides on the Internal interface.
  I came accross this: "By default the Cisco ASA will not allow packet redirection on the same interface (outside) which is tried by the guest client trying to access the DMZ server by its NAT’d public IP address.", which perfectly describes my issue. The article goes on to say that my checking the "Translate the DNS replies that match the translation rule" box (enable DNS Doctoring) in the NAT rule, the ASA would essentially rewrite the external IP to the private IP. This however is not working and the pages still won't come up.
  Am I not understanding this right? What am I missing from this set up?

  Hello Tom,
  If the server is on a different interface than the clients why don't you simple do a static one to one from the private to the global IP address.
  EX
  static (dmz,inside) public ip private ip
  Rate all of the helpful posts!!!
  Regards,
  Jcarvaja
  Follow me on http://laguiadelnetworking.com

• Static IP address setting ... or mabye a DNS setup issue

  Not exactly new to Linux, but hyped on caffeine and much Java EE and Ant and Maven and WebLogicServer and other things buzzing in my head
  So ... I have a DynDNS name ... I set my router to make Linux 192.168.1.110 always based on MAC ...
  Installed Oracle Linux 6 rev 2 from downloaded ISOs.
  Left the "ifcfg-eth0" and "network" alone, and "ifconfig" shows the router setting for IP-address pushed through just fine.
  But "ping http://www.yahoo.com" fails because it is an "unknown host". Ping to another local-system works find as does ping to gateway.
  I do recall setting the DNS (primary and secondary) during install, but the etherplug was out during install so I has to change ONBOOT from no to yes.
  What do I need to do to make the router's DNS available to the Linux, or how do I manually add those DNS values using command line? ULN will need this, at least.

  Ah ... the Perils of Pauline (or of phoenix, as the case may be)
  Indeed, the resolv.conf was missing entries, but my attempts to re-add them took more than 1 hour and I have NO time to learn system management on that level right now (Ant, Maven, Subversion, git, EJB, ...) ... just 1 or two other things I need to focus on.
  I downloaded 5.7 64-bit, installed it with the etherplug in, and all is happy (or will be after I register a ULN account).
  Thanks for answering, but right now I need any functioning OracleLinux with patches available to be a SOA/database server much more than I need to learn how to fix "resolv.conf".
  ... and the caissons go rolling along ...

• Network and DNS Setup Issues

  I am setting up an Xserv with Snow Leopard at my school, and I'm running into DNS issues.
  I followed the excellent guide at http://labs.hoffmanlabs.com/node/1436 and believe I've set DNS up correctly, but I fail the changeip -checkhostname test (I've replaced my domain and server names):
  mserver:~ admin$ sudo changeip -checkhostname
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  I tried running the command as given, ("sudo /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver") but that didn't solve it. I'm not sure if that's the correct thing to do, or why that didn't work.
  I have come to suspect that my issue is with network settings, and would appreciate advice on what I'm trying to do. The server (our only one) will be an OD master, a file server and a web server. It is inside our router, with an externally-reachable IP address and an internal one (the latter is 10.10.10.2). I have configured it with the two IPs on one port to avoid the issue with SL wanting two serial numbers. My System Preference > Network settings are as follows:
  Ethernet 1b (highest service order):
  IP Address: 10.10.10.2
  Subnet mask: 255.255.255.0
  Router: 10.10.10.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 1 (second highest service order):
  IP Address: <my external IP>
  Subnet mask: 255.255.255.248
  Router: <my ISP's router>
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 2:
  Not Connected
  Although I'm unsure what it means (I'm more a teacher than a techie!), Server Admin > Settings > Network shows:
  Computer Name: myserver
  Local Hostname: myserver
  Network Interfaces:
  en0; IPv4; 10.10.10.2; myserver.mydomain.ns.ca
  Ethernet 1 (en0); IPv4; <my external IP>; myserver.local
  The second of the interfaces above is bold.
  The big issue I'm seeing on my network (possibly as a result of this, but everything I've seen says fix DNS first) is that network users can't log in although they have homes and can connect to the homes once logged in as local users.
  Many thanks in advance for your help--the school year is closing in quickly!
  Regards,
  Alex

  Thanks. I disabled the external IP & rebooted. Server Admin now has only the one IP. But I still get the same result:
  myserver:~ admin$ dscacheutil -flushcache
  myserver:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  myserver:~ admin$
  I ran dig on a client:
  Last login: Mon Sep  5 11:40:13 on console
  Lab-iMac-64:~ admin$ dig myserver.mydomain.ns.ca
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> myserver.mydomain.ns.ca
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45308
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;myserver.mydomain.ns.ca.        IN    A
  ;; AUTHORITY SECTION:
  mydomain.ns.ca.        10800    IN    SOA    myserver.mydomain.ns.ca. dns.mydomain.ns.ca.mydomain.ns.ca. 2011090201 86400 3600 604800 345600
  ;; Query time: 1 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:40:42 2011
  ;; MSG SIZE  rcvd: 94
  Lab-iMac-64:~ admin$ dig -x 10.10.10.2
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 10.10.10.2
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7073
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;2.10.10.10.in-addr.arpa.    IN    PTR
  ;; ANSWER SECTION:
  2.10.10.10.in-addr.arpa. 10800    IN    PTR    myserver.
  ;; AUTHORITY SECTION:
  10.10.10.in-addr.arpa.    10800    IN    NS    myserver.mydomain.ns.ca.
  ;; Query time: 3 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:41:04 2011
  ;; MSG SIZE  rcvd: 99
  What to try next?
  ~Alex
  PS- ...and I'm still not able to log in as a network user, but still can access network accounts using connect to server. Here's what my password log looks like when I try to log in (hash and username edited):
  Sep  5 2011 11:34:11    RSAVALIDATE: success.
  Sep  5 2011 11:34:11    AUTH2: {0x4e4d1b4e67..., alex} DHX authentication succeeded.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} is in good standing.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} authentication succeeded.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.

• Netctl and DNS client issues

  AFAIK there is nothing wrong in placing both 'domain' and 'nssearch' in '/etc/resolv.conf'. I'm afraid that netctl ignores 'DNSSearch' entry if 'DNSDomain' is present. Is it a bug or a 'feature'?
  My experience shows that netctl incorrectly handles the 'DNS' entry: if it contains '127.0.0.1' all other nameservers are ignored (not placed in '/etc/resolv.conf'. It is a problem if a server is running a secondary DNS which is frequently down for upgrade/maintenance/testing.
  (OK, found this issue discussed, bug-reported and "fixed")
  Last edited by quayasil (2013-07-11 12:50:36)

  AFAIK there is nothing wrong in placing both 'domain' and 'nssearch' in '/etc/resolv.conf'. I'm afraid that netctl ignores 'DNSSearch' entry if 'DNSDomain' is present. Is it a bug or a 'feature'?
  My experience shows that netctl incorrectly handles the 'DNS' entry: if it contains '127.0.0.1' all other nameservers are ignored (not placed in '/etc/resolv.conf'. It is a problem if a server is running a secondary DNS which is frequently down for upgrade/maintenance/testing.
  (OK, found this issue discussed, bug-reported and "fixed")
  Last edited by quayasil (2013-07-11 12:50:36)