LAN Backup on DNS-320L

Similar Messages

• LAN okay WAN DNS problem

  I've already found a workaround to this wi-fi related problem that I did not have with my pre-unibody MBP with Snow Leopard, but cropped up when I moved to a MBP with Retina with Mountain Lion.  Just wanted to ask whether anyone else has run into the problem and found a fix for it.  Here's a description of the problem:
  a.  My home LAN is on a Netgear UTM-5 and it is the gateway device to my Internet ISP.
  b.  When connecting the MBP-ML to the LAN wired (with LAN IP provided by UTM-5 DHCP), both Internet and LAN access are okay.
  c.  When connecting the MBP-SL to the LAN via wireless AP (with reserved LAN IP provided by UTM-5, not DHCP); both Internet and LAN access are okay.
  d.  When connecting the MBP-ML to the LAN via wireless AP (with reserved LAN IP provided by UTM-5, not DHCP); I have LAN access, but no Internet access.
  Upon further investigation, I find that the MBP-ML probably cannot reach the WAN DNS servers.  Ping of WAN gateway IP address is okay, but ping of primary and secondary DNS addresses fail.
  e.  When connecting MBP-ML to LAN via wireless AP (with LAN IP provided by UTM-5 DHCP), both LAN and Internet access are okay.
  For my network configuration, connecting the MBP-ML to my LAN via wireless AP with a DHCP provided IP address has no issues; but connecting wireless with a reserved IP address on the UTM-5 creates a problem for Internet access.  This was not an issue with my pre-unibody MBP-SL which connected using a reserved IP address on the UTM-5 for years and worked just fine.
  As mentioned, I found a workaround (connect wireless using DHCP).  However, I've not found the cause of this problem; just thinking it may be ML since my MBP-SL worked okay.  Some sort of security 'enhancement' blocking something??

  Yes it does, and ive found my problem. It was my iMac not functioning with connection sharing properly. I stopped it and started it again and there we go, fixed (i hope :))

• DNS Registration for clients with WLAN and LAN adapters

  I have read a number of articles and it seems that there are a number of people who have problems with DNS and workstations with both WLAN and LAN adapters. I haven't however found workable solutions.
  Workstation Connection Objective:
  To enable DNS discovery and Ip connection to client workstations regardless of whether the client is using the WLAN or LAN. Enabling users to use either Wireless or LAN adapter adhoc. ie they dock their laptops at their desks, and undock to take their laptops
  to meetings or consulations with peers. I need to be able to discover and connect to the workstations irrespective of the adapter being used at any time.
  Most people seem to try to control which interface is used on the workstations, ie disable WLAN and only use LAN etc. Trying to disable interfaces isn't going to be feasible and its very inflexible.
  I believe I can ensure that the workstations use the NICs in our preferred order:
  1. LAN
  2. WLAN - Our wireless network isn't as fast as the LAN.
  By setting specific DHCP metric for the WLAN Router to be higher(ie 2) than the LAN(1). When the LAN isn't connected traffic will route via the WLAN adapter and when the LAN adapter is connected, its router metric will be lower and it will be the preferred
  gateway/route.
  But how do I solve the DNS resolution for connection to that asset?
  If I disable DHCP Server updates into DNS and allow secure updates from the client. It would be really good if DNS client behaved in the following manner
  1. The LAN adapter(referred to as primary ie LAN) with the lowest metric(ie 1) registers/auto updates DNS with the ip(both A and PTR). Any other Adapters don't register. - ie the WLAN
  2. The Laptop is undocked and the LAN adapter goes offline, the DNS Client then triggers a registration/auto updates its existing DNS entry with the ip from the next adapter(WLAN) with the next lowest gateway metric(2)...hence replacing the first ip registered.
  3. The laptop is docked again, and DNS Client triggers a registration/auto updates its existing DNS entry with the IP from the primary adapter(LAN), replacing the WLAN ip.
  So there is only ever 1 ipaddress registered for a workstation and it will always be a valid address. Then I don't need to be concerned about whether the user has the wireless turned on and docked.
  Being able to discover and communicate with all our workstations in our sites is crucial requirement....
  This microsoft article says, http://technet.microsoft.com/en-gb/library/cc771255.aspx
  Dynamic updates can be sent for any of the following reasons or events:
      * An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
      * An IP address lease changes or renews with the DHCP server any one of the installed network connections. For example, when the computer is started or if the ipconfig /renew command is used.
      * The ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS.
      * At startup time, when the computer is turned on.
      * A member server is promoted to a domain controller.
  However from what I am reading, both adapters(LAN,WLAN), if configured to update DNS, will register their Ip addresses. Which leads to an invalid DNS entry if the laptop is undocked, as the IP for LAN adapter isn't removed.
  Has anyone solved this problem for their organizations without
  1. Controlling which adapter is used - large management overhead
  2. Only allowing one adapter to register with DNS
      - If using LAN adapter for DNS, then anytime the user is using WLAN, their workstation doesn't have a valid DNS entry. Which also impacts Kerberos.
      - If using the WLAN, then we would have to invest a large amount of money into Wireless to provide the necessary bandwidth
  3. Setting GPO's to configure dns updates every 30mins on clients
      - Inconsistent results...which I think is sometimes a worse problem
  4. Defining separate DNS suffixes for their WLAN networks (I read some people did this)
      - This doesn't remove an invalid DNS entry ie the ip(LAN adapter) DNS entry if the laptop is undocked
      - It also creates problems with kerberos, if the host is registered under a separate DNS suffix from the Active Directory domain name

  Hi,
  From my point of view, DNS can't be so smart.
  As a workaround, please try the steps below,
  Disable the DNS register of wireless adapter
  Put "ipconfig /regiserdns" in a bat file
  Everytime when the wired network is undocked, run the bat file.
  If the wired network is docked, wired adapter will register the DNS record.
  When the wired network is undocked, run the bat file, then the wireless adapter will register the DNS record.
  If the wired network is docked again, wired adapter will register the DNS record automatically.
  Best Regards.
  Steven Lee
  TechNet Community Support

• DNS, Open Directory, and wow my head hurts

  OK, I’m slowly pulling my ear hairs out over this.  My comprehension of the DNS world is modest at best (I know enough to get into trouble). I did not set up most of this (not the DNS parts anyway), and I’m trying to unravel what exactly is going on.  Maybe it’s exactly as it should be; but it seems awfully convoluted to me, so if you’re bored and want to show off your expertise and ability to explain it to a kindergartener, please read on…
  Let’s say my Domain is mydomain.com. (You can probably figure out what it really is, but I’d rather not sprinkle a post with it.)
  Our firewall is a Sophos UT320. It obviously supports forwarding of DNS info from our ISP.  While it’s own documentation says it does not have a full-fledged dns server, it does have something called “Static Entries” which seems to be a bare-bones dns server of sorts. I can set any static domain name (myserver.mydomain.com for example), point it to a server on our lan, and everyone internally can get to that server by using myserver.mydomain.com instead of 192.168.blah.blah.  It also supports reverse DNS, so if I issue a host 192.168.blah.blah command from my computer, I get “blah.blah.168.192.in-addr.arpa domain name pointer myserver.mydomain.com.” My guess is that it’s only serving up A records.  No one from outside our LAN can access these servers or records (unless they’re on a VPN of course).
  Now, in our lan, we have a bunch of Mac Servers.  Our Open Directory server has DNS service enabled on it, and the primary zone is set to od.mydomain.com.  It has some A records pointing to myserver.mydomain.com, myotherserver.mydomain.com, etc.
  Another server, located at, myserver.mydomain.com, has a DNS service who’s primary zone is mydomain.com (yes, it matches our external domain name). It contains A records for itself, the OD Server, and others.
  Reverse lookup works fine throughout the lan.
  All DNS Servers’ Forwarders are our router.
  I did a test where I turned off all these internal DNS servers (yes, there’s more) and pointed all the servers to the router. It seemed fine at first, I could issue HOST commands to and from every server to every other one and resolve both names and addresses.  The router seemed to be doing fine.
  After a day or so (I assume after the TTL elapsed), people started getting permissions errors on the servers, so I turned it all back on.
  This is with 10.6.8 Servers (one is running 10.9 but it doesn't seem to have DNS running).
  So here’s my questions:
  Why would my OD Server’s DNS Service’s primary zone be “od.mydomain.com” and not just “mydomain.com”?
  Does it make sense (or even matter) to have these DNS entries ending in mydomain.com when that’s our website’s address? (We host our own site and email server, btw.)
  Why would OD not work after all these DNS Servers were turned off, when HOST command shows it can get to every other machine and they can get to it?  What else, besides the A record and reverse lookup, could be included in the full-blown DNS servers that wouldn’t be in the Sophos bare-bones one, but still allow reverse lookups to function?  What else does OD want from DNS??
  Wouldn’t it be better, even if this all was necessary, to set up a single internal DNS Server (ok, maybe plus a backup)?  Why would this service be running, with a variety of A records, on almost every server we have?
  Is there a site that can explain DNS, and actually define every acronym, abbreviation, etc it uses?  Every time I try to learn something I go down a wiki rabbit hole.
  Thanks!
  Jeff

  OK, the answer to this seemed to be to not rely on Sophos' "Static Entries" DNS functionality.  Even though it allows "HOST" commands to work for both reverse and forward lookups, OD and/or Kerberos needs more.  Once I made a zone on our OD Server that listed itself, our replica server, AND our email server (which uses Kerberos), and made what I think is now a proper secondary DNS server on our replica server, and pointed the OD server's DNS to itself, the replica to itself, and kept the email server using the Sophos for DNS, it worked.

• Problem with Jabber and file transfers WAN - LAN-Users - a solution!

  Hi,
  I read a lot of messages about problems with file transfers between iChat-Users, if one (or both) are behind a NAT.
  I had this problem to and found an easy solution:
  My situation
  iChat-Server behind a Netgear ProSafe FireWall. I opened the needed Ports including Port 7777 (the Port for the iChat-proxy (proxy65).
  The iChat-Server is configured to host the domain "server.ourdomain.com" (as an example).
  This address can be reached from the LAN and also from the WAN-side.
  From the LAN-side the DNS redirects to 192.168.1.1, from the WAN this domain redirects to our official IP-address (the WAN-IP of the FireWall).
  I tried nearly all kinds of mentioned solutions, but nothing helped.
  The really easy solution is: I just added our official IP to the "Hosted Domains" in the iChat-section of Server-Admin.
  After that change, the transfers are made via the proxy65 of iChat-Server. The transfers are shown in the log /private/var/jabberd/log/proxy65.log.
  I think, that the other posters who also have this kind of problem are working in a similar setup (domain name of server is used from the LAN AND the WAN-side with different IP-addresses (LAN-IP & WAN-IP).
  This solution will only work, if the WAN-IP is a fixed address.
  svenc

  Until the introduction of file promises in AIR Athena, it  has never been possible to drag remote files out of an AIR application.
  You could refer to the http://www.adobe.com/devnet/air/flex/articles/using_file_promises.html
  Hope this is helpful. Please let me know if I could help more.

• Lumia 520 DNS & Wifi problem

  Hey,
  SInce my ISP told me to shut off my DNS Proxy from my router, the Wifi on my Lumia doesn't work anymore. My 520 automatically selects the wrong DNS and I can't change it from the phone. My router is the TeleWell EAV510. I have tried to change the DNS Server primary and secondary to my ISP's DNS, but the phone still picks up the wrong DNS.
  I found these instructions too: http://setuprouter.com/router/telewell/tw-eav510/dns.htm
  but I don't have any DNS settings under LAN. My DNS settings are a separate menu on the left side.
  Solved!
  Go to Solution.

  Hi shakeer,
  Welcome to Microsoft Mobile Community.
  How's your phone doing so far? Are you currently facing any issues with it? If yes, is it somehow related to the topic being discussed above? You can give us more details of your query so that the community can provide you with the best answer.
  To know the do's and don'ts on the community, you can check our guidelines here: Guidelines – read these first!.
  We look forward to your reply.

• MS SQL 2008 R2 Named instance: Login failed. Microsoft SQL server, Error: 18452) - Tryig to access using the FQDN assigned for the backup network card.

  Hi,
     I have a windows 2008 R2 Enterprise servers with standalone MS-SQL 2008 R2 named instance.  The server is having two networks, once production and the second for backup. The server FQDN is resolving to the production IP. The backup NIC
  DNS dynamic update is disabled and an "A" record is registered with the dns.  While trying to connect to the instance using the management studio:
  Successfuly able to connect using the instance name, the production hostname, production IP and backup IP. 
  but while trying to connect to the insance using the backup hostname getting the below error:
  "Login failed. The login is an untrusted domain and cannot be used with windows authentication. (Microsoft SQL server, Error: 18452) "
  This is required for the backup tool to get connected using the backup FQDN of the server.
  Should I need to create a host name alias,  request you to kindly assist me with the best recommedation to fix this.
  http://blogs.msdn.com/b/dbrowne/archive/2012/05/21/how-to-add-a-hostname-alias-for-a-sql-server-instance.aspx

  Hi,
  It might be a kerberos issue.  Check that there are valid SPN's registered using the setspn utility - http://technet.microsoft.com/en-us/library/cc731241.aspx
  Thanks, Andrew
  My blog...

• DNS Management in OS 10.6.3 Server

  We are currently running Mac OS 10.4.11 server, and we will soon be upgrading to Mac OS 10.6.3 server on a new Xserve, and I have a question about how DNS is managed in Mac OS 10.6.3 server.
  We run DNS internally only. On our 10.4.11 server, we switched to manually editing our zone files in command line rather than managing our DNS records in Server Admin because of a couple of problems.
  Let's use mydomain.com as our example domain. Server Admin automatically makes the 'A' record of the zone (mydomain.com) as the same IP address as the OS X server itself (host.mydomain.com / 192.168.0.5). Our problem is that our company's website is hosted offsite. So, if someone on our LAN opens a web browser with the domain, mydomain.com, it opens to an error (instead of our website) as our OS X server is not running web services. For a number of reasons, our web developer has the website setup as domain.com and redirects any requests to www.mydomain.com to mydomain.com because the SSL certificate and search engines were setup for the address mydomain.com INSTEAD of www.mydomain.com. We cannot change this until the next overhaul of our website (which could be years).
  As a workaround, I went into command line and started editing our zone files manually. So, I changed the 'A' record of mydomain.com to be the IP address of the server that is hosting our website externally. That fixes our problem.
  However, editing zone files in command line has its own problems, and I would prefer to do it from Server Manager.
  So, does Server Manager in 10.6 have the same problem in that it makes the address for the 'A' record for mydomain.com the same as our OS X server host.mydomain.com?
  And secondly, is there another way in our OS X server of directing internal web requests from LAN workstations for mydomain.com on port 80 and 443 to our website that is hosted offsite?
  And thirdly, would it be better to register a second domain, mydomaininternal.com (for example), and use this zone on our OS X server rather than using mydomain.com?
  Thanks for any advice.
  Tyler

  Thanks.
  I should have mentioned that I already have an 'A' Record setup for www which points to the external IP of the site. The problem is our web hosting company has an internal redirect on the server hosting our website directing 'www' to 'yourcompanysite.com' (for the reasons I mentioned in the previous post) so of course when the workstations on our LAN query the DNS server (If we were to use Server Manager) it would automatically set the IP address for 'yourcompanysite.com' to the IP address of the OS X Server. So in Mac OS 10.6 server is it possible to manage DNS using Server Manager without it automatically making the A record for 'yourcompanysite.com.' the same address as the server?
  My xserve is scheduled to ship out next week, so I am just doing some prelimary thinking and planning.
  Thanks!

• WRT54G....Can I set DHCP to use the router for DNS instead of external DNS?

  Hi folks. I cant' get my router to have DHCP tell my PCs that the router should be the DNS server instead of the external servers it is using. I am using Comcast Cable internet. It sets the external DNS servers for every PC that connects to it and I have problems finding my PCs on my network by NetBIOS name because the external DNS servers obviously don't store my local PCs. How can I set the router up to set DHCP to use the router for DNS?

  If you cannot set the DNS server in the configuration page for the DHCP server in your router then your router does not support this.
  This won't solve your problem though. The DNS server on the router is a simply forwarder. It simply forwards the DNS requests from your computer to the ISP's DNS servers. The DNS server does not accept dynamic updates to a private zone inside your LAN. And DNS is pretty much unrelated to the standard windows workgroup browsing which does the actual name resolution inside your LAN. That name resolution even works without a router inside your network. Basically all windows computers in your network periodically broadcast their name to the network. One windows computers is elected "master browser" which collects all these names and provides the name resolution service for all computers in the workgroup.
  If this does not work it is most likely a windows configuration problem. It could be a software firewall on the computers which blocks traffic. It could be that the computers are not setup for file/printer sharing and thus have the computer browser disabled. It could be that your computers have a WINS server configured which does not exist. There are probably more causes. The better source to ask this question would probably a Microsoft support group. They deal with these kinds of issues more often and maybe a MVP may be able to point you into the right direction or give some links to step-by-step instructions...

• DNS error - "requires at least one Nameserver"

  Hi,
  I have a working Snow Leopard  10.6.8 server - working in all respects except DNS.
  I decided to take the advice of posters on this site and turn off dns and re-enter it from scratch.
  I was able to delete all of the settings on the Zones tab, EXCEPT for the primary zone.
  When I delete it it just re-appears by itself !
  I then try to enter the data that is correct for the name server by clicking the + button under Nameservers.
  When I enter the correct data and click OK, it says "Some configuration data is invalid: The zone..... requires at least one Nameserver" !
  Well... I'm trying to enter exactly that!
  Anyone have any clues how to fix this?

  I saw similar behavior recently on one server I was working on.   (This was with the 10.6.7 and associated server tools; haven't been down this path with 10.6.8 and the updated server tools.)
  If what I saw is similar to what you're seeing here, then try this...
  First, if you don't have a recent backup copy of your boot disk that you trust and are willing to use, then back up your boot disk before you proceed by booting a distribution disk and using Disk Utility to make a full copy of your boot disk to external storage.   This backup is your path back to operations if Badness Happens.
  Once you have rebooted your system from your backup, stop DNS services and exit Server Admin, if either or both are running.
  Then launch Terminal.app, and navigate into and delete or rename the Server Admin properties list file:
  ~/Library/Preferences/com.apple.ServerAdmin.plist
  Then relaunch Server Admin, and you should be able to fix your DNS services.
  This is your local copy of the preferences file for Server Admin, not a system-wide preferences.
  The "immutable" DNS settings were (after digging around) being recovered from the plist file.  (I've also had rare occasion to edit that plist file, when things go Really Wonky, and to change the immutable settings to some other temporary domain name, which then let me Get On With It All with the intended domain name.)

• Suddenly can't access shared drives on LAN but can access shared folders

  This just happened this past week.  Prior to last Monday everything had been working fine for over a year.  Here's the scenario:
  I have a LAN with a Tower Computer, a Desktop and a Laptop.  The tower computer has two external 2-bay cabinets connected via e-SATA.  One cabinet has two drives configured as Raid 1 (i.e. 1 mirrored logical drive and has the 'shared
  name' "Raid1-Array and the drive letter of Z: ), which is a repository for data that must be available to all computers on the LAN.  The other cabinet has two individual drives used for backup (stored offsite and only installed once
  a week).  One of the latter is for backup of the "local" Tower (Drive G: - not shared), and the other is shared for LAN backup of the Laptop ('shared name' "LT-Backup" and Drive F:).
  Suddenly this week, the laptop can no longer access the shared repository (Z:) nor its shared backup drive (F:) on the Tower.  As a temporary solution for the backup, I shared the laptop's backup folders of F:, and
  for some unknown reason the laptop can access those, but not the F: drive itself.  When I try to access Z: or F: using File Explorer I get an error message saying:
  "Windows cannot access \\TOWER-755\LT-Backup  You do not have permission to access
  \\TOWER-755\LT-Backup.  Contact your network administrator to request access"
  All of the computers are in the same "WORKGROUP" and the same "HomeGroup", and I've gone through all the Help & Support texts and have run every diagnostic that I could find, but all to no avail.
  Another creepy thing is that the desktop (the third computer on the LAN/WORKGROUP/HomeGroup) CAN access the drives, but that computer is only here temporarily while I'm working on it.  In light of this I'm assuming that the problem lies with the
  Laptop, but for the life of me I can't figure out what/how.
  I'd be very grateful for any/all help to resolve this mystery.
  Capt. Dinosaur

  any changes before this issue happen? any other device connected and facing same issue
  did you check folder share permission setting?
  how about you re-edit the setting for user name password

• DNS resolving to external IP when ping.

  Hi expert folks...have a question....when pinging to some of the client with in the LAN it resolve to external public IP instead of private IP ...i had checked and confirmed the client that that clients configured to DNS server IP with in the LAN.No external
  DNS been configured...this doesn't not occur all the time with all clients...its happened some time with some clients...after few minutes when we re-ping or after refresh it is back to normal private IP.....Could please advice what could be the possibility
  of this..?

  Hi...Thanks for your guidance ...I had verified the configuration you mentioned on your post... DNS search suffix order was fine so i haven't made any changes on that ...also TTL time remains as default...i found that some clients have external
  DNS on their DNS configuration list ...I had removed those........still i wonder even if external DNS configured it should be only in action ,when primary and secondary internal DNS cannot resolve .Also another interesting this i noticed ,when the address
  resolved to external DNS the TTL is 65 and when it resolve to internally TTL 128 for all clients.I guess it  jumping to external DNS bypassing internal DNS servers.So far i haven't experience same issue again that's why I cannot provide the outcome of
  nslookup...appreciate your help and guidance.
  The root cause was the external DNS servers on your clients. The DNS client side resolver service algorithm, looks at the first entry, and ONLY if it does not answer, which results in a NULL or NACK response, will it go to the second entry. If it does answer,
  even if the answer is an "I don't know," the client will take that as an answer and look no further. This algorithm, in case you're wondering, which many do, is not just the way Microsoft operating systems work. It's based on the IETF RFC industry standards
  that all manufacturers must adhere to.
  The proper way to configure all machines, especially in an AD environment, is to only use your internal DNS servers on every machine, nothing else, including the router as a DNS address (you would be surprised how many do use that because the ISP told them
  it's ok), and in your DNS server properties, you can optionally configure a forwarder to your ISPs. That's the only place any external DNS servers can exist internally, in a Forwarder or Stub.
  More on the resolver service:
  This blog discusses:
  WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
  Client side resolution process chart.
  The DNS Client Side Resolver algorithm.
  If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
  DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
  Client side resolution process chart
  Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM  1764  1
  http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx
  DNS Clients and Timeouts (Part 1 & Part 2), karammasri [MSFT] Dec 2011 6:18 AM
  http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
  http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Network Service Order Causing Conflict with Private DNS on Local Network

  I'm currently working on deploying a Snow Leopard Server-based setup for a university student-run television station, using a Mac mini Server. Because our university's own networking infrastructure is somewhat wonky and restrictive, I have recently networked our station's six other computers and the Mac mini Server together through wired Ethernet, using an AirPort Base Station as a router along with some D-Link Ethernet switches.
  As a result, our computers are networked together on their own network completely independently from our university's network, but because this wired network has no internet access, all of our computers connect to our university's wi-fi network over AirPort for internet access.
  I've set up Snow Leopard Server with a private DNS name "atvserver.private" and am intending to use this server internally for file sharing, directory services, and Wiki Server (and possibly Podcast Server). However, because of the service order in Network Preferences, if our client computers are set to give AirPort priority, then they can connect to the internet, but cannot connect to the server's private DNS. On the other hand, if our client computers are set to give Ethernet priority, they can connect to the server, but lose their internet connection.
  The only solutions that I can think of are:
  1) Bridge the university's internet connection on our private wired network (but the university will not allow us to do this because it violates their security policies), or
  2) Come up with some way to bypass the networking service order so that "atvserver.private" goes to the Ethernet network, while everything else goes to the public internet over AirPort.
  Any ideas on how to solve this problem?

  What's the ip range an subnet for the university network
  The issue has nothing to do with the IP addresses/subnets in use. It's about DNS resolution.
  Fortunately the solution is simple.
  Configure the DNS server on the SLS with the zone(s) for your private LAN.
  Enable DNS forwarders with the IP addresses of your university's DNS servers.
  Point your clients to your SLS for DNS service.
  Now all DNS requests from these clients will go to your server. For zones this server is responsible for (i.e. your private LAN) the server will reply, for all other lookups it will refer to your university's DNS servers for resolution.
  In this way your clients can resolve your private zones, the university's zones and public DNS hostnames. Problem solved

• Csa policy to give time limited webbrowser access when not on lan

  Hi There
  Has anyone done a policy for allowing users to use a webbrowser for a specific amount of time, when they are off the internal lan ? I have done a policy that classifies webbrowsers when they connect on any tcp port in a system state that off-lan (done by dns suffix check), my problem is that i wan't to secure the webbrowser until the user has logged in to whatever hotspot page he needs to, in order to create a vpn connection, and then be classified as "on-lan". But i can't restrict what addresses this browser can reach, since this is very different from hotel to airport to generic hotspot, so i wan't to restrict the time the user has to login, after which he has to reboot or login to vpn to do anything network related. I have a policy that does all that, except for the time period, only thing the user has to do is close his browser and start it again, and then my dynamic appl. rule gives them another 5 minutes....which is not acceptable. Anyone done this ?

  Hello all
  I have the same issue.
  What I tried is to change the query response from allow to ?terminate?.
  No when the user answers (his only choice is terminate) the browser windows closes and the user can?t open it again. That?s what I want, but he cannot login to some hotspots.
  Then I created I first query with an ?allow? and after 5 minutes a second with ?terminate?. Now the user first selects allow and has then 5 minutes to login to some hotspots and after 5 minutes the second query pops up and he is asked to terminate the web browser. He that can only select ?terminate? and the web browser closes. The problem is that this time, even though this is a ?terminate?, he can open the web browser again and continue to surf without any further queries.
  I haven?t further analyzed this issue, but I think this has to do with the processes and not with the application itself.
  Any ideas are welcome.

• Intranet versus Internet DNS

  I am on an intranet, behind a timecapsule that serves as my LAN's network DHCP and NAT.
  I also have a Lion Mini, which I've been configuring.
  The Mini is running dns that is resolving myserver.mydomain.private into the proper 192.168.1.x address.
  GoDaddy and DynDNS are resolving myserver.mydomain.NET into the proper 68.81.y.z address.
  So far my port mapping seems to be getting the job done nicely.
  My problem is that I'm using .private at home and .net in the world.
  I thought there was a way to configure Lion's DNS to resolve myserver.mydomain.net to 192.168.1.x for devices on my LAN who get DNS configured by DHCP, so I can use .net on the LAN without relying on my internet connection. I seem to recal reading a tutorial on doing this before I got the server, but now that I'm ready to pull the trigger I can't find the doc again.
  Can someone explain what I need to do or link to a good doc? Is it just creating a Primary Zone for myserver.mydomain.net and adding a machine record? what about the reverse mapping? there's already a reverse mapping for the .private name..
  Thanks,
  Joe

  Really, my end goal is that I want my iPhones/iPads pointing to "mydomain.net" for iCal, AddressBook, and web pages. (so they work on the road)
  So maybe I'm looking to do too much here. It seems the problems come in if I want to monkey with the reverse DNS record which is needed for OD. Is there a problem with leaving the mydomain.private DNS and reverse DNS alone. Then setting up a forward-reference only "Primary Zone" record for mydomain.net?
  The devices shouldn't need to Access OD on the road, except transparantly via the services, right?
  I imagine if I had an IT budget I would want one server dedicated to being my LDAP Server, and another server (or set of servers) serving applications like iCal Address and Web. If I had that scenario I would only be looking to set up DNS records for the application server(s). I would explicitly NOT want to make the LDAP server available to the internet.
  Am I making sence?