WRT600N and static DNS

Similar Messages

• Rvs 4000 dynamic ip and static dns

  hello
  I just want to know if its possible to use static dns (those of opendns) when my internet provider connect me through dynamic IP?
  i am using the last firmware 1.3.0.5
  thank you for your help ?
  bolbix

  With this router model, there is not the option to use custom dns on the wan if your getting your ip address dynamically.  In order to implement the static dns you would need to implement a static ip address on this router.  However any of the rv042, rv082 and rv016 routers will allow that function.  Hopefully this helps you out Jerbol.

• Setting Static DNS on E4200

  I recently wanted to try using the Google public DNS servers on my home network. I have a Cisco E4200 router.
  On the router's administration page, I set Static DNS 1 to 8.8.8.8 and Static DNS 2 to 8.8.4.4 and saved the settings.
  Even after rebooting the router, the Setup page shows the Google DNS addresses listed above, but the Status page shows 65.32.5.111 and 65.32.5.112 as being the DNS servers its using.
  Does anyone know how to set the E4200 to use different DNS servers?
  Thanks!

  Thanks.  I ran the analyzer and in the direct probing of dns resolvers section, it showed this:
  Your system is configured to use 1 DNS resolver(s).
  The resolver at 192.168.1.1 (tampfl-dns-cac-112) could not process the following tested types: [snipped]
  192.168.1.1 is, of course, my router's local IP address.  

• Internal and Public DNS conflict breaks mail

  History:
  We set up a new Mac Mini Server to replace our existing Server. The Mac Mini Server is setup behind a Time Capsule, which acts as our router and DHCP server. It also acts as our firewall on the public IP address and forwards mail to our internal server. Our situation is almost identical to the example situation on page 18 to 19 in the 'Getting Started' guide.
  Our ISP acts as our DNS server and they host our public website. They also used to host our mail, but we have now moved the mail to our new in-house server. We asked our ISP to update their MX records to point to our static public IP address. Public DNS records for server.mydomain.com also resolve to this IP address.
  When we originally set up the new mac mini server, the ISP had not yet updated the MX records. I am wondering if this affects how the Server sets up DNS on the local server machine?
  Issue:
  The local server machine on the local LAN is called server.mydomain.com, which resolves via local DNS (hosted by our server) to the server's internal IP address. (The local DNS server was setup automatically by the Server during initial installation / setup.) This conflicts with with public DNS records which identify server.mydomain.com with our public IP address at 205.200.19.225. This somehow causes confusion for the server which consequently seemingly randomly resets our domain (mydomain.com) and host name (server.mydomain.com) settings under Mail settings - which breaks our mail service. (We then edit these to the correct settings and all works again.)
  I spoke to an Apple tech and they advised that we reinstall the Server operating system, using a local server name that differs from the public name. e.g. server.mydomain.lan (local) vs. server.mydomain.com (public).
  *This may seem like a dumb question*: Would it be easier to keep our local host and DNS set up to server.mydomain.com and then rather have our ISP change the records for our public address / IP to mail.mydomain.com or public.mydomain.com? If we could make the change via the ISP's records versus our own, then it would save us a lot of work.
  *A second potentially dumb question:* Since we rely on our ISP for DNS name servers, could we delete / stop the local DNS server for the local network and just use straight IP addresses instead?
  *Plan of Action:*
  Assuming that there is not an easy fix via the ISP's DNS records, then I'll reinstall the operating system and use server.mydomain.lan as the local machine and domain name. If I do this, then what should I be using as the domain and host name settings in mail? .com or .lan?
  Should there be any need to manually configure DNS settings to make Mail work?

  Mr Hoffman and Corbywan - thanks for the interesting and educational discussion. I must admit that I am still a bit confused and would appreciate any further help in understanding this issue!
  *My situation:*
  - Server on a LAN, which sits behind a Time Capsule router.
  - The Time Capsule router serves DHCP and Internet to the LAN and sits on our public static IP Address.
  - Our ISP has set up MX and domain records to forward public requests for our domain to our static IP address.
  - Time Capsule acts as our firewall and forwards Mail and other incoming services to our internal server via port forwarding.
  - Local DNS service is provided by the local server so that it can provide services to the local network. Non local requests are forwarded to the ISP DNS service.
  *The problem*
  We seem to have established that Snow Leopard Server breaks when the internal domain name matches the public domain name, because of conflict between the internal and public DNS which resolve to different IP addresses for the same domain.
  *The solution*
  I am looking for the easiest and most basic way to fix this problem. My understanding is that the simplest would be to reinstall our Snow Leopard Server to a new and different local domain name.
  I am thinking of using server.example.lan for our local LAN domain name - which would be resolved to our private IP address via local DNS on the local server. I would be keeping server.example.com for our public domain name - which would be resolved to our public IP address, which would be forwarded from the Time Capsule to the internal server.
  Now where I start getting confused is this: If Snow Leopard Server requires a Fully Qualified Domain Name to do things like send mail, then do I need to register my internal domain name? And how would this resolve from a public DNS server to the internal private IP address? Or is it more an issue where as long as the internal (albeit 'fake') domain name does not conflict with an existing public domain name?
  *Other items:*
  After setup, I will verify that Snow Leopard Server has setup our local DNS correctly for local DNS service.
  If I understand correctly, I would set up Mail Settings - 'Domain Name' as the local domain name: i.e. example.lan and I would set up the Host Name as server.example.lan - is this correct? Would this work if these are not FQDN?
  How does the mail server reconcile these local domain names with the public domain names? I assume that I need to check the box at Mail - Settings - Advanced - Hosting: "Include server's domain as local host alias" ? Or would I manually add an alias to the Local Host Aliases under the same tab?
  Thanks!

• WRVS4400N DNS Options for Open VNS Using Static DNS

  How can I get an ip address automatically from my ISP, but set a static DNS ip address for using Open DNS service? This can be done on many other routers including the Linksys home routers. Why doesnt it exist on WRVS4400N?

  I was doing some reaserch on this router, notice the routers RV series are the ones that had this feature, however in the WRVS  series this option does not exist, you can get a RV series router and use the WRVS as a access point in order to get your wireless sinal.

• MS NLB with ASA and Static NAT from PUP to NLB IP

  Hi all,
  I am trying to get MS NLB up and running.  It is almost all working.  Below is my physical setup.
  ASA 5510 > Cat 3750X >2x ESXi 5.1 Hosts > vSwitch > Windows 2012 NLB Guest VMs.
  I have two VMs runing on two different ESXi hosts.  They have two vNICs.  One for managment and one for inside puplic subnet.  The inside puplic subnet NICs are in the NLB cluster.  The inside public subnet is NATed on the ASA to a outide public IP.
  192.168.0.50 is the 1st VM
  192.168.0.51 is the 2nd VM
  192.168.0.52 is the cluster IP for heartbeat
  192.168.0.53 is the cluster IP for NLB traffic.
  0100.5e7f.0035 is the cluster MAC.
  The NLB cluster is using MULTICAST
  I have read the doumentation for both the ASA and CAT switch for adding a static ARP using the NLB IP and NLB MAC. 
  For the ASA I found
  http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1226249
  ASDM
  Configuration > Device Management > Advanced > ARP > ARP Static Table
  I was able to add my stic ARP just fine.
  However, the next step was to enable ARP inspection.
  Configuration > Device Management > Advanced > ARP > ARP Inspection
  My ASDM does not list ARP Inspection, only has the ARP Static Table area. Not sure about this.
  For the CAT Switch I found
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
  I added the both the ARP and Static MAC.  For the static MAC I used the VLAN ID of the inside public subnet and the interfaces connected to both ESXi hosts.
  On the ASA I added a static NAT for my outside Public IP to my inside pupblic NLB IP and vise versa.  I then added a DNS entry for our domain to point to the outside public IP.  I also added it to the public servers section allowing all IP traffic testing puproses.
  At any rate the MS NLB is working ok. I can ping both the Public IP and the Inside NLB IP just fine from the outside. (I can ping the inside NLB IP becuase I'm on a VPN with access to my inside subnets)  The problem is when I go to access a webpade from my NLB servers using the DNS or the Public IP I get a "This Page Can't Be Displyed" messgae.  Now while on the VPN if I use the same URL but insied use the NLB IP and not the Public IP it works fine. 
  So I think there is soemthing wrong with the NATing of the Public to NLB IP even tho I can ping it fine.  Below is my ASA Config. I have bolded the parts of Interest.
  Result of the command: "show run"
  : Saved
  ASA Version 8.4(4)9
  hostname MP-ASA-1
  enable password ac3wyUYtitklff6l encrypted
  passwd ac3wyUYtitklff6l encrypted
  names
  dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 198.XX.XX.82 255.255.255.240
  interface Ethernet0/1
  description Root Inside Interface No Vlan
  speed 1000
  duplex full
  nameif Port-1-GI-Inside-Native
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  interface Ethernet0/1.2
  description Managment LAN 1 for Inside Networks
  vlan 2
  nameif MGMT-1
  security-level 100
  ip address 192.168.180.1 255.255.255.0
  interface Ethernet0/1.3
  description Managment LAN 2 for Inside Networks
  vlan 3
  nameif MGMT-2
  security-level 100
  ip address 192.168.181.1 255.255.255.0
  interface Ethernet0/1.100
  description Development Pubilc Network 1
  vlan 100
  nameif DEV-PUB-1
  security-level 50
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/1.101
  description Development Pubilc Network 2
  vlan 101
  nameif DEV-PUB-2
  security-level 50
  ip address 192.168.2.1 255.255.255.0
  interface Ethernet0/1.102
  description Suncor Pubilc Network 1
  vlan 102
  nameif SUNCOR-PUB-1
  security-level 49
  ip address 192.168.3.1 255.255.255.0
  interface Ethernet0/1.103
  description Suncor Pubilc Network 2
  vlan 103
  nameif SUNCOR-PUB-2
  security-level 49
  ip address 192.168.4.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa844-9-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network Inside-Native-Network-PNAT
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network with PNAT
  object network ASA-Outside-IP
  host 198.XX.XX.82
  description The primary IP of the ASA
  object network Inside-Native-Network
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network
  object network VPN-POOL-PNAT
  subnet 192.168.100.0 255.255.255.0
  description VPN Pool NAT for Inside
  object network DEV-PUP-1-Network
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUP-1 Network
  object network DEV-PUP-2-Network
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUP-2 Network
  object network MGMT-1-Network
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1 Network
  object network MGMT-2-Network
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2 Network
  object network SUNCOR-PUP-1-Network
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUP-1 Network
  object network SUNCOR-PUP-2-Network
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUP-2 Network
  object network DEV-PUB-1-Network-PNAT
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUB-1-Network with PNAT
  object network DEV-PUB-2-Network-PNAT
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUB-2-Network with PNAT
  object network MGMT-1-Network-PNAT
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1-Network with PNAT
  object network MGMT-2-Network-PNAT
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2-Network with PNAT
  object network SUNCOR-PUB-1-Network-PNAT
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUB-1-Network with PNAT
  object network SUNCOR-PUB-2-Network-PNAT
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUB-2-Network with PNAT
  object network DEV-APP-1-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-APP-2-SNAT
  host 192.168.2.120
  description DEV-APP-2 Server with SNAT
  object network DEV-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-SQL-1
  host 192.168.0.110
  description DEV-SQL-1 Inside Server IP
  object network DEV-SQL-2
  host 192.168.2.110
  description DEV-SQL-2 Inside Server IP
  object network SUCNOR-APP-1-PUB
  host 198.XX.XX.XX
  description SUNCOR-APP-1 Public Server IP
  object network SUNCOR-APP-2-SNAT
  host 192.168.4.120
  description SUNCOR-APP-2 Server with SNAT
  object network SUNCOR-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network SUNCOR-SQL-1
  host 192.168.3.110
  description SUNCOR-SQL-1 Inside Server IP
  object network SUNCOR-SQL-2
  host 192.168.4.110
  description SUNCOR-SQL-2 Inside Server IP
  object network DEV-APP-1-SNAT
  host 192.168.0.120
  description DEV-APP-1 Network with SNAT
  object network SUNCOR-APP-1-SNAT
  host 192.168.3.120
  description SUNCOR-APP-1 Network with SNAT
  object network PDX-LAN
  subnet 192.168.1.0 255.255.255.0
  description PDX-LAN for S2S VPN
  object network PDX-Sonicwall
  host XX.XX.XX.XX
  object network LOGI-NLB--SNAT
  host 192.168.0.53
  description Logi NLB with SNAT
  object network LOGI-PUP-IP
  host 198.XX.XX.87
  description Public IP of LOGI server for NLB
  object network LOGI-NLB-IP
  host 192.168.0.53
  description LOGI NLB IP
  object network LOGI-PUP-SNAT-NLB
  host 198.XX.XX.87
  description LOGI Pup with SNAT to NLB
  object-group network vpn-inside
  description All inside accessible networks
  object-group network VPN-Inside-Networks
  description All Inside Nets for Remote VPN Access
  network-object object Inside-Native-Network
  network-object object DEV-PUP-1-Network
  network-object object DEV-PUP-2-Network
  network-object object MGMT-1-Network
  network-object object MGMT-2-Network
  network-object object SUNCOR-PUP-1-Network
  network-object object SUNCOR-PUP-2-Network
  access-list acl-vpnclinet extended permit ip object-group VPN-Inside-Networks any
  access-list outside_access_out remark Block ping to out networks
  access-list outside_access_out extended deny icmp any any inactive
  access-list outside_access_out remark Allow all traffic from inside to outside networks
  access-list outside_access_out extended permit ip any any
  access-list outside_access extended permit ip any object LOGI-NLB--SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-2-SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-1-SNAT
  access-list outside_access extended permit ip any object DEV-APP-2-SNAT
  access-list outside_access extended permit ip any object DEV-APP-1-SNAT
  access-list outside_cryptomap extended permit ip object-group VPN-Inside-Networks object PDX-LAN
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu Port-1-GI-Inside-Native 1500
  mtu MGMT-1 1500
  mtu MGMT-2 1500
  mtu DEV-PUB-1 1500
  mtu DEV-PUB-2 1500
  mtu SUNCOR-PUB-1 1500
  mtu SUNCOR-PUB-2 1500
  mtu management 1500
  ip local pool Remote-VPN-Pool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any Port-1-GI-Inside-Native
  icmp permit any MGMT-1
  icmp permit any MGMT-2
  icmp permit any DEV-PUB-1
  icmp permit any DEV-PUB-2
  icmp permit any SUNCOR-PUB-1
  icmp permit any SUNCOR-PUB-2
  asdm image disk0:/asdm-649-103.bin
  no asdm history enable
  arp DEV-PUB-1 192.168.0.53 0100.5e7f.0035 alias
  arp timeout 14400
  no arp permit-nonconnected
  nat (Port-1-GI-Inside-Native,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static DEV-PUP-1-Network DEV-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (DEV-PUB-2,outside) source static DEV-PUP-2-Network DEV-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-1,outside) source static MGMT-1-Network MGMT-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-2,outside) source static MGMT-2-Network MGMT-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (Port-1-GI-Inside-Native,outside) source static Inside-Native-Network Inside-Native-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-1,outside) source static SUNCOR-PUP-1-Network SUNCOR-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-2,outside) source static SUNCOR-PUP-2-Network SUNCOR-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  object network Inside-Native-Network-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network VPN-POOL-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network DEV-PUB-1-Network-PNAT
  nat (DEV-PUB-1,outside) dynamic interface
  object network DEV-PUB-2-Network-PNAT
  nat (DEV-PUB-2,outside) dynamic interface
  object network MGMT-1-Network-PNAT
  nat (MGMT-1,outside) dynamic interface
  object network MGMT-2-Network-PNAT
  nat (MGMT-2,outside) dynamic interface
  object network SUNCOR-PUB-1-Network-PNAT
  nat (SUNCOR-PUB-1,outside) dynamic interface
  object network SUNCOR-PUB-2-Network-PNAT
  nat (SUNCOR-PUB-2,outside) dynamic interface
  object network DEV-APP-2-SNAT
  nat (DEV-PUB-2,outside) static DEV-APP-2-PUB
  object network SUNCOR-APP-2-SNAT
  nat (SUNCOR-PUB-2,outside) static SUNCOR-APP-2-PUB
  object network DEV-APP-1-SNAT
  nat (DEV-PUB-1,outside) static DEV-APP-1-PUB
  object network SUNCOR-APP-1-SNAT
  nat (SUNCOR-PUB-1,outside) static SUCNOR-APP-1-PUB
  object network LOGI-NLB--SNAT
  nat (DEV-PUB-1,outside) static LOGI-PUP-IP
  object network LOGI-PUP-SNAT-NLB
  nat (outside,DEV-PUB-1) static LOGI-NLB-IP
  access-group outside_access in interface outside
  access-group outside_access_out out interface outside
  route outside 0.0.0.0 0.0.0.0 198.145.120.81 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 outside
  http 10.1.1.0 255.255.255.0 Port-1-GI-Inside-Native
  http 192.168.180.0 255.255.255.0 MGMT-1
  http 192.168.100.0 255.255.255.0 Port-1-GI-Inside-Native
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:d6f9f8e2113dc03cede9f2454dba029b
  : end
  Any help would be great! I think the issue is in teh NAT as I am able to access NLB IP from the outside and could not do that before adding the Static ARP stuff. 
  Thanks,
  Chris

  Also If I change to NAT from the public IP to the NLB IP to use either one of the phsyical IPs of the NLB cluster (192.168.0.50 or 51) it works fine when using the public IP.  So it's definatly an issue when NATing the VIP of NLB cluster.
  Chris

• Dynamic PAT and Static NAT issue ASA 5515

  Hi All,
  Recently we migrated our network to ASA 5515, since we had configured nat pool overload on our existing router the users are able to translated their ip's outside. Right now my issue was when I use the existing NAT configured to our router into firewall, it seems that the translation was not successful actually I used Dynamic NAT. When I use the Dynamic PAT(Hide) all users are able to translated to the said public IP's. I know that PAT is Port address translation but when I use static nat for specific server. The Static NAT was not able to translated. Can anyone explain if there's any conflict whit PAT to Static NAT? I appriciate their response. Thanks!
  - Bhal

  Hi,
  I would have to guess that you Dynamic PAT was perhaps configured as a Section 1 rule and Static NAT configured as Section 2 rule which would mean that the Dynamic PAT rule would always override the Static NAT for the said host.
  The very basic configured for Static NAT and Default PAT I would do in the following way
  object network STATIC
  host
  nat (inside,outside) static dns
  object-group network DEFAULT-PAT-SOURCE
  network-object
  nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
  The Static NAT would be configured as Network Object NAT (Section 2) and the Default PAT would be configured with Twice NAT / Manual NAT (after-auto specifies it as Section 3 rule)
  This might sound confusing. Though it would be easier to say what the problem is if we saw the actual NAT configuration. Though I gave the reason that I think is probably one of the most likely reasons if there is some conflict with the 2 NAT rules
  You can also check out a NAT document I made regarding the new NAT configuration format and its operation.
  https://supportforums.cisco.com/docs/DOC-31116
  Hope this helps
  - Jouni

• Static DNS records disappearing

  Hi all,
  Three of our static DNS entries keep disappearing and we have to keep adding them back in.  Sometimes they stay in for 1-2 weeks, sometimes only a few hours.  We have many static entries but it is always these same three that give us issues.  We
  are running four Windows 2008 (non-R2) Domain Controllers.  Two of these machines are Server Core and the other two are full versions.
  I have followed Ace's blog (thanks btw!) about looking for a duplicate zone but I don't think this is the case.  So I have turned on DNS auditing.  When the record gets deleted it logs EventID 5136 sixteen times:
  <REMOVED LOG FOR READABILITY>
  From these logs it appears that DC-SERVER3$ is what is deleting these items.  Is that a correct assumption?  DC-SERVER3 is one of the four domain controllers and is one of two running server core.
  I am unsure where to go from here.  Any help would be MUCH appreciated.  Thanks!

  I tried posting the event logs in a <code> block above but it was very unreadable.  Is there a better way to do this?  I will paste them here for the time being:
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14675 Correlation ID: {1A62820C-B9A9-4942-BC2A-5232B31019AC} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14674 Correlation ID: {1A62820C-B9A9-4942-BC2A-5232B31019AC} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: FALSE Operation: Type: %%14675 Correlation ID: {1A62820C-B9A9-4942-BC2A-5232B31019AC} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: FALSE Operation: Type: %%14674 Correlation ID: {1A62820C-B9A9-4942-BC2A-5232B31019AC} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14675 Correlation ID: {5E3BE0F3-7E9C-4670-8191-D95E499E4E0F} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14674 Correlation ID: {5E3BE0F3-7E9C-4670-8191-D95E499E4E0F} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: FALSE Operation: Type: %%14675 Correlation ID: {5E3BE0F3-7E9C-4670-8191-D95E499E4E0F} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: TRUE Operation: Type: %%14674 Correlation ID: {5E3BE0F3-7E9C-4670-8191-D95E499E4E0F} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14675 Correlation ID: {30EFB4E6-90CD-4143-B1C4-DC85382842A1} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14674 Correlation ID: {30EFB4E6-90CD-4143-B1C4-DC85382842A1} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: TRUE Operation: Type: %%14675 Correlation ID: {30EFB4E6-90CD-4143-B1C4-DC85382842A1} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: FALSE Operation: Type: %%14674 Correlation ID: {30EFB4E6-90CD-4143-B1C4-DC85382842A1} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14675 Correlation ID: {D1326DBB-9BA0-4838-A0A4-B90CEFF2A346} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dnsRecord Syntax (OID): 2.5.5.10 Value: %%14672 Operation: Type: %%14674 Correlation ID: {D1326DBB-9BA0-4838-A0A4-B90CEFF2A346} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: FALSE Operation: Type: %%14675 Correlation ID: {D1326DBB-9BA0-4838-A0A4-B90CEFF2A346} Application Correlation ID: -
  2012-01-12 11:14:23 5136 A directory service object was modified. Subject: Security ID: S-1-5-21-3088655886-3068517834-3379253519-1105 Account Name: DC-SERVER3$ Account Domain: EXAMPLE Logon ID: 0xb9a4852 Directory Service: Name: private.example.com Type: %%14676 Object: DN: DC=client-pc,DC=private.example.com,cn=MicrosoftDNS,DC=DomainDnsZones,DC=private,DC=example,DC=com GUID: {AD32E101-1D83-412F-BD1C-C68B9F063507} Class: dnsNode Attribute: LDAP Display Name: dNSTombstoned Syntax (OID): 2.5.5.8 Value: TRUE Operation: Type: %%14674 Correlation ID: {D1326DBB-9BA0-4838-A0A4-B90CEFF2A346} Application Correlation ID: -

• Resolve.conf, dnsmasq and external DNS servers

  I am using dnsmasq to filter out ad urls, so my  /etc/resolv.conf looks like that:
  # Generated by dhcpcd from wlan0
  nameserver 127.0.0.1
  domain home
  nameserver 192.168.1.254
  # /etc/resolv.conf.tail can replace this line
  However, it looks like after getting through the url filtration layer of dnsmasq, the URLs are being resolved by a DNS sever of whatever Access Point I am connected to. This create problems, because they often render me unable to connect to services like sourceforge.net, etc.
  So, instead of that, I would like my system to fall back to Google and OpenDNS after filtering urls through dnsmasq.
  But how can I do that? This is a specific case and wiki does not cover it.
  Last edited by Lockheed (2013-05-19 16:50:43)

  $ cat /etc/resolv.conf
  # Generated by dhcpcd from wlan0
  nameserver 127.0.0.1
  nameserver 8.8.8.8
  domain home
  # /etc/resolv.conf.tail can replace this line
  The google DNS is what I put in there earlier to be able to use internet after dnsmasq stopped starting.
  $ cat /etc/resolvconf.conf
  # Configuration for resolvconf(8)
  # See resolvconf.conf(5) for details
  resolv_conf=/etc/resolv.conf
  # If you run a local name server, you should uncomment the below line and
  # configure your subscribers configuration files below.
  name_servers=127.0.0.1
  # Write out dnsmasq extended configuration and resolv files
  dnsmasq_conf=/etc/dnsmasq-conf.conf
  dnsmasq_resolv=/etc/dnsmasq-resolv.conf
  $ cat /etc/dnsmasq.conf
  # Configuration file for dnsmasq.
  # Format is one option per line, legal options are the same
  # as the long options legal on the command line. See
  # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
  # Listen on this specific port instead of the standard DNS port
  # (53). Setting this to zero completely disables DNS function,
  # leaving only DHCP and/or TFTP.
  #port=5353
  # The following two options make you a better netizen, since they
  # tell dnsmasq to filter out queries which the public DNS cannot
  # answer, and which load the servers (especially the root servers)
  # unnecessarily. If you have a dial-on-demand link they also stop
  # these requests from bringing up the link unnecessarily.
  # Never forward plain names (without a dot or domain part)
  #domain-needed
  # Never forward addresses in the non-routed address spaces.
  #bogus-priv
  # Uncomment this to filter useless windows-originated DNS requests
  # which can trigger dial-on-demand links needlessly.
  # Note that (amongst other things) this blocks all SRV requests,
  # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
  # This option only affects forwarding, SRV records originating for
  # dnsmasq (via srv-host= lines) are not suppressed by it.
  #filterwin2k
  # Change this line if you want dns to get its upstream servers from
  # somewhere other that /etc/resolv.conf
  #resolv-file=/etc/resolv-dnsmasq.conf
  # By default, dnsmasq will send queries to any of the upstream
  # servers it knows about and tries to favour servers to are known
  # to be up. Uncommenting this forces dnsmasq to try each query
  # with each server strictly in the order they appear in
  # /etc/resolv.conf
  strict-order
  # If you don't want dnsmasq to read /etc/resolv.conf or any other
  # file, getting its servers from this file instead (see below), then
  # uncomment this.
  #no-resolv
  # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
  # files for changes and re-read them then uncomment this.
  #no-poll
  # Add other name servers here, with domain specs if they are for
  # non-public domains.
  #server=/localnet/192.168.0.1
  server=208.67.222.222
  server=208.67.220.220
  # Example of routing PTR queries to nameservers: this will send all
  # address->name queries for 192.168.3/24 to nameserver 10.1.2.3
  #server=/3.168.192.in-addr.arpa/10.1.2.3
  # Add local-only domains here, queries in these domains are answered
  # from /etc/hosts or DHCP only.
  #local=/localnet/
  # Add domains which you want to force to an IP address here.
  # The example below send any host in double-click.net to a local
  # web-server.
  #address=/double-click.net/127.0.0.1
  # --address (and --server) work with IPv6 addresses too.
  #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
  # You can control how dnsmasq talks to a server: this forces
  # queries to 10.1.2.3 to be routed via eth1
  # server=10.1.2.3@eth1
  # and this sets the source (ie local) address used to talk to
  # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
  # IP on the machine, obviously).
  # [email protected]#55
  # If you want dnsmasq to change uid and gid to something other
  # than the default, edit the following lines.
  #user=
  #group=
  # If you want dnsmasq to listen for DHCP and DNS requests only on
  # specified interfaces (and the loopback) give the name of the
  # interface (eg eth0) here.
  # Repeat the line for more than one interface.
  #interface=lo
  # Or you can specify which interface _not_ to listen on
  #except-interface=
  # Or which to listen on by address (remember to include 127.0.0.1 if
  # you use this.)
  #listen-address=127.0.0.1
  # If you want dnsmasq to provide only DNS service on an interface,
  # configure it as shown above, and then use the following line to
  # disable DHCP and TFTP on it.
  #no-dhcp-interface=
  # On systems which support it, dnsmasq binds the wildcard address,
  # even when it is listening on only some interfaces. It then discards
  # requests that it shouldn't reply to. This has the advantage of
  # working even when interfaces come and go and change address. If you
  # want dnsmasq to really bind only the interfaces it is listening on,
  # uncomment this option. About the only time you may need this is when
  # running another nameserver on the same machine.
  #bind-interfaces
  # If you don't want dnsmasq to read /etc/hosts, uncomment the
  # following line.
  #no-hosts
  # or if you want it to read another file, as well as /etc/hosts, use
  # this.
  addn-hosts=/etc/hosts.block
  #hostsfile=/etc/hosts.block
  # Set this (and domain: see below) if you want to have a domain
  # automatically added to simple names in a hosts-file.
  #expand-hosts
  # Set the domain for dnsmasq. this is optional, but if it is set, it
  # does the following things.
  # 1) Allows DHCP hosts to have fully qualified domain names, as long
  # as the domain part matches this setting.
  # 2) Sets the "domain" DHCP option thereby potentially setting the
  # domain of all systems configured by DHCP
  # 3) Provides the domain part for "expand-hosts"
  #domain=thekelleys.org.uk
  # Set a different domain for a particular subnet
  #domain=wireless.thekelleys.org.uk,192.168.2.0/24
  # Same idea, but range rather then subnet
  #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
  # Uncomment this to enable the integrated DHCP server, you need
  # to supply the range of addresses available for lease and optionally
  # a lease time. If you have more than one network, you will need to
  # repeat this for each network on which you want to supply DHCP
  # service.
  #dhcp-range=192.168.0.50,192.168.0.150,12h
  # This is an example of a DHCP range where the netmask is given. This
  # is needed for networks we reach the dnsmasq DHCP server via a relay
  # agent. If you don't know what a DHCP relay agent is, you probably
  # don't need to worry about this.
  #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
  # This is an example of a DHCP range which sets a tag, so that
  # some DHCP options may be set only for this network.
  #dhcp-range=set:red,192.168.0.50,192.168.0.150
  # Use this DHCP range only when the tag "green" is set.
  #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
  # Specify a subnet which can't be used for dynamic address allocation,
  # is available for hosts with matching --dhcp-host lines. Note that
  # dhcp-host declarations will be ignored unless there is a dhcp-range
  # of some type for the subnet in question.
  # In this case the netmask is implied (it comes from the network
  # configuration on the machine running dnsmasq) it is possible to give
  # an explicit netmask instead.
  #dhcp-range=192.168.0.0,static
  # Enable DHCPv6. Note that the prefix-length does not need to be specified
  # and defaults to 64 if missing/
  #dhcp-range=1234::2, 1234::500, 64, 12h
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  #dhcp-range=1234::, ra-only
  # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
  # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
  # hosts. Use the DHCPv4 lease to derive the name, network segment and
  # MAC address and assume that the host will also have an
  # IPv6 address calculated using the SLAAC alogrithm.
  #dhcp-range=1234::, ra-names
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
  #dhcp-range=1234::, ra-only, 48h
  # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
  # so that clients can use SLAAC addresses as well as DHCP ones.
  #dhcp-range=1234::2, 1234::500, slaac
  # Do Router Advertisements and stateless DHCP for this subnet. Clients will
  # not get addresses from DHCP, but they will get other configuration information.
  # They will use SLAAC for addresses.
  #dhcp-range=1234::, ra-stateless
  # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
  # from DHCPv4 leases.
  #dhcp-range=1234::, ra-stateless, ra-names
  # Do router advertisements for all subnets where we're doing DHCPv6
  # Unless overriden by ra-stateless, ra-names, et al, the router
  # advertisements will have the M and O bits set, so that the clients
  # get addresses and configuration from DHCPv6, and the A bit reset, so the
  # clients don't use SLAAC addresses.
  #enable-ra
  # Supply parameters for specified hosts using DHCP. There are lots
  # of valid alternatives, so we will give examples of each. Note that
  # IP addresses DO NOT have to be in the range given above, they just
  # need to be on the same network. The order of the parameters in these
  # do not matter, it's permissible to give name, address and MAC in any
  # order.
  # Always allocate the host with Ethernet address 11:22:33:44:55:66
  # The IP address 192.168.0.60
  #dhcp-host=11:22:33:44:55:66,192.168.0.60
  # Always set the name of the host with hardware address
  # 11:22:33:44:55:66 to be "fred"
  #dhcp-host=11:22:33:44:55:66,fred
  # Always give the host with Ethernet address 11:22:33:44:55:66
  # the name fred and IP address 192.168.0.60 and lease time 45 minutes
  #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
  # Give a host with Ethernet address 11:22:33:44:55:66 or
  # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
  # that these two Ethernet interfaces will never be in use at the same
  # time, and give the IP address to the second, even if it is already
  # in use by the first. Useful for laptops with wired and wireless
  # addresses.
  #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
  # Give the machine which says its name is "bert" IP address
  # 192.168.0.70 and an infinite lease
  #dhcp-host=bert,192.168.0.70,infinite
  # Always give the host with client identifier 01:02:02:04
  # the IP address 192.168.0.60
  #dhcp-host=id:01:02:02:04,192.168.0.60
  # Always give the host with client identifier "marjorie"
  # the IP address 192.168.0.60
  #dhcp-host=id:marjorie,192.168.0.60
  # Enable the address given for "judge" in /etc/hosts
  # to be given to a machine presenting the name "judge" when
  # it asks for a DHCP lease.
  #dhcp-host=judge
  # Never offer DHCP service to a machine whose Ethernet
  # address is 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,ignore
  # Ignore any client-id presented by the machine with Ethernet
  # address 11:22:33:44:55:66. This is useful to prevent a machine
  # being treated differently when running under different OS's or
  # between PXE boot and OS boot.
  #dhcp-host=11:22:33:44:55:66,id:*
  # Send extra options which are tagged as "red" to
  # the machine with Ethernet address 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,set:red
  # Send extra options which are tagged as "red" to
  # any machine with Ethernet address starting 11:22:33:
  #dhcp-host=11:22:33:*:*:*,set:red
  # Give a fixed IPv6 address and name to client with
  # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
  # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
  # Note also the they [] around the IPv6 address are obilgatory.
  #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
  # Ignore any clients which are not specified in dhcp-host lines
  # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
  # This relies on the special "known" tag which is set when
  # a host is matched.
  #dhcp-ignore=tag:!known
  # Send extra options which are tagged as "red" to any machine whose
  # DHCP vendorclass string includes the substring "Linux"
  #dhcp-vendorclass=set:red,Linux
  # Send extra options which are tagged as "red" to any machine one
  # of whose DHCP userclass strings includes the substring "accounts"
  #dhcp-userclass=set:red,accounts
  # Send extra options which are tagged as "red" to any machine whose
  # MAC address matches the pattern.
  #dhcp-mac=set:red,00:60:8C:*:*:*
  # If this line is uncommented, dnsmasq will read /etc/ethers and act
  # on the ethernet-address/IP pairs found there just as if they had
  # been given as --dhcp-host options. Useful if you keep
  # MAC-address/host mappings there for other purposes.
  #read-ethers
  # Send options to hosts which ask for a DHCP lease.
  # See RFC 2132 for details of available options.
  # Common options can be given to dnsmasq by name:
  # run "dnsmasq --help dhcp" to get a list.
  # Note that all the common settings, such as netmask and
  # broadcast address, DNS server and default route, are given
  # sane defaults by dnsmasq. You very likely will not need
  # any dhcp-options. If you use Windows clients and Samba, there
  # are some options which are recommended, they are detailed at the
  # end of this section.
  # Override the default route supplied by dnsmasq, which assumes the
  # router is the same machine as the one running dnsmasq.
  #dhcp-option=3,1.2.3.4
  # Do the same thing, but using the option name
  #dhcp-option=option:router,1.2.3.4
  # Override the default route supplied by dnsmasq and send no default
  # route at all. Note that this only works for the options sent by
  # default (1, 3, 6, 12, 28) the same line will send a zero-length option
  # for all other option numbers.
  #dhcp-option=3
  # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
  #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
  # Send DHCPv6 option. Note [] around IPv6 addresses.
  #dhcp-option=option6:dns-server,[1234::77],[1234::88]
  # Send DHCPv6 option for namservers as the machine running
  # dnsmasq and another.
  #dhcp-option=option6:dns-server,[::],[1234::88]
  # Ask client to poll for option changes every six hours. (RFC4242)
  #dhcp-option=option6:information-refresh-time,6h
  # Set the NTP time server address to be the same machine as
  # is running dnsmasq
  #dhcp-option=42,0.0.0.0
  # Set the NIS domain name to "welly"
  #dhcp-option=40,welly
  # Set the default time-to-live to 50
  #dhcp-option=23,50
  # Set the "all subnets are local" flag
  #dhcp-option=27,1
  # Send the etherboot magic flag and then etherboot options (a string).
  #dhcp-option=128,e4:45:74:68:00:00
  #dhcp-option=129,NIC=eepro100
  # Specify an option which will only be sent to the "red" network
  # (see dhcp-range for the declaration of the "red" network)
  # Note that the tag: part must precede the option: part.
  #dhcp-option = tag:red, option:ntp-server, 192.168.1.1
  # The following DHCP options set up dnsmasq in the same way as is specified
  # for the ISC dhcpcd in
  # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
  # adapted for a typical dnsmasq installation where the host running
  # dnsmasq is also the host running samba.
  # you may want to uncomment some or all of them if you use
  # Windows clients and Samba.
  #dhcp-option=19,0 # option ip-forwarding off
  #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
  #dhcp-option=45,0.0.0.0 # netbios datagram distribution server
  #dhcp-option=46,8 # netbios node type
  # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
  #dhcp-option=252,"\n"
  # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
  # probably doesn't support this......
  #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
  # Send RFC-3442 classless static routes (note the netmask encoding)
  #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
  # Send vendor-class specific options encapsulated in DHCP option 43.
  # The meaning of the options is defined by the vendor-class so
  # options are sent only when the client supplied vendor class
  # matches the class given here. (A substring match is OK, so "MSFT"
  # matches "MSFT" and "MSFT 5.0"). This example sets the
  # mtftp address to 0.0.0.0 for PXEClients.
  #dhcp-option=vendor:PXEClient,1,0.0.0.0
  # Send microsoft-specific option to tell windows to release the DHCP lease
  # when it shuts down. Note the "i" flag, to tell dnsmasq to send the
  # value as a four-byte integer - that's what microsoft wants. See
  # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
  #dhcp-option=vendor:MSFT,2,1i
  # Send the Encapsulated-vendor-class ID needed by some configurations of
  # Etherboot to allow is to recognise the DHCP server.
  #dhcp-option=vendor:Etherboot,60,"Etherboot"
  # Send options to PXELinux. Note that we need to send the options even
  # though they don't appear in the parameter request list, so we need
  # to use dhcp-option-force here.
  # See http://syslinux.zytor.com/pxe.php#special for details.
  # Magic number - needed before anything else is recognised
  #dhcp-option-force=208,f1:00:74:7e
  # Configuration file name
  #dhcp-option-force=209,configs/common
  # Path prefix
  #dhcp-option-force=210,/tftpboot/pxelinux/files/
  # Reboot time. (Note 'i' to send 32-bit value)
  #dhcp-option-force=211,30i
  # Set the boot filename for netboot/PXE. You will only need
  # this is you want to boot machines over the network and you will need
  # a TFTP server; either dnsmasq's built in TFTP server or an
  # external one. (See below for how to enable the TFTP server.)
  #dhcp-boot=pxelinux.0
  # The same as above, but use custom tftp-server instead machine running dnsmasq
  #dhcp-boot=pxelinux,server.name,192.168.1.100
  # Boot for Etherboot gPXE. The idea is to send two different
  # filenames, the first loads gPXE, and the second tells gPXE what to
  # load. The dhcp-match sets the gpxe tag for requests from gPXE.
  #dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
  #dhcp-boot=tag:!gpxe,undionly.kpxe
  #dhcp-boot=mybootimage
  # Encapsulated options for Etherboot gPXE. All the options are
  # encapsulated within option 175
  #dhcp-option=encap:175, 1, 5b # priority code
  #dhcp-option=encap:175, 176, 1b # no-proxydhcp
  #dhcp-option=encap:175, 177, string # bus-id
  #dhcp-option=encap:175, 189, 1b # BIOS drive code
  #dhcp-option=encap:175, 190, user # iSCSI username
  #dhcp-option=encap:175, 191, pass # iSCSI password
  # Test for the architecture of a netboot client. PXE clients are
  # supposed to send their architecture as option 93. (See RFC 4578)
  #dhcp-match=peecees, option:client-arch, 0 #x86-32
  #dhcp-match=itanics, option:client-arch, 2 #IA64
  #dhcp-match=hammers, option:client-arch, 6 #x86-64
  #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
  # Do real PXE, rather than just booting a single file, this is an
  # alternative to dhcp-boot.
  #pxe-prompt="What system shall I netboot?"
  # or with timeout before first available action is taken:
  #pxe-prompt="Press F8 for menu.", 60
  # Available boot services. for PXE.
  #pxe-service=x86PC, "Boot from local disk"
  # Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
  #pxe-service=x86PC, "Install Linux", pxelinux
  # Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
  # Beware this fails on old PXE ROMS.
  #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
  # Use bootserver on network, found my multicast or broadcast.
  #pxe-service=x86PC, "Install windows from RIS server", 1
  # Use bootserver at a known IP address.
  #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
  # If you have multicast-FTP available,
  # information for that can be passed in a similar way using options 1
  # to 5. See page 19 of
  # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
  # Enable dnsmasq's built-in TFTP server
  #enable-tftp
  # Set the root directory for files available via FTP.
  #tftp-root=/var/ftpd
  # Make the TFTP server more secure: with this set, only files owned by
  # the user dnsmasq is running as will be send over the net.
  #tftp-secure
  # This option stops dnsmasq from negotiating a larger blocksize for TFTP
  # transfers. It will slow things down, but may rescue some broken TFTP
  # clients.
  #tftp-no-blocksize
  # Set the boot file name only when the "red" tag is set.
  #dhcp-boot=net:red,pxelinux.red-net
  # An example of dhcp-boot with an external TFTP server: the name and IP
  # address of the server are given after the filename.
  # Can fail with old PXE ROMS. Overridden by --pxe-service.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
  # If there are multiple external tftp servers having a same name
  # (using /etc/hosts) then that name can be specified as the
  # tftp_servername (the third option to dhcp-boot) and in that
  # case dnsmasq resolves this name and returns the resultant IP
  # addresses in round robin fasion. This facility can be used to
  # load balance the tftp load among a set of servers.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
  # Set the limit on DHCP leases, the default is 150
  #dhcp-lease-max=150
  # The DHCP server needs somewhere on disk to keep its lease database.
  # This defaults to a sane location, but if you want to change it, use
  # the line below.
  #dhcp-leasefile=/var/lib/misc/dnsmasq.leases
  # Set the DHCP server to authoritative mode. In this mode it will barge in
  # and take over the lease for any client which broadcasts on the network,
  # whether it has a record of the lease or not. This avoids long timeouts
  # when a machine wakes up on a new network. DO NOT enable this if there's
  # the slightest chance that you might end up accidentally configuring a DHCP
  # server for your campus/company accidentally. The ISC server uses
  # the same option, and this URL provides more information:
  # http://www.isc.org/files/auth.html
  #dhcp-authoritative
  # Run an executable when a DHCP lease is created or destroyed.
  # The arguments sent to the script are "add" or "del",
  # then the MAC address, the IP address and finally the hostname
  # if there is one.
  #dhcp-script=/bin/echo
  # Set the cachesize here.
  #cache-size=150
  # If you want to disable negative caching, uncomment this.
  #no-negcache
  # Normally responses which come from /etc/hosts and the DHCP lease
  # file have Time-To-Live set as zero, which conventionally means
  # do not cache further. If you are happy to trade lower load on the
  # server for potentially stale date, you can set a time-to-live (in
  # seconds) here.
  #local-ttl=
  # If you want dnsmasq to detect attempts by Verisign to send queries
  # to unregistered .com and .net hosts to its sitefinder service and
  # have dnsmasq instead return the correct NXDOMAIN response, uncomment
  # this line. You can add similar lines to do the same for other
  # registries which have implemented wildcard A records.
  #bogus-nxdomain=64.94.110.11
  # If you want to fix up DNS results from upstream servers, use the
  # alias option. This only works for IPv4.
  # This alias makes a result of 1.2.3.4 appear as 5.6.7.8
  #alias=1.2.3.4,5.6.7.8
  # and this maps 1.2.3.x to 5.6.7.x
  #alias=1.2.3.0,5.6.7.0,255.255.255.0
  # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
  #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
  # Change these lines if you want dnsmasq to serve MX records.
  # Return an MX record named "maildomain.com" with target
  # servermachine.com and preference 50
  #mx-host=maildomain.com,servermachine.com,50
  # Set the default target for MX records created using the localmx option.
  #mx-target=servermachine.com
  # Return an MX record pointing to the mx-target for all local
  # machines.
  #localmx
  # Return an MX record pointing to itself for all local machines.
  #selfmx
  # Change the following lines if you want dnsmasq to serve SRV
  # records. These are useful if you want to serve ldap requests for
  # Active Directory and other windows-originated DNS requests.
  # See RFC 2782.
  # You may add multiple srv-host lines.
  # The fields are <name>,<target>,<port>,<priority>,<weight>
  # If the domain part if missing from the name (so that is just has the
  # service and protocol sections) then the domain given by the domain=
  # config option is used. (Note that expand-hosts does not need to be
  # set for this to work.)
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389 (using domain=)
  #domain=example.com
  #srv-host=_ldap._tcp,ldapserver.example.com,389
  # Two SRV records for LDAP, each with different priorities
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
  # A SRV record indicating that there is no LDAP server for the domain
  # example.com
  #srv-host=_ldap._tcp.example.com
  # The following line shows how to make dnsmasq serve an arbitrary PTR
  # record. This is useful for DNS-SD. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for PTR records.)
  #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
  # Change the following lines to enable dnsmasq to serve TXT records.
  # These are used for things like SPF and zeroconf. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for TXT records.)
  #Example SPF.
  #txt-record=example.com,"v=spf1 a -all"
  #Example zeroconf
  #txt-record=_http._tcp.example.com,name=value,paper=A4
  # Provide an alias for a "local" DNS name. Note that this _only_ works
  # for targets which are names from DHCP or /etc/hosts. Give host
  # "bert" another name, bertrand
  #cname=bertand,bert
  # For debugging purposes, log each DNS query as it passes through
  # dnsmasq.
  #log-queries
  # Log lots of extra information about DHCP transactions.
  #log-dhcp
  # Include a another lot of configuration options.
  #conf-file=/etc/dnsmasq-resolvconf.conf
  #conf-dir=/etc/dnsmasq.d
  domain-needed
  interface=lo
  # If dnsmasq is compiled for DBus then we can take
  # advantage of not having to restart dnsmasq.
  enable-dbus
  conf-file=/etc/dnsmasq-conf.conf
  resolv-file=/etc/dnsmasq-resolv.conf
  Logs:
  May 23 00:01:06 panzor systemd[1]: Failed to start A lightweight DHCP and caching DNS server.
  May 23 00:01:10 panzor dhcpcd[27267]: dhcpcd not running
  May 23 00:01:10 panzor kernel: [ 7771.282756] iwl4965 0000:03:00.0: Can't stop Rx DMA.
  May 23 00:01:10 panzor dhcpcd[27294]: dhcpcd not running
  May 23 00:01:11 panzor dhcpcd[27330]: dhcpcd not running
  May 23 00:01:14 panzor dhcpcd[27373]: wlan0: sendmsg: Cannot assign requested address
  May 23 00:01:18 panzor dhcpcd[27373]: wlan0: sendmsg: Operation not permitted
  May 23 00:01:22 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
  May 23 00:01:26 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
  For domain filtration, if I remember correctly, I am using this
  https://bbs.archlinux.org/viewtopic.php?id=139784

• WRT54GS static DNS entries

  Hi,
  I am setting up the WRT54GS to use my own static DNS servers inside the
  text fields "Static DNS 1-3" under the setup tab. I just want to confirm
  the router will use the DNS servers in numerical order? That is DNS server 1 will be used first and DNS server 3 will be used as a last resort. It seems intuitive the router would work this way BUT I want to confirm this before relying upon the feature.
  Also can the router automatically use the DNS servers provide by the ISP
  if user specified DNS servers noted are not operational?
  Thanks,

  Assuming you are using DHCP, configure your router with the DNS servers in the order you want. From your PC go to a command prompt and insure you have the updated IP config by typing in ipconfig /renew. Then type ipconfig /all. The output provided will tell you the order of DNS servers that will be tried.
  Your second question:
  The router will not use the default ISP DNS servers if your hardcoded DNS servers fail. By typing in DNS entries in the router, your are overidding the DHCP feature in your router.

• Where do deleted Static DNS records go?

  Since we enabled the Active Directory recycle bin some time ago, we noticed that there is also a recycle bin for the ForestDNSRecords and DomainDNSRecords container. It appears that dynamic DNS entries are being treated like any other object and getting
  moved to CN=Deleted Objects,DC=<Domain|Forest>DNSZones,DC=<YourDomain>,DC=<Suffix>. When Static entries are deleted we do not see them in the Deleted Objects container. Is that a bug, by design, or are we missing something?

  Static records should show up along with dynamically created records. I don't believe they would go anywhere else, since they are just DNS nodes in the same context. Maybe there's some other mitigating issue that may be causing it?
  Have you seen the following links? If not, let us know what links you were reading, please.
  What to do when DNS records disappear
  http://searchwindowsserver.techtarget.com/tip/What-to-do-when-DNS-records-disappear
  Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2
  http://blogs.technet.com/b/askds/archive/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2.aspx
  Curious, when you deleted the dynamic and static records, did you do that on the same DC in the same AD Site?
  Are there any replication errors or issues?
  Let's also eliminate any possibilities of the existence of duplicate AD integrated zones. If there are, one DC's *view* or what it *sees* in a partition will be different than another DC's view.
  Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
  http://blogs.msmvps.com/acefekay/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Flow and Static checks

  Hi there,
  I created a datamodel and have applied a condition to it. When I execute the interface the invalid records are captured in the E$ table but all the other valid records do not appear on the target table. I couldn't able to find the reason for this. I have applied flow and static check to the condition and the same for the table column. Im not sure why the validate records are rejected.
  Any help is appreciated.
  Cheers

  HI!
  Let me understand, do you want the invalid records at target table?
  If you use the flow control it will keep the records at E$ and WILL NOT load it.
  If you use static control, it will LOAD the data and, after that, verify what are the records with problems.
  Don't use both controls at same time, it doesn't make logical sense unless when needs to validate distinct constraints at each moment.
  Does it help you?

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Local and ISP DNS

  Hi all,
  i have a local DNS server for some local stuff like website,ldap and so on and the normal ISP DNS.
  On Client i have entered the local DNS IP (xxx.xxx.xxx.xxx) and the ISP DNS IP (yyy.yyy.yyy.yyy).
  So here is my problem when the Local DNS IP is on top of the table i can surf only the local websites but not the public. vice versa is it for when i have the ISP DNS IP on top. what can i do to surf all website, the local and the public.

  Your DNS is asking a "lame" server for DNS; you're not getting an authoritative response to the query.
  The target DNS server for the query isn't configured correctly; the local DNS server has found a target DNS server for the domain as being authoritative for the zone, but the target DNS server is not configured as being authoritative for the zone.
  i configured my router for forwarding the port 53 to my local dns, but it didn't solved the problem!
  That's not what I'd choose here.
  Your clients are aimed at your DNS server. Your DNS server is aimed at your ISP servers. Your firewall is set to pass DNS out, but (generally) to block inbound DNS requests. Your DHCP is set to serve your DNS server address. If you've been tossing configuration changes and such here within your clients and your DNS servers, then you may well have some stale stuff in the DNS caches, too.

• Abstract classes and static methods

  I have an abstract report class AbstractReportClass which I am extending in multiple report classes (one for each report, say ReportA, ReportB, ...). Each report class has its own static column definitions, title, etc., which I have to access through a static method getDataMeta() in a web application. Each report has the same exact code in getDataMeta, and no report may exist without these fields. My intuition tells me that AbstractReportClass should contain the code for getDataMeta, but I know that you can't mix abstract and static keywords.
  Am I missing a simple solution to unify the getDataMeta code in the abstract base class? or do I really need to have a static function getDataMeta with the same code in each of the base classes?
  My apologies if this has been discussed many times before.
  Thanks,
  -Andrew

  I'm not trying to be "right"; rather I just asked a question about whether I can do something that seems intuitive. Perhaps you might write code in a different way than I would or perhaps I wasn't clear about every little detail about my code? Do you regularly belittle people who ask questions here?
  I have a loadFromDB() member function in AbstractReport for which all sub classes have an overloaded version. All reports I'm displaying have 4 common fields (a database id and a name and a monetary value, for example), but then each other report has additional fields it loads from the database. Inside ReportX classes' loadFromDB(), I call the superclass loadFromDB() function and augment values to get a completely loaded object. In fact, the loadedData member object resides in AbstractReport.
  I can't use a report unless it has these common features. Every report is an AbstractReport. There is common functionality built on top of common objects. Isn't this the point of inheritance? I'm essentially saying that abstract class Shape has a getArea function and then I'm defining multiple types of Shapes (e.g. Rectangle and Circle) to work with...