DNS server with double NAT

Similar Messages

• Best DNS setup for public-facing Mac server with no NAT?

  What's the best way to set up the DNS server as a member of an existing domain with nameservers elsewhere for a public-facing server with no NAT?
  We own the domain myexample.com and it's name servers and zone files are on a hosted linux server with mail/web server services.
  We now have a Mac server hosted elsewhere and we want it to be a subdomain of our myexample.com i.e. macserver.myexample.com.
  We haven't enabled NAT or DHCP so the Mac server host network IP is a public IP. There is no LAN.
  When setting up the DNS server, what should the primary zone be? macserver.myexample.com, or myexample.com?
  Any advice would be great. Mr Hoffman....are you out there?

  You do need valid DNS services.  But you don't need to provide DNS on the same server.  And if you're not dealing with NAT, things can get easier.
  The easiest approach available is to not run your own DNS services here.   This assumes the OS X Server box is configured on a static IP address, but then that's something OS X Server needs/wants/ expects.
  Use the DNS provided by your domain registrar, and your ISP.    Or maybe on that Linux box, if that's publicly authoritative for the domain.
  Enter the host name and the IP address into the public DNS services that you have configured for the domain, or that you have at your registrar or ISP, or on that Linux box.
  You will need to have your ISP for the static IP configure a PTR record (reverse DNS) for the server, particularly if you're planning to run mail or related.

• TS1843 I am getting the following error messages- No DNS Server and Double SAT.  Can anyone walk me through a fix?

  Airport Express- No internet connection. I am getting the following error messages- No DNS Server and Double SAT.  Can anyone walk me through a fix

  Try putting these numbers in Network>TCP/IP>DNS Servers, for the Interface you connect with...
  208.67.222.222
  208.67.220.220
  Then Apply. For 10.5/10.6 Network, highlight Interface>Advanced button>DNS tab>little + icon.
  Might also put them in the Airport Express, no idea what Double SAT is!?

• Time Capsule - No DNS servers and Double NAT

  I'm connecting an MBP running 10.5.6 to a Time Capsule which accesses Virgin Media broadband using a cable modem.
  It has been working fine for 6 months, but I made some changes this morning to get my wireless camera onto the network, which broke the connection, and don't seem to be able to undo them.
  The TC now flashes amber, and going into Airport Utility I get the following errors:
  - No DNS Servers
  - Double NAT
  I've typed the DNS servers' IP addresses for my ISP into Airport Utility but it doesn't seem to recognise them. It also complains about a double NAT problem but I don't have another router assigning IP addresses.
  I've also tried a hard reset on the TC, switched it and the modem off, waited 30 mins and then switched back on again - no luck.
  Screenshots of all the settings on my TC from Airport Utility are here:
  http://web.me.com/julianlove/Site/TimeCapsule.html
  I'm not very knowledgeable about networking so any assistance appreciated.

  Double NAT is an indication that you have two devices on the network both trying to perform routing duties. You only want one device doing this on a network. Solve the NAT issue and the DNS issue will go away as well.
  What is the make and model number of the device that you call your "modem"?

• Time Capsule with Double NAT status - Question.

  Hi all.. would appreciate some advice.
  I have a Time capsule set to DHCP/NAT.
  I have a second Airport extreme connected to TC via eithernet (about 100 yards away) set to Bridge to further my signal on a big property.
  I have several Aiport Expresses for Airplay only.
  I recently called Apple and they told me to set my TC to DHCP/NAT and chose ignore.
  I had problems with my computers connecting to the internet (they connected to my network, but not internet.  Or occasionally I would get errors on my MBP that said could not connect this IP address is used by another device).  It was sporatic.  Apple told me this was likely because I have 20-30 wifi devices in my house and my ISP is not providing enough IP addresses.  They told me that DHCP/NAT makes my TC 'be in charge' of these IP addresses.
  I am using Frontier service.  Modem from Frontier is Netgear B90 - 755044 - 15.
  When I set up this modem, I turned the wifi portion off.  And currently the wireless light on the modem doesn't ever blink, so I believe it is off.
  So why am I getting the Double NAT error since my Modem appears to have the wifi portion turned off?
  Thank you very much!

  Thanks again Bob!
  I called Frontier... they refused to show me how to put my modem/router in Bridge mode.  Hypothentically, if I did that, would that solve this problem?  Sounds like it would.  They said they won't show me how to do it because they use PPPoE or something and if I put into bridge mode I won't get internet access.  Is that true?  They only use bridge mode for businesse they said.
  I never wanted a modem/router.... I wish I only had a modem! .  Maybe I will call them back and ask only for a modem.  Good idea.
  Attaching a screen shots below.
  If I go into My connection at the top, hit Edit.... no where in there is a bridge option.
  If I go to that green Enabled one under VC's... where it says PPPoE, there is a selection to choose Bridge.
  See below.
  But I'm too chicken and I don't know if that is the answer or not.
  Thougths?
  Thanks again Bob!

• No DNS and Double NAT

  Hello, I've recently encountered a very frustrating bug in my system that I could use some help troubleshooting.  I've read several similar posts, some are resolved while others are not, however none of the resolutions have worked for my situation.  Here it goes:
  I have an old macbook pro, a new macbook air, a white macbook and 2 iPhone 4s's all connected to the internet via WiFi through an AirPort Extreme.  The AE is connected to a cable modem which has internet service through Cablevision in NY.  There is also an AT&T Microcell hooked up to the AE to boost my cell signal.   All of this equipment has been working flawlessly together for a long time.  Until recently.  It could have started after an update, there have been several lately on all of the equipment including the firmware in the AE.  Anyway, I'll be connected without any issues - all lights green and happy - when suddenly, the internet will drop off and the AirPort Utility will pop up and warn me that:
  1) On the "internet" icon, it will say "disconnected"  
  2) On the AE icon, it says "No DNS server and Double NAT"
  After a few minutes and nothing done on my part, the lights turn green, the internet reconnects and all is well again. 
  This happens frequently and is really beaching a nuisance.  Due to the frequency of the disconnection, I can no longer download a large file, update, or anything.  Streaming video is impossible.
  So far, I have tried bridge mode and cycled the power in the order recommended to no avail.  When I do that, the AE turns green, but the internet says "not connected".  I have also read that there might be too many IP addresses which is not sitting well with my ISP, so I disconnected everything including unplugging the Microcell.  Lastly, there are no other wireless phones or devises in the house.  All to no avail.
  I should also mention that this began occurring on my Time Capsule, which I replaced with the AE in an attempt to fix this issue. 
  Any help would be greatly appreciated.
  Joe

  Sounds very similar to what I've been trouble shooting for 2 months now, only I have DSL from AT&T and I don't see the Double NAT warning.  My last post on the problem is here. 
  My only emergency solution for getting by day to day on the internet is to unplug the AE and connect one Mac directly to the DSL modem.  There's no shared connection or WiFi.  I looked at hosting WiFi from the Mac, but the only security available with that is WEP which isn't considered secure.  Even with this set up, I think (seat of the pants) that there are quality of service problems. 
  I've replaced the Airport Extreme with 2 different new units and the DSL modem with a new unit to no avail.  The Genius Bar and Apple phone support couldn't solve this, nor have 2 calls to AT&T support and one visit from an AT&T repairman.
  I would like to know how to better test or quantify the poor quality of connection that seems to be the problem.

• "Back to my Mac isn't working properly because your DNS server isn't responding. Contact your ISP for an alternate DNS server address, and enter it in Network Preferences".

  Hi, i am trying to setup back to my mac at home but I get the error "Back to my Mac isn't working properly because your DNS server isn't responding. Contact your ISP for an alternate DNS server address, and enter it in Network Preferences".
  There is no documentation on how to solve this anywhere.
  I have an Arris router set to bridged mode which is connected to a 5th generation airport extreme. I have tried using the google dns servers instead of the one assigned by the cable company in the AE but I still get the same error.
  Any help would be much appreciated
  Kenneth

  New to BTMM, I got stung today with the silly DNS problem message. Solution:
  1) Flush DNS cache with:
  dscacheutil -flushcache;sudo killall -HUP mDNSResponder
  2)System preferences > iCloud > untick BTMM then tick it again. The warning should have disappeared.
  Edit #1
  Apologies for the noise. The warning has come back
  Edit #2
  Just found out that BTMM is not compatible with double NAT. That's not helpful.
  http://support.apple.com/kb/TS1208

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• Sprint Airave Causes "double NAT"

  I connected a Sprint Airave between my Cox Cable modem and my Apple Airport Express. Now I have a flashing amber light and a "double NAT" status. Is there a downside to having a "double NAT" status. If so, how do I fix it? Bridge mode destabilized internet. Other idea?

  The Sprint Airave is actually working as a NAT router.
  If you read some of the info about these boxes.. eg http://www.pocketables.com/2013/04/sprint-airave-2-5-four-and-a-half-months-in.h tml
  They can be pretty terrible. And the suggested layout is probably wrong. You would be better having the
  cablemodem--Express--Sprint
  So that the Express can be the main router for the network.
  If you are stuck with double NAT.. it is very much non-ideal.. you might find it works for most things, then a web page won't load properly or you cannot connect to game.. most interactive stuff on the internet will not work via a double NAT. You can browse and do email because they are not interactive.

• Will 'Double NAT' cause any problems for me?

  Hi there
  I have just received a Netgear VMDG280 Cable/ DSL modem/wireless router from Virgin Broadband in the UK and I plugged it into my Airport Extreme 802.11n base station. The internet works fine but the amber light remains flashing, warning me of a Double Nat error.
  I can easily select for my Airport to 'ignore' this Double NAT error message, but am worried that by ignoring this warning, I might compromise something important in my whole broadband set up. Could it also reduce security etc?
  Essentially, Im not doing anything fancy with my wireless network, besides running a Macbook Pro, Iphone, Ipad and friend's laptops etc.
  With Double NAT existing on my network, will this affect the service I will receive in any way? Or can I just put it out of my mind?
  Many thanks
  Dan

  +If I operate Airport Extreme in Bridge mode, will that mean that the technical quality and security of the Airport Extreme base will be bypassed in favour of the Netgear?+
  No
  +if the Netgear is classed as the lesser device of the two, shouldnt the Airport Extreme handle the more important tasks rather than being a passive 'bridge'+
  The Netgear is already configured as the "main" router on your network. It is what we call a "gateway", a combination modem and router on the same chassis. The AirPort Extreme does not include a modem, so if you wanted to make it the "main" router on your network, you would need to purchase a separate stand alone modem and then set up the Netgear as a "bridge". That gets really complicated.
  If you are seeing no adverse effects of the Double NAT, you can choose to "ignore" the message and the light will turn green. If you want to do this, open AirPort Utility, click Manual Setup, and then click on the word "Status" on the summary page. Click "ignore" regarding the Double NAT.
  Networking rules specify that you should try to avoid the Double NAT situation if possible. On a simple home network this is not usually a serious error, but it can slowdown internet browsing. If you plan to add a gaming console and want to play online games with other people, then the Double NAT will probably prevent you from doing so.
  My suggestion to place the AirPort Extreme in bridge mode was just that...a suggestion. If you are happy with the performance of your network now and simply want to get the light to turn green, you can choose to "ignore" the message.

• DNS Issues with Hyper-V 2012 R2 VDI Pooled Desktop Deployment

  Good afternoon all!
  We are running a POC VDI deployment on a Nutanix system, and I am having a DNS issue. I would appreciate some help trying to figure this out. Two situations that are causing issues that I can see:
  1. VMs go into a saved state if not being used: This in itself is not an issue, and I see it as a way to save resources not being used; however, if a VM is saved for a few days, the DHCP address often gets reassigned. Now if users are connecting, and that
  saved VM with the stale address is called to wake up, the VM is not found.
  2. Recreating the pool after updating the golden image: This is the bigger issue. After a couple days of running smoothly, I was asked by my pilot users to add Firefox. I installed it and recreated all the VMs in the pool. When this happened, they all got
  new IPs, but the old DNS records were not updated. This made the broker unable to find a single VM in the pool. I could not ping a single one.
  Has anybody else run into these DNS issues with a VDI deployment? If so, what did you do to resolve it? If not, have any ideas on what is going on here?
  Thank you in advance!
  Eric

  Hi Eric,
  As per my research, I can say that the default behavior. When we will recreate the VM it will change the IP address dynamically. But from your description it seems the DNS record is not getting update and due to that you can’t find your VM with hostname or
  IP. But for this you can set one option under DNS server with which DNS record can update the new IP address. The option you need to set is “Dynamic updates>Nonsecure and Secure” under general properties in sites. You can check below snap.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Split-horizon DNS server

  Hi,
  is it possible to use novell-named on OES 2 Linux to create split-horizon DNS server? Something like this: Two-in-one DNS server with BIND9 | HowtoForge - Linux Howtos and Tutorials. What I want to achieve is "to resolve to internal IPs when you are inside and external IPs when you are outside".
  We have some services (web applications, Groupwise messenger etc.) which can be accessed from the LAN using private addresses and which are also visible from the public network (Internet).
  Currently we have Netware 6.5 with DNS Proxy binded to internal address and some hostnames bound to internal IP addresses inside hosts file (and therefore resolved by DNS Proxy with private addresses for LAN clients) and named bound to public IP and serving DNS requests from public network. But we'd like to migrate everything from Netware to OES 2 Linux.
  Any help is much appreciated!
  Bruno

  Originally Posted by joharmon
  Just found this:
  Is Views for DNS Supported or Possible on NetWare or OES?
  Bad news but thanks for your answer!
  Bruno

• Cisco IOS as DNS server

  Dear Community!
  Could someone help me to fine-tuning DNS server configuration?
  I'm configuring an IOS router act as a DNS server with the following parameters:
  ip name-server [IP #1] [IP #2]
  ip dns server
  ip domain round-robin
  ip domain name [domain.net]
  The 1st DNS server is a public DNS server accessible from Internet, the 2nd one is a private corporate DNS server accessible from a site-2-site tunnel.
  The client PCs at the remote end of the IPSec tunnel should query public DNS names from public DNS server, and the records of our private DNS domain.
  Is it possible to configure a "policy" to query corporate DNS domain from a dedicated DNS server, and the other public DNS name from the public one?
  Thanks in advance!
  Best Regards,
  Belabacsi
  from Budapest, Hungary

  Sure, it's called DNS Proxy. It's not supported on all devices, so you'll have to check.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/800/rn830xc3.htm
  DNS Proxy
  In virtual private network (VPN), Point-to-Point Protocol over Ethernet (PPPOE), etc. PCs connected to the LAN may get Dynamic Host Configuration Protocol (DHCP) parameters including the IP addresses of the Domain Name System (DNS) server prior to the router connecting to the WAN to get the information over IP Control Protocol (IPCP). The objective with Proxy DNS (or caching-only name server) enables the router to receive DNS queries on behalf of the real DNS servers and proxy for the hosts on the LAN connected users. This enables the DHCP server to immediately send the hosts the router's own LAN address in lieu of the DNS server's IP address. The router forwards the DNS queries from local users to real DNS servers after the WAN connection comes up and caches the DNS records in response. Over the time, cache includes the DNS information most often requested by the local resolvers and this can reduce the overhead of packets to the WAN.
  The router must obtain the correct DNS server information from the WAN in order for it to function as a proxy DNS server.
  The global configuration command ip dns server enables DNS proxy server functionality on the router, and causes it to forward DNS queries to the actual DNS servers. The global configuration command dns-server address causes the router to respond to DNS queries with its own IP address.
  HTH and please rate.

• DNS Server Issues with Comcast and Airport Extreme wifi routers

  I am having significant challenges with 3 Airport Extreme (latest gen) wifi routers and my Comcast Xfinitity service.  It once worked just fine, but now I continually get the blinking amber lights stating "No DNS servers" for each of the Airport Extreme (AE) routers.  My configuration is:
  Coax cable -> Comcast Xfinity cable modem -> ethernet to 16-port gigabit ethernet switch ->->-> ethernet to 3 Airport Extremes around the house direct connected with switch
  I have many wifi devices throughout the house (iPads, MacBooks, home automation devices) as well as direct-connected devices via ethernet (one PC connected to AE router).
  Each Airport Extreme router is set with these settings in the Airport Utility app: 
  Internet tab=  Connect using: DHCP
  Wireless tab=  Network mode: Create a wireless network
  Network tab=   Router mode: Off (Bridge Mode)
  I have attempted to put the Xfinity cable modem in bridge mode, and use the Airport Extreme to serve up the IP addresses, but still lost internet connectivity.
  I have also attempted to set the Network tab=> Router Mode to "DHCP and NAT" but get "Double NAT" error issues as well.
  I have tried using the Comcast DNS server addresses (75.75.75.75;75.75.76.76) setting on the Internet tab for the routers and do end up getting a green light, but NO internet connectivity.
  Lastly, I have tried using the Google DNS servers (8.8.8.8;8.8.4.4) setting on the Internet tab the routers giving me the No DNS servers amber light error and again, no Internet connectivity for either wifi-connected or even ethernet connected (directly to Airport Extreme router) devices (like my PC) despite getting a green light on the router.
  Any this point, it really seems that these AE routers are NOT compatible with the Xfinity cable modem or service… (and yes, I've tried power-cycling and restarting the modem, and then the AE routers, MANY times to little avail).
  Should I move one of these Airport Extreme wifi routers to before the switch, and have the other 2 in Bridge mode after the switch?  Do I need to setup a specific range of DHCP reservation addresses for each different AE router?
  Appreciate any insight anyone can share with this aggravating DNS server issue between Comcast & multiple Airport Extreme wifi routers.

  I do not see anything wrong with your basic setup.. the issue is indeed the WAN ports of the AE.. AC version are having problems with some network equipment.
  You have listed a stack of things you have tried.. but I want you to move the ethernet patch cable you use on each AE to its LAN port instead of WAN.
  Restart the airport when you do that.. and then see if it becomes stable.
  In bridge mode the airport moves the WAN port to LAN.. but the WAN port setup itself seems more problematic than the LAN ports.
  There are other methods we can try if this does not work.. but in the end.. I would be tempted to take the whole lot back to apple.. they need to start making equipment that works with standard modems and switches.
  BTW what brand is the 16 port switch?? Does it happen to be managed (smart type)?

• Internal DNS server and NAT routing issue.

  Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
  We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
  Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
  The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
  Thanks

  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
  The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.