DNS records removal

Similar Messages

• #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##

  Hi,
  This is my first post here. 
  My exchange server of late is facing a peculiar problem. I get the error message that I have posted below when sending mails to any outside domain. However when I restart the server the mails can be resend to the address without any issue. After a certain
  time again the issue pops up upon which I am forced to restart the server again. I am running 2007 Exchange on Windows 2003.
  Generating server: name.mydomain.com
  [email protected]
  #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
  [email protected]
  #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
  Original message headers:
  Received: from name.mydomain.com ([1xx.xxx.xxx.xx5]) by MHDMAILS.mouwasat.com
   ([1xx.xxx.xxx.xx5]) with mapi; Wed, 19 Oct 2011 08:56:29 +0300
  From:  <[email protected]>
  To: <[email protected]>
  CC: "Al Alami,Tareq" <[email protected]>
  Date: Wed, 19 Oct 2011 08:56:27 +0300
  Subject: RE:   
  Thread-Topic:   
  Thread-Index: AcyAQ5tu8z9CvBfdT5+1pcGQkk6x0AIuwczAAAGZjeABQyW5sAADeeJQAAETNDA=
  Message-ID: <[email protected]>
  References: <[email protected]com>
   <[email protected]com>
  Accept-Language: en-US
  Content-Language: en-US
  X-MS-Has-Attach: yes
  X-MS-TNEF-Correlator:
  acceptlanguage: en-US
  Content-Type: multipart/related;
              boundary="_004_EEC8FA6B3B286A4E90D709FECDF51AA06C0588CA11namedomain_";
              type="multipart/alternative"
  MIME-Version: 1.0

  On Sun, 23 Oct 2011 15:05:15 +0000, Jobin Jacob wrote:
  >
  >
  >Even af
  >
  >ter removing my domain from the send connector I continue to receive the error. I would like to say I do have a firewall, Cyberoam. However, it was the same configuration till now in the firewall. I did try Mx lookup and found the following.
  >
  >Could there be any other solution to this issue ?
  Sure, but it's necessary to ask a lot of questions since none of us
  know how your organization is set up.
  I see you also have "Use the External DNS Lookup settings on the
  transport server" box checked. How have you configured the "External
  DNS Lookups" on the HT server's property page? Is there any good
  reason why you aren't just using your internal DNS servers? If the
  internal DNS servers are configured to resolve (or forward) queries
  for "external" domains then there's no reason to use that checkbox. In
  most cases checking that box is a mistake.
  http://technet.microsoft.com/en-us/library/aa997166(EXCHG.80).aspx
  The behavior you describe (it works for a while and then fails;
  restarting the server returns it to a working state) sure sounds like
  some sort of DNS problem.
  Rich Matheisen
  MCSE+I, Exchange MVP
  --- Rich Matheisen MCSE+I, Exchange MVP

• Can we generate the Offfice 365 MX-Token needed for the MX-DNS-Record by ourselves?

  Hi there
  As a hosting company we programmed a DNS-zone-editor in which our customers can edit their DNS-zone. A new feature we are offering is a so-called "DNS-Template-Service", in which our customers can select predefined record templates like GoogleApps
  and then trigger by one click the installation of the predefined records.
  We also would like to offer them "Office 365" as a template. According to this article https://support.office.com/en-ie/article/Create-DNS-records-at-any-DNS-hosting-provider-for-Office-365-7b7b075d-79f9-4e37-8a9e-fb60c1d95166#BKMK_add_CNAME we
  understand that all we need to do is to add a couple of CNAME, TXT and SRV records which is great.
  However, there is also an MX record with a dynamical component (the "MX-Token") that is required:
  <MX token>.mail.protection.outlook.com
  We understand that this token can be fetched by the customer from their office installation. However that would break the purpose of our templating system that is designed to work like an on/off switch.
  So our question is if there is any way that our system could generate this token by itself since we have knowledge of the customers domain anyway.
  According to some customers who already installed those records manually we can see some patterns:
  Example 1: domain1.com results in an MX with a value of
  domain1-com.mail.protection.outlook.com
  This is easy: just replace the dot with a hyphen.
  However for domains with hyphens in the name a special conversion is made and appended on the back of the first part: 
  Example 2: domain-withdash.com results in an MX with a value of domainwithdash-com01e.mail.protection.outlook.com
  Example 3: dom-ainwithdash.com results in an MX with a value of domainwithdash-com0i.mail.protection.outlook.com
  Example 4: doma-in-withadash.ch results in an MX with a value of domainwithdash-com01bb.mail.protection.outlook.com
  So what is the algorithm for this (probably bidirectional) conversion?
  Thanks for letting us know and make it easier for our customers to use office 365 with their own domain name.
  Regards
  Lukas
  Developer @ cyon GmbH

  We actually spent the last 1.5h to reverse-engineer the pattern and (hopefully) found the right answer on how these hyphen-replacements are substituted.
  * This functions generates a token as done in office 365
  * @return mixed|string
  private function getOffice365MxToken($domain)
  $delimiter = '0'; // delimiter between the domain part and the hyphen replacement part
  $token = $domain;
  $hyphenReplaceToken = '';
  // split domain string into chunks of 4 chars
  $chunkSize = 4;
  $chunks = str_split($token, $chunkSize);
  // transform the hyphens (their position) in the domain name to an alphanumerical character string
  $skipCount = 0;
  $intOfA = ord('a'); // get the decimal value of the letter 'a' as start value
  foreach($chunks as $chunk){
  $digit = $intOfA;
  for ($i = 0; $i < $chunkSize; $i++){
  if('-' === $chunk[$i]){
  $digit += pow(2, $i);
  if($intOfA === $digit){ // if the value is a it means no hyphen was found
  $skipCount++;
  continue;
  if (0 !== $skipCount) {
  $hyphenReplaceToken .= $skipCount;
  $hyphenReplaceToken .= chr($digit);
  $skipCount = 0; // rewind skip count
  if(strlen($hyphenReplaceToken) > 0){
  $token .= $delimiter . $hyphenReplaceToken;
  $token = str_replace('-', '', $token); // remove - from domain name
  $token = str_replace('.', '-', $token); // replace dots with -
  return $token;
  Short-hand explanation: The pattern showed that the domain string simply gets chunked into pieces of 4 chars. For each setting at which hyphen(s) can be located at the index value (seen as bit mask 0124) is added up. The resulting number we get per chunk
  then can be added to starting decimal value of the letter 'a' (97) and thus gives us another letter that substitutes the hyphens locations in this chuck. If no hyphen is found, the algo simply counts for how many chunks none were find and adds this up sa a
  number.
  These concatenated letters + skip-numbers then result in the replacement token that gets appended on the end of the domain name (hyphens removed, dots replaced with hyphens). 
  Oh and yeah, between these two parts a '0' is added as delimiter.
  That's it. I hope we got it correct.
  Regards
  Lukas @ cyon GmbH

• DNS records are not 100% correct

  For a while now we've been noticing that some DNS records are not correct. The records are pointing to incorrect IP addresses. One by one I open the record, update the IP, then replicate across all domain controllers.
  What would cause the hostname of one machine to point to another IP address?

  I believe what you're seeing is from DHCP-DNS registration. You may have duplicates, or incorrect data for records that can't be updated by DHCP service or the DHCP client due to permissions on the record. You may also not have scavenging in place.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. But give it a really strong password.
  Set DHCP to update everything, whether the clients can or cannot.
  Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group. Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it.
  They must be removed or it won't work. Make sure that NO user accounts are in that group, either. (I hope that's crystal clear - you would be surprised how many will respond asking if the DHCP credentials should be in this group.)
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway. Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  For specifics and step by steps, and good discussions on what's going on in the background and what to expect:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  
  Good summary
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  Another good Summary:
  Thread: "DNS problem" December 18, 2013
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS record ownership for DHCP clients

  my configuration:
  dhcp/dns/dc installed on same system - Windows 2008 R2 SP1 in domain environment.
  all zones configured to secure updates only with aging and scavenging enabled
  dhcp servers are member of DNSupdateproxy group.
  dhcp are configured with standard domain user account (this user was made a member of dnsupdateproxy as well, DOES THAT MATTER?)
  dhcp scopes are configured with default DNS setup (force DNS update by DHCP)
  now...
  all DNS records for endpoint devices on dhcp lease (windows7, mac os X, ubuntu) are owned by SYSTEM
  in security tab for some DNS records i can see service account with write permission to record ( i believe this is desired state)
  in other records service account has no permission but timestamps are still updated by computer account (hostname$ has write permission). these records have pencil icon on computers in dhcp lease table.
  Problem with this (hostname$ has write permissions) is when user connect to network via VPN (obtains dhcp lease) it get's two records registered in DNS -> 1 record for ip distributed by dhcp server and 2nd record for his home private network.
  Have anyone seen this before?
  i've tried deleting DNS records / releasing ip on endpoint device (example win7). It would not register to DNS by DHCP. However if i do ipconfig /registerdns it will do it, but dhcp service account won't have permission no this record.

  Apparently it appears that DHCP may not be configured with credentials, DHCP DNS settings are not configured to force DHCP to register ALL requests, nor has the DHCP server itself have been added to the DnsUpdateProxy group. These are all prerequisites
  for DHCP to own all records, otherwise you will see default behavior, which is:
  By default, a Windows 2000 and newer statically configured machines will
  register their A record (hostname) and PTR (reverse entry) into DNS.
  If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow
  the machine itself to register its own A record, but DHCP will register its PTR
  (reverse entry) record.
  The entity that registers the record in DNS, owns the record.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. Give it a really strong password.
  Set DHCP properties, DNS tab, to update everything, whether the clients can or cannot.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group.
  Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work.
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging one one DNS server. Set the NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length. What it scavenges will replicate to others anyway.
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx 
  Good summary:
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  DNS Record Ownership and the DnsUpdateProxy Group
   http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated (NON-ADMIN) user account and
  configure DHCP servers to perform DNS dynamic updates with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  DNS record ownership and the DnsUpdateProxy group
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b17c798c-c4b2-4624-926c-4d2676e68279/
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• New Windows Server 2012 unable connect to Netlogon Service or update DNS records

  Hi everybody, all of my Windows Servers 2012 decided to collapse after innocuous group policy update that was meant to make user passwords more secure.
  The AD and DNS seem to be functioning "normally", I am able to add new Windows7 and Windows Server 2008 machines to the domain, I can see them in listed in the AD and DNS record are update correctly, however, as soon as I try to join Windows Server
  2012 it breaks.
  The event log is littered on the new server with:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter
  with settings:
             Adapter Name : {DB7F73CE-E011-4F3C-BEBC-2CE7A871DF51}
             Host Name : CHEETAH
             Primary Domain Suffix : somedomain.com
             DNS server list :
  192.168.0.5
             Sent update to server : <?>
             IP Address(es) :
  192.168.0.15
  The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
  at this time.
  You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
  and
  Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.somedomain.com. timed out after none of the configured DNS servers responded.
  When I try to ping the primary DC (WS2003) it fails, the Secondary DC (WS2012) responds.
  The >nltest /sc_query:somedomain.com on Windows Servers 2012 returns:
  Flags: 0
  Trusted DC Name
  Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully
  yet it works on all other machines.
  I tried removing 2012 servers from the domain and rejoining - without success. The cookie crumbled when I added two new installations of Windows Server 2012 & 2008 and 2008 worked fine but 2012 showed same symptoms.
  There is one peculiar thing that I had noticed on all Windows 2012 machines, it constantly showing "Workplace Connection - Connecting" in the networks pane on the right side of the screen, which I can't say i ever noticed before.
  Unfortunately, the secondary DC is a multihoming server with Direct Access role - I am not sure if this may play some part but our existing configuration worked for a year now without any problems. Issue appeared when I changed the password complexity rule,
  which boggles the mind. I wonder if there has been some other changes in GPO that did not propagate from years ago and finally comeback to break things.
  Any suggestions would be really appreciated.
  wmin

  Hello Ace, i wish you a Happy New Year! I hope your break was enjoyable and filled with cheer.
  In the end I had to bite the bullet and reinstall all troublesome servers. Your recommendations from above removed some serious problems with the DA and DNS resolution.
  I was able to attach new server to the domain without any problems and begin painful process of rebuild.
  I have promoted TIGER to full DC controller role, but having some issues with replication. Although running >repadmid /showrepl gives positive
  feedback, the sysvol folder on the secondary DC is empty.
  Also there is a couple of warnings in the event log:
  Event ID 4012
  Log Name: DNS Server
  Source: DNS-Server-Service
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial
  synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server
  for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  - which has not repeated since 3rd of Jan.
  These events occur on the primary DC every few minutes:
  Event ID 1030
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Event ID 1058
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=somedomain,DC=com. The file must be present at the location <\\somedomain.com\sysvol\somedomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
  (The network name cannot be found. ). Group Policy processing aborted.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Should sysvol folder be shared on the secondary DC? Another interesting thing to point out is that
  \\somedomain.com\sysvol\somedomain.com\Policies\ can be access
  from all other machines except the DC1.
  Cheers!
  kind regards,
  wmin

• DHCP Name Protection & DNS Records

  How correlates DHCP Name protection & DNS records for domain PC? We found a lot of old records from PC's in DNS, and I'm just wondering, does DNS (or DHCP) removes records about PC, which were removed from AD (not gracefully, just deleted computer
  account)?

  Hi,
  If you want the DHCP server to register the DNS records for the DHCP clients, you need to configure the DNS configuration and options settings on DHCP server. In addition, it seems that Windows DHCP clients cannot update their records with the DNS server themselves,
  but DHCP server can be configured to perform updates for both Windows DHCP clients and non-Windows DHCP clients. The links below may be helpful to you:
  [Forum FAQ] DNS Dynamic Update Troubleshooting Guide
  DHCP and DNS
  Best regards,
  Susie

• How many DNS record need to create in Internal & external DNS server for exchange?

  Hi friends,
  I recently installed Exchange Server 2010 in my organization for testing purpose and I've register a pubic ip too for exchange server on godaddy.com. How many
  internal & External DNS records reqired to configure on external & Internal dns server so my all feature like Auto-discover, Activ -sync,& webmail start working perfectly.
  It's my first time configuring exchange for a organization.
  Thanks & Regards,
  Pradeep Chaugule

  Hi,
  Just as what ManU Philip said, you need to create
  Autodiscovery.domaincom and mail.domain.com for external dns server.
  Generally, you configure your Exchange Servers as DNS clients of your internal DNS server.
  Refer from:
  http://technet.microsoft.com/en-us/library/aa996996(v=exchg.65).aspx
  Best Regards.

• How do I create a DNS record on my Mac Server?

  How do I create a DNS record on my Mac Server?

  The following is info that I found in another post that I have been trying to follow.
  MrHoffman      New England
  Re: Configure DNS - OS X Server Next Steps
  Feb 13, 2011 6:36 AM (in response to Jimbooooooo)
  You're setting up internal DNS services, you referenced your ISP DNS servers and you should not have, and now those servers have no translations for your hosts. This is a common misconfiguration.
  See [configuring DNS on Mac OS X Server|http://labs.hoffmanlabs.com/node/1436] for how to set up your internal DNS server.
  And if there are any references to your ISP DNS servers here (within your client settings, within your server settings, your Airport settings, etc), then you're usually going to have DNS and connectivity problems. You're running a server now, so you'll be running your own services, and (particularly because of NAT here) referencing only your own DNS server(s).
  You may be setting up external DNS (if and when you need that), but that should happen after you set up your internal DNS. The above article has a link to setting up external DNS, when you get around to that, if/when you need in-bound connections into your LAN.

• How to create a DNS record for a domain itself (without a hostname)

  Hi,
  Normally, you can create a DNS record that points to the zone itself, e.g.:
  @               10800 IN A    196.197.200.201
  How do you accomplish that on a Mac OSX Lion Server? The DNS requires you to enter a hostname and it does not accept "@" as the hostname as it normally appears in the zone file.
  (manually modifying the host file does not work - I tried that ;-) )
  Any help is appreciated
  Thanks
  Bjoern Dirchsen

  Create either a blank record with a ., or a FQDN such as 'domain.com.' (note the trailing dot). Either of these should map to the domain name.

• How do I setup a DNS record to point to an internal IP with a port.

  I am trying to setup a DNS entry on my AD server to point to a web sever that I have setup to run certain services.  All of these services run through IIS on port 82 for example service A is internally 192.168.0.1:82/info/login and service B is 192.168.0.1:82/tech/login.
   I am trying to give these services easy to use names like for example info.mycompany.com and tech.mycompany.com so that it is easy to access for the employees but I am obviously missing something because I have had no luck setting up anything.  My
  company is still using SBS 2003 as it's AD and DNS server so I am working with flint and bear skin here.
  I am also trying to do the same thing for the external access to these services but where as I have the internal address for these services I have the external static IP.  When using the external IP with the port from outside the network everything
  works fine but I would like for it to to have a simple name identical to the internal names but accessible from the outside.  I frankly feel out of my depth on both of these issues and I would really appreciate any help that can be lent.  Thank you. 

  You cant set a dns record (that would be used by a browser) to point to an ip and port, srv records can but that requires the application to look them up.
  To have  info.mycompany.com  point to 192.168.0.1:82/info/login you
  would add a cname or A record to the dns pointing to that IP, then in IIS you would assign that dns name to the host headers. Also in IIS you would need to use
  URL rewrite plugin with this you would setup a redirect for that host header {HTTP_HOST} to point to that link.

• What are the right DNS records to host more than one site on OSX Server (ML). My conf in Server.app looks right but one of my sites lands on the default server. Any suggestion?

  I started using OSX Server on Mountain Lion a few days ago and it looks promising.
  I do however measure my ignorance in DNS matters...
  I defined two websites in addition to the the Default Server, so I have three names to deal with.
  For argument's sake
  - www.main.com is the default site
  - www.sitea.com is the first site
  - www.siteb.com is the second site
  I define a virtual host for www.sitea.com and another for www.siteb.com
  The resulting apache conf is what I would expect, I am pretty sure it is correct.
  So I modified my DNS entries (they were A records) to point to my new OSX Server.
  My result is:
  - www.main.com shows the default site
  - www.sitea.com shows the first site
  - www.siteb.com shows...the default site
  Any ideas?
  Cheers

  Thanks MrHoffman!
  My problem ended up being a name but not in the DNS!...In Apache.
  Your information allowed me to rule out possibilities and zoom in to the culprit faster.
  I just report here the conclusion hoping it can help someone else.
  When I installed OSX Server last week, I had in mind to principally run siteb.
  During the initial install, this is what I must have entered and then forgot about it.
  Then I defined my virtual hosts sitea and siteb and realised my machine was called siteb and changed its name to main to avaid a name collision. At which time I remember OSX Server telling me that changing the name could have consequences...But it apparently went ok, and it did except for one little thing.
  The consequence was this:
  in the main configuration file /Library/Server/Web/Config/apache2/http_server_app.conf the ServerName directive had remained siteb (instead of main). I manually updated it with TextEdit (could do vi from bash, its the same) and replaced siteb with main.
  There is a way to detect it.
  In Server.app, there is a "logs" panel, which displays all sorts of logs for everything including the websites.
  Each website's logs are presented as "access" and "error" logs. The information was there, but I could not see it because the viewing window in remarkably small for so much information in raw text...
  web logs are actually written to only two files in /var/log/apache2 (error.log and access.log)
  I openned two bash windows and run tail -f on error.log in one and tail -f access.log in the other.
  When I started the web service, apache threw a warning stating from mod_ssl saying that the certificate did not match the serve name...I the certificate was what I expected, I checked http_server_app.conf and found the ServerName directive that was not changed when I renamed my server...
  Easily fixed when its found, but it can take a while to find.
  BTW, I was using A DNS records for and it works, but I find your method of using CNAME records documents the administrator's intent better than with A records; I started to do the same. (A records a useful though, they can run a domain across multiple machines)
  Cheers mate!

• Dnscmd's OpenAcl option doesn't seem to change DNS record permissions

  I'm creating DNS A records with dnscmd /recordadd, and I can't see a difference in the A record's permissions whether I use the OpenAcl option or not. Is this normal?
  I was expecting with OpenAcl to see permissions similar to Write permissions for Authenticated Users or something. Instead I can't see any difference in the permissions at all and the permissions for non-admins are Read permissions for Everyone.
  The DCs run win 2008 R2 SP1. The syntax I've been using for dnscmd.exe is:
  dnscmd /recordadd mydomain.com mycomputer /aging /openacl A 192.168.0.123
  I want to migrate from Infoblox DNS to AD-integrated. So I'm expecting to export to csv from Infoblox, reformat the csv file a bit and use dnscmd.exe to read the reformatted csv and create DNS records in AD. I'll also enable the option on the Windows computers
  to register their DNS records.
  I think that the records that dnscmd.exe creates in AD won't have permissions that allow the Windows computers to overwrite them unless I use the OpenAcl option. But OpenAcl doesn't seem to make any difference to the permissions. Very confusing! Thanks for
  any help.

  Thanks Kumar and sorry for replying so late. What you said is correct and what solved my problem was running Windows Update. I was testing using W2K8 R2 with SP1 but no updates after that. After I ran Windows Update, then creating a DNS record using dnsmd.exe
  with the /OpenAcl argument did indeed set the permissions on the DNS record so that Authenticated Users could write to it.

• DNS record is not dynamically created in DNS Zone, when joining to DNS domain

  hi
  in my test lab i have deployed two virtual machines (both are windows server 2008 R2 enterprise).
  on vm1 i have installed just DNS role (without Active directory) and created a primary non-ADintegrated zone.
  on this DNS zone, i have enabled dynamic update set to
  non-secure & secure .
  now in my vm2 (as a DNS client) , i set the ip address of this DNS server as preferred DNS server and then in system properties, on the primary DNS suffix field, i entered the name of my DNS domain (mydomain.lab)& rebooted VM2, but the a record of this
  client (vm2) is not registered (created ) in mydomain.lab zone.
  i respect the record be created like the situations which we join a client to AD domain 

  Hi  John ,
  When registering DNS record ,client will send a SOA query to find the primary server of the zone .Then send register message to the server .
  We can use nslookup to find the problem :
  Open Command Prompt
  type nslookup
  type set type=soa
  type zone name
      1. If there is positive response ,check the name of
  primary name server and the IP address of the server .
  Its name should be vm1.mydomain.lab .If not ,edit the SOA record in the zone .
  If no IP address ,edit NS record in the zone .
      2. If there is no response ,check the SOA record in the zone .
  We can manually delete and recreate the records to ensure there are right SOA and NS records .
  Here is the guide for using nslookup :
  Nslookup :
  https://technet.microsoft.com/en-us/library/cc940085.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi Leo, thanks for reply.
  i did all steps you mentioned but still no result.
  i put an screenshot of my desktop here , everything is shown here:

• HTTPS, DNS and dynamically updating DNS records

  Hello to you all, if you are able to help with a DNS problem that I'm having then please accept my thanks and appreciation in advance.
  First some background information, I recently  moved my server from my studio to my house where a new purpose built studio will soon be erected. At my old studio any requests for myurl.com came in via the IP (whether that be http, https, ftp etc) from the domain registrar and the router would send the request to the relevant port number whether that be 80 for http or 443 for https etc and all was well as this location had a fixed IP address. Unfortunately at my new location whilst I have a much faster connection I do not have a fixed IP. To get around this I have the following set up (not ideal for a business I know but perfectly OK for home hosting); I set up two psuedo nameservers at no-ip.com (ns1myurl.com and ns2myurl.com) which tracks the changes in my IP address and updates its records accordingly, my registrar then sends any requests to these 'nameservers' and no-ip then forwards it on to my server. So far so good.
  The problem arises once the requests get to my server, whilst I have DNS set up, I can only recieve requests from a straight request to the server ie myurl.com will display the site without any problem, but if I then put a www in front of that or try to access the https part of my site (which is set up as a seperate site on the same server) then the server throws an error. I have tried to put an alias (CNAME) into the zone but it does not want to resolve the request. I have searched around but to no avail, I am totally new to DNS so am currently on a steep learning curve and fumbling around in the dark.
  The first thing that I need to get working is the request to be resolved correctly and then (and this is where the real fun starts!) is to dynamically update the IP in the DNS records as the IP changes. I will probably have to get help in on this as I understand that this requires BIND of which I know nothing about, first though I'd like to get the pages to be served up correctly. Advice, hints, tips or links to tutorials all greatly appreciated. Full set up listed below.
  Many thanks, David.
  Xserve PPC G5 running 10.5.8 unlimited set up as standalone OD master
  Xraid
  APC UPS
  CradlePoint MBR1200 Gateway router which acts as the DHCP
  http://myurl.com and https://myurl.com set up as 2 seperate sites and located on the Xraid
  Current DNS setup:
  Primary Zone name: myurl.com with nameservers ns1myurl.no-ip.info and ns2myurl.no-ip.info and allow zone transfers in checked
  Then
  Name
  Type
  Value
  myurl.com
  Primary Zone
          ns1myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          ns2myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          myurl.com.
          Machine
  12.34.56.78 (external IP)
          www.myurl.com.
          Alias
  myurl.com.
  With the reverse zone looking thus with allow zone transfers being checked
  Name
  Type
  Value
  56.34.12.in-addr.arpa.
  Reverse Zone
          12.34.56.78
          Reverse mapping
          myurl.com.

  Thanks for the reply Camelot, that part though I had already figured out. I now have this working, all I did was change the external IP to the internal one of the server with resolves with the .local machine name and all is working just fine (for now!). As long as I have primary zones set for each site and any alias or services set up on them then everything works well.. The real test will be when my ISP changes the IP, whilst my tests have proved successful the proof will be when they update the address.
  Thanks anyway. David.