DNS records changes and email setups?

Similar Messages

• DNS record ownership and the DnsUpdateProxy group

  I have a 2 x 2003 domain controller that have DNS and DHCP Services installed
  I was thinking of configuring DHCP to use a service account to update DNS records.
  If I set this, do the DHCP Servers need to be members of the DNSUpdateProxy security group for the service account to work?>

  I have to agree with John here. I don't think it's reasonable to just say 'ms told us so'. We need a
  technical before and answer is given. I have multiple DHCP servers and I use a security account on them to register the records and never use the
  DNSUpdateProxy Group and I have no problems. My thinking is this:
  Assume we are using Integrated Secure Zones in AD:
  Scenario 1:
  Windows DHCP server i registering records on behalf of clients
  Not a member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as dhcpserver$  and only that account can update
  This is a problem if that DHCP server fails
  Also, non Windows DHCP server with no AD account cannot update
  Scenario 2:
  Windows DHCP server i registering records on behalf of clients
  Member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as SYSTEM  and authenticated users can updated meaning any user or client on that domain
  No problem if that DHCP server fails as any other authorized DHCP server can update
  Non Windows DHCP servers can updated if they have a domain machine account
  Scenario 3:
  Windows DHCP server i registering records on behalf of clients
  Using a dedicated account
  Records added with owner same as this dedicated account
  Another DHCP server that also uses this same account can updated the records
  A non windows DHCP server that can use this account can also update the records
  Now, can someone from MS please clarify the technical reason they say that in Scenario 3, you must add the DHCP servers to the
  DNSUpdateProxy group ?
  http://technet.microsoft.com/en-us/library/cc780538(v=ws.10).aspx
  I guess this link didn't help?
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates
  with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Just to add:
  Why is the DnsUpdateProxy group needed in conjunction with credentials?
  The technical reason is twofold:
  DnsUpdateProxy:
   Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects.
  DHCP Credentials:
   Forces ownership to the account used in the credentials, which the DnsUpdateProxy group allowed to take ownership other than the registering client.
  Otherwise, the default process is outlined below, and this applies to non-Microsoft operating systems, too, but please note that non-Microsoft operating systems can't use Kerberos to authenticate to dynbamically update into a Secure Only zone, however
  you can configure Windows DHCP to do that for you.
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  More on this discussed in:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/6f5b82cf-48df-495e-b628-6b1a9a0876ba/regular-domain-user-uses-rsat-to-create-dns-records?forum=winserverNIS
  If that doesn't help, I highly suggest to contact Microsoft Support to get a definitive response. If you do, I would be highly curious what they say if it's any different than what I found out from the product group (mentioned earlier in this thread).
  And of course, if you can update what you find out, it will surely benefit others reading this thread that have the same question!
  Thank you!
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• My browser and email setup is missing and i cant access my balances with any character like"#*"

  can anyone help me plz my browser and email setup is missing and i cant access my balances with any character like"#*" thanks in advance.

  Hi and Welcome to the Community!!
  For the Browser and Email setup, I suggest the following steps, in order, even if they seem redundant to what you have already tried (steps 1 and 2 each should result in a message coming to your BB...please wait for that before proceeding to the next step):
  1) Register HRT
  KB00510 How to register a BlackBerry smartphone with the wireless network
  Please wait for one "registration" message to arrive to your Messages app
  2) Resend Service Books
  KB05000Delete the service book for the BlackBerry Internet Service email account from the BlackBerry smartphone
  If you have no CMIME entry, then skip the deletion
  KB02830 Send the service books for the BlackBerry Internet Service
  Please wait for "Activation" Messages, one per already configured email account, to arrive in your Messages. If you have no already configured email accounts, please wait 1 hour.
  3) Batt Pull Reboot
  Anytime random strange behavior or sluggishness creeps in, the first thing to do is a battery pop reboot. With power ON, remove the back cover and pull out the battery. Wait about a minute then replace the battery and cover. Power up and wait patiently through the long reboot -- ~5 minutes. See if things have returned to good operation. Like all computing devices, BB's suffer from memory leaks and such...with a hard reboot being the best cure.
  For the # character, are you saying you cannot type that character at any time? Or that you cannot access whatever dialing strings your carrier provides for balances and such?
  In any event, if the above does not work for the Browser and Email, then you must contact your mobile service provider to ensure you are subscribed to, from them, an adequate data plan to enable the services you desire. When you do, you can ask them also about the # key problem.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• E 71 syncing software update and email setup

  I have an E71 which had two problems
  1 if the phone was switched off the snooze facility did not work on my alarm clock.  Basically the alarm went off I hit snooze and then nothing till I switched the phone on, possibly 4 hours later, when the alarm re-sounded.
  2 when I synched my phone to my mac the phone date changed by a couple of days even though prior to synching both the phone and the computer had the correct day/date set.
  I have taken the phone to a Nokia shop in Antwerp and have a software update done which, touch wood, has solved those problems. Now I have a new issue as a result of the update.
  Every time I switch the phone on the phone starts to run the e-mail setup program.
  How can I stop this?
  I read that I can remove the intellisync programme but seeing as the poster states that they do not know what intellisync does I am loathe to do this in case it screws up syncing with my computer address book/ diary. 

  Hi Justasking,
  Availability of firmware updates is dependent on carrier and country variants. If your phone is branded (e.g. Vodafone is your carrier and has there custom wallpapers / apps etc), then Nokia release the firmware to your carrier and it is up to them whether they will work on and release the update to you. If your phone is a country variant, this means that Nokia releases the firmware to your country's Nokia, and it is up to your country whether to add their own country requirements / custom apps etc. If your phone is branded, contact your carrier for an update schedule and availability, but if your phone is a country variant, contact your local Nokia Care point and ask them about availability.
  to locate your nearest Nokia Care point: http://nokia.com/support

• My Q10 and email setup

  One of the email addresses set up and working properly now is not working. In HUB, there is a yellow triangle abutting the envelope icon associated with that email address. In the NOTIFICATIONS folder, I tap the respective notification and view in red text: Your login information for SMTP server [rim.smtp.mail.yahoo.com] has changed or is incorrect. Please check your account settings." please what do I do?

  To sdgardne, JSanders and anyone else above:
  Your comments about the SMTP server not being valid / supported are incorrect or off-track.
  It also has nothing to do with IT policies or any other corporate stuff...  All other mail accounts work fine and my device is not on a corporate network.
  These servers are populated automatically when you configure a Yahoo email account using the built-in Settings - Accounts - Add Account - Email, Calendar & Contacts on the device (NOTE: this is different from a downloaded Yahoo! mail app, which is NOT what we are referring to here). The error message and server address mentioned displays whenever this bug occurs.
  ** A Verizon Level 2 tech confirmed this is a KNOWN ISSUE (she even said she had 2 other people call in today with the same error) ** and they claimed it was resolved "in the October [2013]" update, which I assume meant 10.1.0.4189 (as 10.2 has not been released yet by Verizon in my area); we also confirmed there were no other OS updates by going to settings "Check for updates" and it says "You have the latest software installed". Clearly, this bug has still NOT been fixed.
  What happens is every time the Yahoo server hiccups or times out for some unknown amount of time, the phone ERASES your password! So you'll continue to receive the yellow exclamation point with a message above your inbox:
  (yellow triangle) "Yahoo! is not responding"
  When you tap it, it launches Mail Settings for your Yahoo account, and you get a red message:
  "Your login information for SMTP server [rim.smtp.mail.yahoo.com] has changed or is incorrect. Please check your account settings."
  until you MANUALLY go in and re-type your password (which it blanks out each time).
  As soon as you re-type your password, it accepts it and works fine again...until the next time Yahoo hiccups, then you have to do the same thing and re-type the password all over again...like every 2 days!! MAJOR ANNOYANCE.
  I have had the same issue with my BlackBerry Q10 since day 1. I've also had 3 different Q10's replaced due to unrelated hardware issues (and upgraded from 10.1 to 10.2 on multiple Q10's) and had this same BUG with each Blackberry device / fresh OS.
  I am on the phone with Blackberry Support (escalated from Verizon Level 2) right now, but don't expect any real resolution until the next OS release, as it's clearly a software bug on Blackberry's end with the Yahoo mail server functionality.
  Anyone know if this has been fixed in leaked the 10.2 OS ??? I'm getting ready to install it to try...I can't deal with this anymore! And i will never use that piece of **bleep** known as gmail!

• ICloud notes and email setup

  Hey guys, really quick question. When I turn on either mail or notes in the iCloud settings it asks me to create a me.com email address. Can anyone tell me why?

  Because you need an Apple provided @me.com email address to use the email and notes syncing features of iCloud. You can't use an email address from another provider with those features.

• What are the right DNS records to host more than one site on OSX Server (ML). My conf in Server.app looks right but one of my sites lands on the default server. Any suggestion?

  I started using OSX Server on Mountain Lion a few days ago and it looks promising.
  I do however measure my ignorance in DNS matters...
  I defined two websites in addition to the the Default Server, so I have three names to deal with.
  For argument's sake
  - www.main.com is the default site
  - www.sitea.com is the first site
  - www.siteb.com is the second site
  I define a virtual host for www.sitea.com and another for www.siteb.com
  The resulting apache conf is what I would expect, I am pretty sure it is correct.
  So I modified my DNS entries (they were A records) to point to my new OSX Server.
  My result is:
  - www.main.com shows the default site
  - www.sitea.com shows the first site
  - www.siteb.com shows...the default site
  Any ideas?
  Cheers

  Thanks MrHoffman!
  My problem ended up being a name but not in the DNS!...In Apache.
  Your information allowed me to rule out possibilities and zoom in to the culprit faster.
  I just report here the conclusion hoping it can help someone else.
  When I installed OSX Server last week, I had in mind to principally run siteb.
  During the initial install, this is what I must have entered and then forgot about it.
  Then I defined my virtual hosts sitea and siteb and realised my machine was called siteb and changed its name to main to avaid a name collision. At which time I remember OSX Server telling me that changing the name could have consequences...But it apparently went ok, and it did except for one little thing.
  The consequence was this:
  in the main configuration file /Library/Server/Web/Config/apache2/http_server_app.conf the ServerName directive had remained siteb (instead of main). I manually updated it with TextEdit (could do vi from bash, its the same) and replaced siteb with main.
  There is a way to detect it.
  In Server.app, there is a "logs" panel, which displays all sorts of logs for everything including the websites.
  Each website's logs are presented as "access" and "error" logs. The information was there, but I could not see it because the viewing window in remarkably small for so much information in raw text...
  web logs are actually written to only two files in /var/log/apache2 (error.log and access.log)
  I openned two bash windows and run tail -f on error.log in one and tail -f access.log in the other.
  When I started the web service, apache threw a warning stating from mod_ssl saying that the certificate did not match the serve name...I the certificate was what I expected, I checked http_server_app.conf and found the ServerName directive that was not changed when I renamed my server...
  Easily fixed when its found, but it can take a while to find.
  BTW, I was using A DNS records for and it works, but I find your method of using CNAME records documents the administrator's intent better than with A records; I started to do the same. (A records a useful though, they can run a domain across multiple machines)
  Cheers mate!

• DNS Records Confused

  Hi everyone,
  I have did the transtion from Exchange 2007 to Exchange 2013.
  My Exchange 2007 URLS were with mail.mydomain.com and hostname of the exchange 2007 server was  mail.
  I came up with Exchange 2013 with hostname mail1
  mail  : 192.168.1.10 (Exchange 2007)
  mail1 : 192.168.1.15 (Exchange 2013)(all virtual directories i set to mail.mydomain.com)
  After decommisioning Exchange 2007 i changed exchange 2013 server to the old ip of Exchange 2007
  mail1 192.168.1.10
  I created 
  A record mail pointing to 192.168.1.10(mail.mydomain.com)? is it right
  Now i have two records mail and mail1 pointing to same ip 192.168.1.10
  Autodiscover record pointing to 192.168.1.10(autodiscover.mydomain.com)? is it right
  should my MX record be pointing to mail or mail1
  Should i create an SRV recoard?
  Please do guide me ,i am able to open Exchang admin center and owa web pages but i am not able to login.
  For outlook or active sync, what should be the incoming and outgoing mail server(mail.mydomain.com or mail1.mydomain.com)
  I want to use mail as used earlier with exchange 2007

  The mail part of mail.mydomain.com for purposes of finding your mail server is not referring to the name of the server as in server1.mydomain.com so the name of your server is not important. 
  But your certificate should match whatever that is.  So for example my mailserver uses webmail.mydomain.org on the certificate so this is what the internal and external DNS records are pointed to even though the server has a name completely
  unrelated to that.  Also, my internal domain is mydomain.local so I created a separate DNS zone internally for webmail.mydomain.org and put the A record (with the internal IP) for my exchange server in there. 
  So from internally when you look for webmail.mydomain.org you find the internal IP address of the exchange server and when externally looking for the same thing, webmail.mydomain.org you find the external IP address of the exchange server.
  Since you have put the new server at the old server IP you should not have to change DNS records externally and if you have DNS configured internally you should not have to change those either. 
  You do not need srv or mx records internally.  An mx record would be an external record to help people find your mail server on the internet but as I said, since you put the new server at the same IP, presumably you already have external
  DNS and firewall settings to allow access.
  What you need to do is set the virtual directory addresses and the Service Connection Point for the new server. 
  First verify your DNS by pinging mail.mydomain.com both internally and externally. 
  Internally it should resolve to 192.168.1.10.  Externally it should resolve to whatever public IP provides external access through your firewall to the server sitting at that internal IP.
  Set the SCP for the new server using EMS (this assumes that your internal ping results above worked correctly):
  Set-ClientAccessServer -Identity mail1 -AutoDiscoverServiceInternalURI https://mail.yourdomain.com/autodiscover/autodiscover.xml
  You said you already did this part below but you can verify or do it again.
  Configure virtual directories for mail1. 
  Go to ECP and navigate to Servers >> Virtual Directories
  Select mail1 then click the wrench
  Add mail1 at the top and then enter mail.yourdomain.com
  Back in the Servers >> Virtual Directories section of ECP click on the virtual directories one at a time and then click the edit pencil and copy and paste to make the internal URL match the external one. 
  Do this for OWA, ECP, ActiveSync, EWS and OAB.  Skip autodiscover and powershell!
  Once all of this is done your OWA would be accessed at
  https://mail.mydomain.com/owa and your ecp would be accessed at
  https://mail.mydomain.com/ecp from both inside and outside your organization.

• DNS record ownership for DHCP clients

  my configuration:
  dhcp/dns/dc installed on same system - Windows 2008 R2 SP1 in domain environment.
  all zones configured to secure updates only with aging and scavenging enabled
  dhcp servers are member of DNSupdateproxy group.
  dhcp are configured with standard domain user account (this user was made a member of dnsupdateproxy as well, DOES THAT MATTER?)
  dhcp scopes are configured with default DNS setup (force DNS update by DHCP)
  now...
  all DNS records for endpoint devices on dhcp lease (windows7, mac os X, ubuntu) are owned by SYSTEM
  in security tab for some DNS records i can see service account with write permission to record ( i believe this is desired state)
  in other records service account has no permission but timestamps are still updated by computer account (hostname$ has write permission). these records have pencil icon on computers in dhcp lease table.
  Problem with this (hostname$ has write permissions) is when user connect to network via VPN (obtains dhcp lease) it get's two records registered in DNS -> 1 record for ip distributed by dhcp server and 2nd record for his home private network.
  Have anyone seen this before?
  i've tried deleting DNS records / releasing ip on endpoint device (example win7). It would not register to DNS by DHCP. However if i do ipconfig /registerdns it will do it, but dhcp service account won't have permission no this record.

  Apparently it appears that DHCP may not be configured with credentials, DHCP DNS settings are not configured to force DHCP to register ALL requests, nor has the DHCP server itself have been added to the DnsUpdateProxy group. These are all prerequisites
  for DHCP to own all records, otherwise you will see default behavior, which is:
  By default, a Windows 2000 and newer statically configured machines will
  register their A record (hostname) and PTR (reverse entry) into DNS.
  If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow
  the machine itself to register its own A record, but DHCP will register its PTR
  (reverse entry) record.
  The entity that registers the record in DNS, owns the record.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. Give it a really strong password.
  Set DHCP properties, DNS tab, to update everything, whether the clients can or cannot.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group.
  Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work.
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging one one DNS server. Set the NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length. What it scavenges will replicate to others anyway.
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx 
  Good summary:
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  DNS Record Ownership and the DnsUpdateProxy Group
   http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated (NON-ADMIN) user account and
  configure DHCP servers to perform DNS dynamic updates with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  DNS record ownership and the DnsUpdateProxy group
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b17c798c-c4b2-4624-926c-4d2676e68279/
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Java doesn't pick up system's DNS settings change until restarted

  Hello,
  I have a service running on a few Linux computers. Those computers have a NIC, which is configured with a fixed IP address. So /etc/resolv.conf contains the IP address of the LAN's DNS server. But most of the time, the computers are not plugged into the LAN at all. Instead, they connect themselves periodically to the Internet by establishing a ppp connection. When it happens, the ISP's DHCP server assign them new IP parameters, including their DNS server's IP address. And /etc/resolv.conf gets updated with this address.
  But it seems that java doesn't take care of DNS change taking place during a run. Which means that my program (started at boot with no connectivity at all) tries to connect to some host, and obviously trigger an "UnknownHostException" (at that point it does try to contact the LAN's DNS server). Quite logical. Later, the ppp link become active. But my program still try to contact the LAN's DNS server, despite the new configuration in /etc/resolv.conf. As such, it will forever trigger UnknowHostExceptions, until it gets restarted (it will then pick up the new settings) or it is plugged back into the LAN (it will finally reach the LAN's DNS server).
  This is quite a problem as during one single execution, the machine may encounter several DNS configuration changes, and this problem basically means that it will be impossible for my application to resolve any name at all.
  So is there a way to tell Java to re-read the system wide DNS configuration? Or is there some option to prevent Java to "cache" the DNS server to use?
  To demonstrate my problem, I've written a simple test case, see below.
  To get the problem:
  1) Put a bogus DNS server into your /etc/resolv.conf
  2) Start the test program. Wait for some time: it will trigger UnknownHostExceptions.
  3) Fix the entry in /etc/resolv.conf, and check it actually works (eg ping www.google.be)
  4) Test program will continue to trigger UnknownHostExceptions forever.
  One interesting fact is that someone tried this test on Windows, and didn't suffer from this behaviour, eg the application reacts to DNS system settings changes dynamically. So it looks like a Linux-only problem.
  Thanks in advance for your insight.
  Pierre-Yves
  package com.test.dnsresolver;
  import java.net.InetAddress;
  import java.net.UnknownHostException;
  public class DnsResolver {
      private static String urlString = "www.google.com";
      public static void main(String[] args) {
           * Specified in java.security to indicate the caching policy for successful
           * name lookups from the name service. The value is specified as as integer
           * to indicate the number of seconds to cache the successful lookup.
          java.security.Security.setProperty("networkaddress.cache.ttl" , "10");
           * Specified in java.security to indicate the caching policy for un-successful
           * name lookups from the name service. The value is specified as as integer to
           * indicate the number of seconds to cache the failure for un-successful lookups.
           * A value of 0 indicates "never cache". A value of -1 indicates "cache forever".
          java.security.Security.setProperty("networkaddress.cache.negative.ttl", "0");
          int loopCounter = 0;
          while (true) {
              InetAddress resolved;
              try {
                  resolved = InetAddress.getByName(urlString);
                  System.out.println("Loop " + loopCounter + ": resolved IP address: " + resolved);
              } catch (UnknownHostException e) {
                  System.out.println("Loop " + loopCounter + ": UnknownHostException");
                  e.printStackTrace();
              loopCounter++;
              try {
                  Thread.sleep(1000);
              } catch (InterruptedException e) {}
  }

  Well, the nameservice property allowing to specify my DNS server of choice is interesting (I didn't know about those), but not very usable, as the DNS server to use is not known in advance (it may be whatever the ISP tells me to use at the time where the ppp link gets established). So no real solution there.
  The fact that it caches /etc/resolv.conf content for 300s is very interesting, but having no possibility to impact on this duration really is a pity. There should be some kind of property to fix this behaviour. So as you say, a custom provider may be the only solution.
  So far, the hack I use to get this working is based on code similar to this one (it is presented here in a similar form than my test case above). Obviously, reading the /etc/resolv.conf for each dns resolution is not an option in a real environment, but you get the idea.
  package com.test.dnsresolver;
  import java.io.BufferedReader;
  public class DnsResolver {
       private static final String urlString = "www.google.com";
       private static final String resolvConf = "/etc/resolv.conf";
       public static void main(String[] args) {
            int loopCounter = 0;
            while (true) {
                 loopCounter++;
                 try {
                      Thread.sleep(1000);
                 } catch (InterruptedException e) {}
                 // Parse the current DNS server to be used in the config
                 String nameserver = null;
                 try {
                      BufferedReader input =  new BufferedReader(new FileReader(new File(resolvConf)));
                      String currentLine = null;
                      while (( currentLine = input.readLine()) != null){
                           // Take care of potential comments
                           currentLine = currentLine.substring(0, currentLine.indexOf("#") == -1
                                     ? currentLine.length() : currentLine.indexOf("#") );
                           if (currentLine.contains("nameserver")) {
                                // It is the line we are looking for
                                nameserver = currentLine;
                                break;
                 } catch (FileNotFoundException e) {
                      System.out.println("Loop " + loopCounter + ": FileNotFoundException");
                 } catch (IOException e) {
                      System.out.println("Loop " + loopCounter + ": IOException");
                 if (nameserver == null) {
                      // No "nameserver" line found
                      System.out.println("Loop " + loopCounter + ": No nameserver found in configration file!");
                      continue;
                 // Trim it to just contain the IP address
                 nameserver = (nameserver.replace("nameserver", "")).trim();
                 System.out.println("Loop " + loopCounter + ": Going to use DNS server " + nameserver);
                 // At this point, we know which server to use, now perform the resolution
                 Hashtable<String, String> env = new Hashtable<String, String>();
                 env.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
                 env.put("java.naming.provider.url",    "dns://" + nameserver);
                 DirContext ictx;
                 try {
                      ictx = new InitialDirContext(env);
                      Attributes attrs1 = ictx.getAttributes(urlString, new String[] {"A"});
                      System.out.println("Loop " + loopCounter + ": Manual resolution: +" + attrs1.get("a").get() + "+");
                 } catch (NamingException e) {
                      System.out.println("Loop " + loopCounter + ": NamingException");
  }So maybe I should adapt and package this into a proper provider and specify it for sun.net.spi.nameservice.provider. Any link, info or example about how a proper provider should look like?
  Thanks for your advices!

• Log DNS record Creation / deletion events on DC's security event viwer

  hi,
  I have configured the DNS record creation and deletion auditing as per below microsoft blog
  http://blogs.technet.com/b/networking/archive/2011/08/17/tracking-dns-record-deletion.aspx    on one of my DC.
  All setting are done correctly and events for DNS creation and deletion is generated in security event logs. BUT THESE EVENTS ARE ONLY GENERATED ON ONE DC. We have 3 other DC, i checked the security events on other 2 DC but there is no event logs. Only one
  DC has that events.
  Is there any way so that whenever DNS record is created / deleted the events SHOULD CREATED ON ALL DCs. This will save time else i have to check on all DCs security events.
  Please suggest

  Greetings!
  It is by design. When you want to create a record in on of the DNS servers, you open the DNS console and connect to a server. Record creation/deletion is a single server process, and after that it is replicated to all the DNS servers using Zone Transfers
  or AD Integrated Zones. Since this is a single server process the audit is generated in the server's event viewer itself.
  So he best thing you can do is to collect all the events regarding "DNS Auditing" from your DNS servers and store them in a server. More information on:
  Configure Computers to Forward and Collect Events
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Just moved- do I need to change my Apple ID and email address on record since I no longer have access to my previous emails?

  Just moved- do I need to change my Apple ID and email address on record since I no longer have access to my previous emails?
  I used to be with roadrunner and no longer have roadrunner. I now have a gmail account.

  Using your Apple ID for Apple services
  http://support.apple.com/kb/HT4895
  Apple ID: What to do after you change your Apple ID
  http://support.apple.com/kb/HT5796?viewlocale=en_US&locale=en_US
  iTunes Store: Associating a device or computer to your Apple ID
  http://support.apple.com/kb/ht4627
  iOS: Changing the signed-in iTunes Store Apple ID Account
  http://support.apple.com/kb/ht1311
   Cheers, Tom

• Setting MX Record When Web and Email on Different Servers

  We're moving our website to a new server, but am worried about how to set the DNS record so email keeps going to the old one.
  I understand that when I change the A name to the new website's IP address, I should make a new A name, "mail.ourdomain.com" that points to the old/email server's IP address. Then I'd switch the MX record to mail.ourdomain.com.
  Now, assuming that's right, what do I need to change on the old/email server. Do I need to change its mail setup to account for "mail.ourdomain.com" instead of simply "ourdomain.com"? Bearing in mind that we want that server to continue accepting mail in the format [email protected]

  ROb
  If I understand your situation correctly you shouldn't have to change the MX record. You should simply add a record for www and a "null" record that go to the new IP where your website is listed. Post a domain and a dig for more specific help if you like.
  Sean

• HTTPS, DNS and dynamically updating DNS records

  Hello to you all, if you are able to help with a DNS problem that I'm having then please accept my thanks and appreciation in advance.
  First some background information, I recently  moved my server from my studio to my house where a new purpose built studio will soon be erected. At my old studio any requests for myurl.com came in via the IP (whether that be http, https, ftp etc) from the domain registrar and the router would send the request to the relevant port number whether that be 80 for http or 443 for https etc and all was well as this location had a fixed IP address. Unfortunately at my new location whilst I have a much faster connection I do not have a fixed IP. To get around this I have the following set up (not ideal for a business I know but perfectly OK for home hosting); I set up two psuedo nameservers at no-ip.com (ns1myurl.com and ns2myurl.com) which tracks the changes in my IP address and updates its records accordingly, my registrar then sends any requests to these 'nameservers' and no-ip then forwards it on to my server. So far so good.
  The problem arises once the requests get to my server, whilst I have DNS set up, I can only recieve requests from a straight request to the server ie myurl.com will display the site without any problem, but if I then put a www in front of that or try to access the https part of my site (which is set up as a seperate site on the same server) then the server throws an error. I have tried to put an alias (CNAME) into the zone but it does not want to resolve the request. I have searched around but to no avail, I am totally new to DNS so am currently on a steep learning curve and fumbling around in the dark.
  The first thing that I need to get working is the request to be resolved correctly and then (and this is where the real fun starts!) is to dynamically update the IP in the DNS records as the IP changes. I will probably have to get help in on this as I understand that this requires BIND of which I know nothing about, first though I'd like to get the pages to be served up correctly. Advice, hints, tips or links to tutorials all greatly appreciated. Full set up listed below.
  Many thanks, David.
  Xserve PPC G5 running 10.5.8 unlimited set up as standalone OD master
  Xraid
  APC UPS
  CradlePoint MBR1200 Gateway router which acts as the DHCP
  http://myurl.com and https://myurl.com set up as 2 seperate sites and located on the Xraid
  Current DNS setup:
  Primary Zone name: myurl.com with nameservers ns1myurl.no-ip.info and ns2myurl.no-ip.info and allow zone transfers in checked
  Then
  Name
  Type
  Value
  myurl.com
  Primary Zone
          ns1myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          ns2myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          myurl.com.
          Machine
  12.34.56.78 (external IP)
          www.myurl.com.
          Alias
  myurl.com.
  With the reverse zone looking thus with allow zone transfers being checked
  Name
  Type
  Value
  56.34.12.in-addr.arpa.
  Reverse Zone
          12.34.56.78
          Reverse mapping
          myurl.com.

  Thanks for the reply Camelot, that part though I had already figured out. I now have this working, all I did was change the external IP to the internal one of the server with resolves with the .local machine name and all is working just fine (for now!). As long as I have primary zones set for each site and any alias or services set up on them then everything works well.. The real test will be when my ISP changes the IP, whilst my tests have proved successful the proof will be when they update the address.
  Thanks anyway. David.

• Child DNS Zone changing PTR record of OD Master

  Grretings,
  I am setting up a new OD master server for our school that will also host our DNS. Home folders will be on another server. I am using the DNS GUI for now. Setup master DNS zone of ourschool.lan. OD master has FQDN of admin.ourschool.lan with an IP address of 172.16.2.254. Forward and reverse lookups of OD master are great.
  #host admin.ourschool.lan returns 172.16.2.254
  #host 172.16.2.254 returns admin.ourschool.lan
  When I go to set up a child zone, highschool.ourschool.lan, on this server I set the nameserver to ns1.highschool.ourschool.lan and IP address of 172.16.2.254, I have had the following happen:
  #host admin.ourschool.lan returns 172.16.2.254
  #host 172.16.2.254 returns ns1.highschool.ourschool.lan (not what I want!)
  I understand forward and reverse lookups to OD master need to be rock solid. The changing of the PTR record is going to ruin this. Has anyone else seen this behavior. Should I just do the DNS through terminal and forget the GUI?
  Thank you for any feedback. I searched this discussion list and didn't find anything similar to this in the postings.
  Best Regards,
  Steve
  OS X Server and Client   Mac OS X (10.4.6)  

  Your problem stems from the fact you're trying to create two separate A records for the same IP address.
  The GUI will automatically create a reverse DNS entry for each a record. Since you have two A records that point to 172.16.2.254 that's where your problem lies.
  Your solution is either to use a CNAME (or alias) for the second hostname (e.g. ns1.highschool.ourschool.lan CNAME admin.ourschool.lan), or manage the DNS by hand and don't use the GUI tools.