Internal DNS - emailsrvr.mydomain won't resolve, IP does - www works.

Similar Messages

• 12" Powerbook battery won't charge, fan does not work

  Thank you so much in advance for answering. I recently acquired a 12" powerbook with a broken hard drive. I replaced the hard drive and everything seemed to work fine, except that the fan was always on and the battery would only partially charge(to about 30%) and then would only trickle charge. The battery has 251 charge cycles and holds 82% of original amperage (at least it is supposed to). However, it only charges to about 30% (or about 1200 mAh) and then will only trickle charge from there. After browsing these forums I now think that I may have a bad logic board or DC in. It occurred to me that the fan issue and he battery issue might be linked, can anyone verify this? I am thinking that if the hard drive was broken, this computer could have been abused, heavily dropped, etc. Is there a way to check my logic board or DC in board? It could also be that I merely need a new battery, and the fan issue is unrelated. Help!

  Welcome to Apple Discussions!
  For charging issues, a good place to start is to reset the PMU:
  http://support.apple.com/kb/HT1431?viewlocale=en_US
  Did you get the set of discs that originally came with the powerbook? If so, one of them will contain the Apple Hardware Test, and you can run the extended version of it to check for hardware problems.
  The fan always being on might be an indication of processor heavy activity. You can check for this in Activity Monitor (in your Utilities folder in your Applications folder). Be sure to select "All Processes" at the top. Sometimes a process will hang up and hog the CPU, which will make the fan run and is hard on battery life. If the fan is no longer running, are you noticing any particular heat build up?
  I think your powerbook was from 2004, and since this is 2009, the original hard drive would be 5 years old, which is probably at the end of its average lifespan of 3-5 years of useful life. A failed hard drive does not necessarily indicate other abuse.
  After resetting the PMU and checking activity monitor, I think the next step should be to run the extended version of the Apple Hardware test and see if it tells you anything in the form of an error code.
  Good luck!

• Internal DNS resolution issue - almost all external sites working

  I administer an Xserve running 10.5.8 Server. This client is running internal DNS due to a few internal services (iChat, mail, VPN, etc) - but his website, of the same domain, is hosted externally at a hosting provider. This is where I'm running into odd problems. For examples:
  ichat.company.com - 10.0.1.100 (when inside the network, also has FQDN on Internet)
  mail.company.com - 10.0.1.100 (same as above)
  www.company.com - xxx.xxx.xxx.xxx (the actual public IP address of the web server at the host)
  Do I need to do it this way? If I don't define the "www" record internally, and point it to the external IP of the hosting provider for the website, the clients inside the network can't see the website, because the internal domain services aren't answering the "www" question and won't hand off to the internet records. It's frustrating because every time the client has a subdomain added to his website, i have to add a record on his internal DNS or it won't resolve at his office. example:
  newdomain.company.com - xxx.xxx.xxx.xxx (public IP of the web host, or it fails)
  Is there a way to have internal DNS for a domain answer most but not all questions for the domain?
  - Bill

  Just as an aside, you could potentially setup a subdomain for the internal systems, e.g. 'corp.company.com' and setup the internal services in this domain - ichat.corp.company.com, mail.corp.company.com, etc.
  Then to get to the internal systems users use those .corp.company.com hostnames and the rest of .company.com gets sent upstream.
  It may or may not be sufficient for your needs. This kind of model works well for static users that only work in the office but may not work so well for mobile users.

• Air port won't resolve DNS server

  I have been having problems getting my internet to connect automatically. It won't resolve the DNS servers on its own and I am having to keep entering them manually once the IP address have been found. Is there a way to fix this? I think I have all the settings on automatic.

  Try using non-automatic servers.
  In your DNS servers box in your network setup try these two 208.67.222.222, 208.67.220.220.
  Way to go Canada.
  Message was edited by: Donald Palmer

• Unable to set internal DNS

  I have an OS X 10.6.8 Server with DNS and Mail running on it.
  The internal domain does not match the external domain.
  Users can send and receive IMAP email on iPhones, iPads and laptops whilst outside the network using 'mail.mydomain.com' with corect account details.
  A and PTR lookups resolve correctly using the internal domain on the server and the external domain on the internet.
  webmail.mydomain.com also works perfectly outside the network but is unreachable using https://webmail.mydomain.com:443 internally - and it should.
  There is a ALIAS set up in the servers DNS that points webmail.mydomain.com (external) to server.mydomain.com (internal).
  I am using a ZyXel P-660HN-F1Z Router with the firewall turned off and all the port forwarding correct... otherwise the external mail wouldn't work!
  Previously we used a BT 2wire Gateway that didn't do anything clever - but all the mail worked internally and externally.
  Is it my router config, or the DNS on the server screwed?
  Would really love some help.
  Thanks
  Simon

  There's not enough information to be sure of your configuration.
  it would seem appropriate to set up your external domain - I'll refer to that external domain as example.com as your mydomain.com is a real and registered domain - as the MX record for your internal domain which I'll refer to as example.net. 
  With this configuration, there would be no internal definitions (A machine records or CNAME alias records for any of the example.com hosts in your internal DNS services.
  If you're using the same example.com domain both within your local network and a second example.com implementation on a second and separate and external DNS server configuration, then you'll need to reference all the hosts directly in both places; in your internal DNS services configuration, and you'll need to replicate all definitions of all hosts in your external DNS services configuration.
  See if your internal network can ping (if that's enabled) or telnet into port 25 or such using your external domain name, as that'll tell you if your router is smart enough to pass packages destined for your public static IP address back into your network.
  Your internal hosts should all references ONLY your local DNS server on your LAN, and NO other DNS servers.  Again, your internal hosts should reference ONLY your internal DNS server, and should not also reference your ISP DNS or other external DNS servers.
  There's a list of internal DNS services setup information here, and there are also links from that article to articles around setting up external DNS services; DNS inside your firewall, and DNS outside your firewall.

• OS X Server, Internal DNS and Apple Airport Extreme

  OK,
  There must be a way to do this. I cannot believe that this simplist of functions to a Wireless Router would have been missed off the new range of Airport devices.
  I have an OS X Server, serving DNS internally and forwarding lookups to the Airport which forwards on externally.
  Trouble is I want the Airport to connect to PPPoE and serve the guest network with DHCP and DNS but let my server do DNS on the internal network.
  Why is there not a simple box in setup utility that says "use this DNS server on the local DHCP network" or something a long theose lines. It seems mad that Apple have overlooked this, I can only say I am missing something.
  I have tried setting up a small range and putting in reservations but this limits your guest network to the same limited range so you end up with only room for two or three guests, this solution won't work for me.
  It seems stupid to put the ApE into Bridge mode as I can then not have a guest network and I shouldn't have to have two boxes to acheive what I am looking for.
  Rant over, any other help or solutions appreciated.
  Regards to all
  TMA.HA

  @MrHoffman
  Agreed, the Guest network will not have access to the local range. I missed that part.
  In my setup, the second DNS is google server because i don't want the internet to stop working if the local server is not operational, this way at least Internet will be available.
  - Client contacts Primary DNS, If it fails to reach it, it will go to the secondary. Well, to be more accurate, the OS will choose the fastest DNS server it can reach first. Ideally that would be the local server.
  In a normal day when everyting is up and running:
  - Client contacts the Primary DNS (OSX Server DNS), if the query is a local DNS record , it will serve the IP.
  - If the query is not a local record, it will send it to the forwarder DNS server defined in the DNS service (ISP DNS or Google DNS)
  For the guest network, It would be worth checking to do the following:
  - Add a second Wifi network interface on the server and connect it to the guest network IP address.
  - On the AirPort Extreme, put the Guest network IP address of the OSX Server in the secondary DNS field.
  In this case the guest clients will always try to reach the local network DNS first and then failover to the guest network IP of the DNS server.
  @piperspace
  Well, a home router is already working as a local DNS server that tries to resolve locally then forwards to an external DNS server when it cannot resolve the name.
  Primary and secondary in an enterprise space will surely be a main and a backup and both contain the same name spaces. But the point here was about home use and therefore the purpose will be a backup DNS server for the internet at least.

• Problem with DNS - ping/Safari cannot resolve, but host/dig work OK

  Hi All,
  Have a weird problem with DNS which is a bit similar to the following ones:
  http://discussions.info.apple.com/thread.jspa?threadID=2190208
  http://forums.macrumors.com/showthread.php?t=337942
  I connect with remote internal network via OpenVPN and from time to time (yes, intermittent problem :)) internal DNS names cannot be resolved.
  When it happens I can still resolve names using host or dig utilities, but applications (like Safari) and ping cannot resolve them.
  resolv.conf has proper DNS server set:
  *$ cat /etc/resolv.conf*
  *# Mac OS X Notice*
  *# This file is not used by the host name and address resolution*
  *# or the DNS query routing mechanisms used by most processes on*
  *# this Mac OS X system.*
  *# This file is automatically generated.*
  *domain openvpn*
  *search openvpn*
  *nameserver 10.0.0.1*
  More than that - it can resolve those internal names when queried directly, for example using host:
  *$ host YYY.XXX.ru 10.0.0.1*
  *Using domain server:*
  *Name: 10.0.0.1*
  *Address: 10.0.0.1#53*
  Aliases:
  *YYY.XXX.ru has address 192.168.x.y*
  but at the same time ping reports "*Unknown host*":
  *$ ping YYY.XXX.ru*
  *ping: cannot resolve YYY.XXX.ru: Unknown host*
  I tried "*dscacheutil -flushcache*" and it did not help. Also tried to comment out domain and search directives in resolv.conf and it did not help as well (and actually it should not matter).
  Any ideas why this can happen and what else can I check when it happens again?
  Thanks!

  I have the same issue. It cropped up after I installed updates to MS Office 2008 and Firefox in which I also saw issues with the icons disappearing in the dock of the applications that were open when I started the Office update. I rebooted to try to get them back, but ended up deleting them and restoring from the Applications folder. I don't know if that's a red herring or not, but I generally try to figure out what has recently changed that may cause something to suddenly start failing.
  I'd been working successfully all morning before it started acting up. Switching from wifi to cat5 had no effect.
  @realaaa, were you able to resolve without a major undertaking, like reinstalling your OS?
  pnmbp:~ pn$ dig goo.gl
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> goo.gl
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40996
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;goo.gl. IN A
  ;; ANSWER SECTION:
  goo.gl. 140 IN A 74.125.45.139
  goo.gl. 140 IN A 74.125.45.102
  goo.gl. 140 IN A 74.125.45.113
  goo.gl. 140 IN A 74.125.45.138
  goo.gl. 140 IN A 74.125.45.101
  goo.gl. 140 IN A 74.125.45.100
  ;; Query time: 27 msec
  ;; SERVER: 192.168.2.1#53(192.168.2.1)
  ;; WHEN: Mon Dec 13 16:59:34 2010
  ;; MSG SIZE rcvd: 120
  pnmbp:~ pn$ ping goo.gl
  ping: cannot resolve goo.gl: Unknown host
  pnmbp:~ pn$ curl <a class="jive-link-external-small" href="http://">http://goo.gl
  curl: (6) Couldn't resolve host 'goo.gl'
  pnmbp:~ pn$ host goo.gl
  goo.gl has address 74.125.45.100
  goo.gl has address 74.125.45.101
  goo.gl has address 74.125.45.138
  goo.gl has address 74.125.45.113
  goo.gl has address 74.125.45.102
  goo.gl has address 74.125.45.139
  pnmbp:~ pn$

• DNS in DHCP Pool (Internal DNS issue)

  I know that we can setup multiple DNS server under DHCP pool. But I like to make sure the order.
  I have multiple branch offices.
  Let us say that Branch 1 office has a router with 10.30.1.1 as default gateway.
  Our internal DNS is 10.0.0.1 and 10.0.0.2 as Pri and Sec.
  My order of DNS server is like below.
  1. gateway
  2. internal DNS
  3. public DNS provided by ISP
  I saw couple of issues that when I put internal DNS first. Particular situation is when IPsec is not working, users could not access internet through domain name because they had internal DNS which is not reachable.
  But, when gateway is first order, I am not sure whether user are able to access internal website because gateway DNS doesn't have internal DNS records.
  So, my question is that. what should be the best order for DNS setup under DHCP among default gateway, internal DNS and public DNS?  Our current setup doesn't have even gateway address, it only has internal DNS addresses only.      
  ip dhcp pool ccp-pool1
  network 10.30.1.0 255.255.255.0
  domain-name test.org
  default-router 10.30.1.1
  netbios-name-server 10.30.1.1
  dns-server  10.30.1.1 10.0.0.1 10.0.0.2 24.25.5.60

  Thank you, Richard.
  You are right. when I setup router IP for DNS server in DHCP pool. it did not work.
  Let me ask regarding external DNS forwarding.
    I like to know the process of exteranl DNS.
  User --> Internal website --> OK with internal DNS
  User --> External website --> Internal DNS forwarding to External DNS
  We have our own external DNS (ns), in this case, if external DNS (ns) is down, every branch users are not able to resolve any external IP because internal DNS can't get reply from external DNS?
  2nd question)
  IPsec is split-tunneled, but in this case, every DNS request goes internal DNS which is located in HQ and goes back through IPsec? Usually Split tunnel doesn't go internet traffic through IPsec but internet directly.
  3rd Question)
  what is for ip name-server x.x.x.x   when I setup ip name-server 8.8.8.8 and I tried to ping 8.8.8.8 from router, it didn't work. Am i missing something?
  https://supportforums.cisco.com/thread/230711
  Thanks for your time and knowledge.

• Internal DNS server and NAT routing issue.

  Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
  We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
  Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
  The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
  Thanks

  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
  The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.

• Internal & external Domain the same Cannot resolve Website

  Since moving my website from internal to a external hosting provider, I cannot browse the website from inside my LAN
  I have created the necessary A record with  www  and added the Public IP for the my website. 
  I have created a Delegation for the Zone in DNS and set it to my SOA dns server reported to me because the above would work. 
  I have seen this setup many times in other networks but i canot figure this one out.
  I verified there was no RDNS record anymore from the ISP as that was causing a issue before 
  From PC outside the LAN 
  C:\>dig -x 64.129.116.22
  ; <<>> DiG 9.3.2 <<>> -x 64.129.116.22
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 138
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;22.116.129.64.in-addr.arpa.    IN      PTR
  ;; ANSWER SECTION:
  22.116.129.64.in-addr.arpa. 86400 IN    PTR     mail.evolutionimpressions.com.
  22.116.129.64.in-addr.arpa. 86400 IN    PTR     ftp.evolutionimpressions.com.
  ;; Query time: 93 msec
  ;; SERVER: 24.92.226.40#53(24.92.226.40)
  ;; WHEN: Tue May 08 07:11:29 2012
  ;; MSG SIZE  rcvd: 105
  C:\>dig evolutionimpressions.com a
  ; <<>> DiG 9.3.2 <<>> evolutionimpressions.com a
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1120
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;evolutionimpressions.com.      IN      A
  ;; ANSWER SECTION:
  evolutionimpressions.com. 36945 IN      A       184.168.26.1
  ;; Query time: 21 msec
  ;; SERVER: 24.92.226.40#53(24.92.226.40)
  ;; WHEN: Tue May 08 07:13:18 2012
  ;; MSG SIZE  rcvd: 58
  From the DNS Server 
  C:\>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : EIS03
     Primary Dns Suffix  . . . . . . . : evolutionimpressions.com
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : evolutionimpressions.com
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
   VBD Client)
     Physical Address. . . . . . . . . : 00-19-B9-BC-3D-1E
     DHCP Enabled. . . . . . . . . . . : No
     IP Address. . . . . . . . . . . . : 172.16.1.5
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . : 172.16.1.177
     DNS Servers . . . . . . . . . . . : 172.16.1.5
  C:\>ping www.evolutionimpressions.com
  Pinging www.evolutionimpressions.com [184.168.26.1]
  with 32 bytes of data:
  Reply from 184.168.26.1: bytes=32 time=67ms TTL=59
  Reply from 184.168.26.1: bytes=32 time=66ms TTL=59
  Reply from 184.168.26.1: bytes=32 time=61ms TTL=59
  Reply from 184.168.26.1: bytes=32 time=89ms TTL=59
  Ping statistics for 184.168.26.1:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 61ms, Maximum = 89ms, Average = 70ms
  C:\>nslookup
  Default Server:  eis03.evolutionimpressions.com
  Address:  172.16.1.5
  > www.evolutionimpressions.com
  Server:  eis03.evolutionimpressions.com
  Address:  172.16.1.5
  Name:    www.evolutionimpressions.com
  Address:  184.168.26.1
  > 
  I can make the users put the www in front of the domain name but i cannot for the life of me figure out why this isnt working... 

  Running either an nslookup or a DIG on my part shows the following:
  ==========================================
  c:\DIG>dig evolutionimpressions.com
  ; <<>> DiG 9.8.0 <<>> evolutionimpressions.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37852
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;evolutionimpressions.com.      IN      A
  ;; ANSWER SECTION:
  evolutionimpressions.com. 86400 IN      A       184.168.26.1
  ==========================================
  c:\DIG>dig www.evolutionimpressions.com
  ; <<>> DiG 9.8.0 <<>>
  www.evolutionimpressions.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55452
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;www.evolutionimpressions.com.  IN      A
  ;; ANSWER SECTION:
  www.evolutionimpressions.com. 86400 IN 
  CNAME   evolutionimpressions.com.
  evolutionimpressions.com. 86400 IN      A       184.168.26.1
  ==========================================
  A reverse on 64.129.116.22:
  c:\DIG>dig -x 64.129.116.22
  ; <<>> DiG 9.8.0 <<>> -x 64.129.116.22
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34360
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;22.116.129.64.in-addr.arpa.    IN      PTR
  ;; ANSWER SECTION:
  22.116.129.64.in-addr.arpa. 86305 IN    PTR    
  ftp.evolutionimpressions.com.
  22.116.129.64.in-addr.arpa. 86305 IN    PTR     mail.evolutionimpressions.com.
  ==========================================
  A reverse on 184.168.26.1
  c:\DIG>dig -x 184.168.26.1
  ; <<>> DiG 9.8.0 <<>> -x 184.168.26.1
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52143
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;1.26.168.184.in-addr.arpa.     IN      PTR
  ;; ANSWER SECTION:
  1.26.168.184.in-addr.arpa. 3600 IN      PTR     p3nlhg290c1290.shr.prod.phx3.secureserver.net.
  ==========================================
  In summary, it appears 184.168.26.1 is the record for both
  http://evolutionimpressions.com/ and
  www.evolutionimpressions.com.
  But I noticed, is that when I typed in
  www.eveolutionimpressions.com, it redirects it to
  http://evolutionimpressions.com/ .
  This is because www.evolutionimpressions.com is a
  CNAME for http://evolutionimpressions.com/ (without the www). 
  Therefore that concludes me to believe that's why internally you can't access the site. This is because no matter what you do, since evolutionimpressions.com, and the CNAME is always reverting it
  http://evolutionimpressions.com, and your AD name is
  evolutionimpressions.com, you are always accessing one of the internal DCs' LdapIpAddress. Note: each DC creates this record. You can't alter it!
  How do you get around that? Not so simple. What I would normally suggest (disregarding the security implications), is to install IIS on each DC, then in the default website properties, create a redirect to
  www.evolutionimpressions.com. HOWEVER, because the website is always redirecting to
  http://evolutionimpressions.com due to the CNAME, it won't work, and will create a redirect loop.
  I haven't seen this scenario before.
  The simple fix I would believe and suggest to ask whomever created the public records for the site to
  eliminate the CNAME and simply create two A records:
  evolutionimpressions.com            A     184.168.26.1
  www.evolutionimpressions.com    A     184.168.26.1
  Then either always only use www in front of it, or do the IIS trick/workaround above. Here'a little tidbit - in the browser, simply type in
  evolutionimpressions (without www or com), and then hit CTRL & <enter>, and the browser will add the WWW and COM to it.
  Here's more on that DC IIS trick/workaround:
  Can't Access Website with Same Name (Split Zone or no Split Brain)
  Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
  For no WWW in front of URL, scroll down to "So you don't want to use WWW in front of the domain name"
  http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
  Ace Fekay
  MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Access website with same name as internal dns...

  Hi there
  I've set up a server with internal dns zone as 'example.com' with the machine name being 'server.example.com'
  Everything has been going well, but we cannot now access our externally hosted website at 'www.example.com' I now realise from looking at other posts on the web that perhaps I should have not used the same dns address internally as is used externally, but we have plans to bring mail servers in-house and so thought that this would be the correct way to go.
  Can anyone offer advice on the correct way to resolve this?
  Thanks

  From what you're saying then, I need to change the DNS host name of the internal network to example.net or similar.
  You can use a level within your own domain, such as server.internal.example.com, where server is the host name and internal identifies a host within your network, and example.com is a domain you own. Larger networks use this construct to identify hosts within a corporate site or a particular building, such as www.corp.example.com, www.frobnitz.example.com and www.boston.example.com.
  I assume it doesn't matter if I don't own the domain example.net?
  Do not use a domain that you do not have permission to use.
  Only use domains you own (best), or domains that will never be activate.
  It's best if you use a domain you own or a subdomain of a domain you own, or (less desirably, but functional) use a Top Level Domain (TLD) string that will never be a domain (a completely made-up domain such as server.tvkiddomain where tvkitdomain is a text string that will never match a real domain such as .COM or .NET or .BIZ or .TRAVEL or the country codes or the gazillions of these TLD strings that are coming on-line. (That there are TLDs coming on-line makes this somewhat more risky; you can end up using a domain you don't own of somebody lights up a matching TLD.)
  The second parallel domain is small cost and simple, particularly as you need few or no services for it from your registrar. (When I buy domains for a site, I usually purchase several TLDs around the domain -- such as the classic big three .COM, .NET and .ORG -- and then have these available for just this sort of purpose. It's easier to buy these up front than to add them later, given the usual domain squatting that can happen. And it's not much money. And it's flexibility for later network activities, and far easier to describe and to support.)
  Will the changeip command change the DNS name of machines that I've set up, so that server.example.com will be renamed server.example.net? I assume I'll need to unbind and rebind any client machines that I've bound to the server?
  changeip would be the tool I'd use, yes. And I'd reconnect, yes. There's a DNS command around that flushes the DNS caches on the clients; you'll also need to clear that.
  Prior to Leopard, on each DNS client:
  sudo lookupd -flushcache
  Leopard DNS cache flush, on each DNS client:
  sudo dscacheutil -flushcache
  Thanks for the pointer to the other post, was helpful, but I think that changing the internal DNS host name will be the simplest option...
  IMO, the simplest option is to avoid domain name collisions and to avoid domains you don't own; to maintain the basic operations and assumptions of DNS.
  Bad DNS is one of the few things you can do that can screw up other hosts and other sites on the Internet.

• Is anyone set up to use anycast for internal DNS?

  Good Afternoon,
  I've been considering using Anycast to provide some redundancy for internal DNS lookups. Configuring DNS and subsequent slave zones in Leopard is easy enough and as I understand it, Anycast is just a way of configuring routers so that one IP address can resolve to many different machines.
  I see some of the benefits of using Anycast in that we can have the same 2 dns ip addresses in perpetuity and that as long as one node is up, people will be able to get out.
  So my question to you guys: Has anyone done this? If so, is there anything I need to look out for before I start? Is there something you wish you'd known before you started down this path.
  I'd love to hear your experiences and read any documentation you might have kept. I thought Mr Hoffman's write up on his DNS services was really excellent btw.
  Cheers,
  dave

  Do you have a particularly large infrastructure?
  IP Anycast is usually implemented via BGP announcements from your router(s), with each router using the BGP tables to determine the 'best' server to use. If you're doing this for internal DNS then that assumes you're already running IBGP.
  Even then, BGP is a pretty dumb protocol - all it does is say 'hey, here's how to get to a.b.c.d IP address'. It has no idea whether the specific server/service you're after is available at that address.
  In other words, even if you setup IP Anycast via IBGP you'll still have clients routing to a dead server unless you can somehow update your BGP tables when a server goes down. Not a trivial task for most routers.
  It sounds like what you really want is more load balancing than IP Anycast. There are numerous load balancers than can do this. Another option (if your DNS servers are physically close) is to use some kind of failover process so that the second server assumes the role (and IP address) of the first server should it fail (and vice versa). That option is built-in to Mac OS X Server (although it takes a little command-line jiggling to get it working).
  Then again, the whole point of defining multiple DNS servers on the client is that the client will automatically fail over to alternate servers if it doesn't get a response from the first - in other words, the clients already have built-in failover for DNS (although the user will notice lookup delays when the primary server is offline).

• EA6500 internal DNS

  Hi All,
  I  upgraded from a WET610N to the newer EA6500 recently.  I have a problem with connecting using my public DNS name to the local network.  It works when I am not on the internal network, but not on the internal network itself.  I do see using the prompt that the name is resolved properly using nslookup.  None of my machines have any entries in their /etc/hosts, so they rely on the public DNS lookup.  Entering the IP Address locally also works, but I would rather not make /etc/hosts entries for my machines.  Any ideas where to look?
  Regards, Brian

  I have read about this from other posts here in the forum. I believe your concern has something to do with it. To protect your router against possible DNS Rebinding Attacks, certain actions will not work from behind a router. Pinging the router’s WAN IP address from a client that is behind the router will not work. To test this functionality, this must be done from the outside of the router or remote area.
  To read more about DNS Rebinding Attacks please check the links below:
  http://blog.trendmicro.com/trendlabs-security-intelligence/protecting-your-router-against-possibl-dn...
  http://blog.opendns.com/2010/07/27/calling-craig-heffner/

• External DNS zone on Internal DNS servers

  We currently have a 2 domain forest with DNS running on all domain controllers. All domain controllers are 2012 or 2012 R2 and our Domain and forest functional level is set at 2008 R2 due to the existence of an exchange 2003 server which wont be retired
  for several months. We have 2 DNS servers in the root domain and 4 DNS servers in the child domain. This is a centralized DNS setup. Our parent domain is DOMAIN.LOCAL and the child domain is XX.DOMAIN.LOCAL. Externally, our DNS is MYDOMAIN.com. we
  do not have a public facing DNS server and our DNS records are hosted by a 3rd party
  We want to add the MYDOMAIN.COM DNS zone internally (AD Integrated) since we have several instances where applications do not really work well with the XX.DOMAIN.LOCAL DNS. We want this zone to host several DNS records for internal resolution
  only since we do not have any public facing applications or web servers such as SharePoint etc.
  My question(s) is this?
  How is the best way to do this and how will it affect the zones we currently have in place.
  Is it as simple as creating a new forward lookup zone, adding static records?
  How do we (or do we) handle delegation?
  Any information or suggestions to get me started would be greatly appreciated.
  Russ

  Hi,
  I’m not quite understand your question, do you want to create a new primary DNS zone on your current DNS server? If so, you
  just need to create a new primary, you can create the additional primary DNS zone.
  The related KB:
  Configuring a new primary server
  http://technet.microsoft.com/en-us/library/cc776365(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Handling Dyn DNS Active/Failover service while also hosting internal DNS

  I want to try and take advantage of using Dyn DNS failover service for our websites, to where it will detect when our primary public IP address to webserver goes down and will automatically update the dns record to use our 2ndary public IP address in our
  failover site.  The only trouble i'm running into is we also host the domain name internally as well which we normally point to the private of the web server in our primary site.  is there a way to just have the request for that one specific A record
  to go to an external dns server to get resolved while the remaining records can be resolved internally by that server?  tried round robin with the 2 ip's addresses but does not work as i need it to.  Thanks any help is appreciated.
  Michael Duhon

  Hi,
  According to your description, my understanding is that you want the customer to access the website by another public IP when the current public IP down: request for specific A record to go to an external DNS server to get resolved while the remaining records
  can be resolved internally by that server.
  Usually we can use DNS conditional forwarder to redirect the query for a specific domain name to another DNS server, but we can’t specific a DNS server for an A record query.
  Or, you may try to manually add the record in local hosts file.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]