Solved

Win2k Domain and domain names on cable setup problems...please help ...

Posted on 2003-11-08
9
717 Views
Last Modified: 2010-03-18
Hello all,

First of all, thanks for taking the time to read such a long post...but I am trying to explain it the best way possible so less typing everyone has to do.

HARDWARE SETUP :

ISP (Static IP) ->  Netgear Router RT314 ( DHCP Server) -> Netgear Switch -> - Win2k Server (Domain Controller - server1)
                                                                                                                  - Win2k Server ( www - ftp - server2)
                                                                                                                  - WinXP Pro (PC - client1)
                                                                                                                  - WinXP Pro (Laptop - client2)

I have a cable connection coming from my ISP with a pretty much dedicated IP (same for the passed 3 years) that is connected to a netgear router which is my DHCP server at the moment with ip (192.168.0.1).  From there, it goes to a netgear switch where it gets connected to my whole home network which includes 2 other win2k servers and 2 winxp clients.

PROBLEM :

Had my home network for all these years under a regular WORKGROUP and 2 days ago decided to play around with domains and the such.  Bought a book on win2k server (sybex-mastering win2k server second edition) and registered a domain name (mydomain.com).  I installed win2k server with service pack 4 and all necessary updates on my main server which i made my domain controller.  Created Active Directory, set it up following the books directions and everything seems to be running great in terms of having the clients joining the domain and users rights etc etc.  when I ping all the computers internally (ftp.mydomain.com or client1.mydomain.com), they all resolve to their respective IP addresses, which tells me that my DNS setup (forward and reverse lookup zones) are working good.

Now, the problem arises when I changed the NameServers on the hosting company(directnic).  I registered 2 new nameservers pointing to the IP that my ISP has been giving me for the passed 3 years and when I try to ping my domain from another computer outside my network ( different ISP), it starts resolving to my internal network IPs, like this :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\NONNOS>ping www.mydomain.com

Pinging www.mydomain.com [192.168.0.2] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\NONNOS>ping controller.mydomain.com

Pinging controller.mydomain.com [192.168.0.8] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\NONNOS>      

(this is all done from a computer outside my network.  Its actually my inlaws PC that is located across town)

This is where I got stuck, cause I am not sure whats going on and the book doesnt explain such an scenario.  I suspect that has something to do with the DNS setup and the fact that I only have 1 IP accessible from the outside.  My router is receiving the ping requests from outside and sending them to my DNS server (same as my Domain Controller) and resolving them to my internal IPs. Here is how i have them setup (Software wise)

SOFTWARE SETUP :

Router                                          : DHCP Server - IP : 162.198.0.1 - Name (router.mydomain.com)
Domain Controller / DNS Server      : Win2k Server + AD + DNS Service - IP : 192.168.0.8 - Name (controller.mydomain.com)
Client 1 / pc                                  : WinXP Pro - Name (client1.mydomain.com)
Client2 / laptop                             : WinXP Pro - Name (client2.mydomain.com)

NSLOOKUP:

Here is a nslookup from my DomainController / DNS Server :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.

C:\DOCUME~1\ADMINI~1>nslookup
Default Server:  controller
Address:  192.168.0.8

> ls -d mydomain.com
[controller]
*** Can't list domain mydomain.com: Query refused
> mydomain.com
Server:  controller
Address:  192.168.0.8

Name:    mydomain.com
Address:  192.168.0.8

> set type=any
> mydomain.com
Server:  controller
Address:  192.168.0.8

mydomain.com    internet address = 192.168.0.8
mydomain.com    nameserver = controller.mydomain.com
mydomain.com
        primary name server = controller.mydomain.com
        responsible mail addr = admin
        serial  = 32
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
controller.mydomain.com internet address = 192.168.0.8
>

All machines and users work fine internally.  All domain names resolve fine with their internal IPs with no problems.

Any advice would be much appreciated.                                

Thanks

0
Comment
Question by:RSebastiani
  • 4
  • 4
9 Comments
 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
Hi RSebastiani,
For your setup to work (an NS Server on a private network serving the public internet) you must have a router that is capable of 'translating' nslookups to your nameserver, on the run.

Any alternative will involve double nameschemes on your nameserver or implementing a second, independent nameserver (which in principle is the same as the first mentioned soluion).

My suggestion is that you revert to using an external nameservice for public DNS, - especially since you only have one public IP.

Kind regards,
Sven
0
 

Author Comment

by:RSebastiani
Comment Utility
Hi Sven

I dont know if i exactly understand about having my router translate nslookups on the run, but my routher is capable of translating request from the outside my port numbers, meaning that i can tell it to redirect any "port" requests to specific IPs.  like .... any request to port 80, i can have my router redirect to my web server (internal ip : 192.168.0.2) etc etc.  Is that what you are talking about ?

By using and external nameservice for public DNS, you mean that I dont have to have my domain name look at my internal domain network for my network to work.  Sorry if I sound like a total newbie, but I wasnt sure on how to set this up and i thought that it was a requirement when i registered my domain to have the name servers point at my DNS server internally.  That is why i created my nameservers pointing at my external IP.   You mean that I dont have to do this and I can let my hosting company (directnic) use their defaul nameservers ?

I am not sure If i understand correctly what you mean, but please be patience :)...

Thanks so much

R.
0
 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
No worries R,

DNS can be hard to get to terms with: think of it as the "Yellow Pages",  - any DNS is just another index.

The information in the nameserver must be true in the realm in which it exist. The realm being the IP scope. In your case, your names exist in two realms: the big world of internet (the public IP address world) and your own little small world ( the private IP address world). Your own nameserver will provide true answers to any request received from any computer on your private network, but the nswers will not be true on internet. Likewise for the public nameserver, which will reply to any question with your public IP: that would not be a correct answer if received by one of the computers on your private net.

If everything else is working fine (you can browse internet without problems from all your computers) then don't changeanything in your own nameserver. Just tell your ISP or whoever you choose, to put your names on their nameserver with your public address.


Kind regards,
Sven
0
 

Author Comment

by:RSebastiani
Comment Utility
Ok,

Yes, my whole LAN seems to be working great...i can get internet access from all my clients and servers, everything is working up to this point with no problems whatsoever, its just that one little thing that is not working.  Whenever someone or I try to ping the domain name that i registered, gets the internal IPs of my LAN.  i have 4 computers in the LAN, and if I try to ping all of them by name (client1.mydomain.com or client2.mydomain.com) from outside, it will resolve in my internal IPs.  

Basically what I am trying to do is to host my own domain here at home with my own web server in my domain, so when people type something like www.mydomain.com, it redirects to my external WAN IP and not any of my internal LAN IPs, then my router will redirect internally depending on the port that is being requested.

Now, about having them add my names to their nameservers? Is this done on the company where I registered my domain or is it done on my ISP (2 different companies).  On the company that I registerd my domain (directnic.com) I created 1 nameserver (they asked for 2, but I was able to get away with only 1) named ns0.mydomain.com  that points to my external WAN IP.  Thats all I have done in respect to the domain name.

Was I supposed to do this like that, or do I have to use some other nameservers?.  If not....did i have to do something else?

Thanks so much for your time..

R.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
Hi R.
you should cancel your registration of the ns0.mydomain.com and instead register for having them supplying you with nameservice.

Perhaps you should shop around a bit, - priceson DNS service varies, and personally I use a free service for that (I have a small home LAN with 8 boxes). I cannot advice you on services at your end (I'm in Denmark), but try searching for  "DNS free" or similar on google.

Regarding your setup with port-based routing: that's a fully functioning solution, also if you use an 'outside' DNS service. Most routers can be configured to route incoming traffic based on the port being requested. Better routers can even be configred for multihosting: e.g. 2 public IP's = 2x http-server, 2xftp-server, - etc...

Finally:
I understand your sentiment about wanting to have every service yourself, - I ran the "double DNS server" setup myself for a while. But today I think of it like a phonebook: I don't publish my own phonebook, even though I have a pbx with 10 phonenumbers at home ;-)

Regards,
Sven
0
 

Author Comment

by:RSebastiani
Comment Utility
Hi Sven,

Ok, so I went and registered a new "Free DNS" using www.zoneedit.com free services (added entries for www.mydomain.com and mydomain.com to point to my WAN IP).  I told my domain name registration company (directnic.com) to point to the new nameservers that zoneedit is providing.

Question is now,  do i keep my local DNS server that i was running before?  Right now seems that the nameserver change hasnt been completed yet since I am getting this message from zoneedit.com :

Warning: Your nameservers have switched, but the switch notification has not spread through the internet. Typically this can last for 1-3 days.

The reason I think I would have to keep a local DNS server is so the rest of the machines know about the names of my other machines like client1.mydomain.com and controller.mydomain.com right?. but then, if I try to ping www.mydomain.com from within my local machines, they are all going to point to the local IP of my webserver instead of the "outside" IP since my local DNS server is taking over and resolving my local IPs.

If I do an ipconfig /all on my machines after releasing and renewing and telling them to "automatically get DNS info" (supposedly from my ISP), they still show that their DNS IP points to my local DNS Server and not an outside one like this :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\RENATTO>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : renattolaptop
        Primary Dns Suffix  . . . . . . . : sebastianifamily.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : sebastianifamily.com

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible) #2
        Physical Address. . . . . . . . . : 00-06-5B-BC-FA-B9

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NETGEAR HA501 Wireless Adapter
        Physical Address. . . . . . . . . : 00-30-AB-17-7F-F2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.8
        Lease Obtained. . . . . . . . . . : Sunday, November 09, 2003 10:16:23 A
M
        Lease Expires . . . . . . . . . . : Wednesday, November 12, 2003 10:16:2
3 AM

C:\DOCUME~1\RENATTO>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\DOCUME~1\RENATTO>ipconfig /release

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :

C:\DOCUME~1\RENATTO>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\DOCUME~1\RENATTO>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : renattolaptop
        Primary Dns Suffix  . . . . . . . : mydomain.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible) #2
        Physical Address. . . . . . . . . : 00-06-5B-BC-FA-B9

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NETGEAR HA501 Wireless Adapter
        Physical Address. . . . . . . . . : 00-30-AB-17-7F-F2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.8
        Lease Obtained. . . . . . . . . . : Sunday, November 09, 2003 10:47:29 A
M
        Lease Expires . . . . . . . . . . : Wednesday, November 12, 2003 10:47:2
9 AM

C:\DOCUME~1\RENATTO>

Is that the way is supposed to be, or should this be pointing at somewhere else ?.  If supposed to be pointing at somewhere else, how are my local computers going to know about their names locally if noone outside knows about them ?.

Everything still running great here except for the fact that I need to make sure people from the outside when try to ping my domain name, they get and "outside" IP and not my local ones.

Are people from outside supposed to see any of my local names?  like if try to ping client1.mydomain.com or controller.mydomain.com should they see the same WAN IP for all, not be able to see them at all? or see them but with some other kind of info ?

Gosh, this DNS thing is confusing.  Once again, thanks so much for your time.

R.
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 100 total points
Comment Utility
Hi R.

No offence, but this is getting a bit too long, - the EE is for answering a question, not for running on-line tutorials ;-)

Anyhow:

1. keep your internal DNS server and all other configuration on your internal boxes.

2. Make sure that your internal DNS server TCP/IP config is configured as:
   - first DNS (itself, - i.e. 192.168.0.8)
   - second, third, etc. DNS should be some public DNS servers

3. At your public DNS provider, register all your computers, aliases (www, ftp, ...etc.), etc. to point at your public address

4. read my second answer, and reflect on its meaning, - this is very much about understanding basic principles

4. find some tutorials and howto's on the web and read about it

5. sit down and think about what you've read

6. experiment

Kind regards,
Sven
0
 

Author Comment

by:RSebastiani
Comment Utility
Thanks for your time !!!

R.
0
 

Expert Comment

by:chrisss123
Comment Utility
vpn doesnt resolve domain name When connecting to vpn i can access rd.alis.domain but cant access alis.domain when pinging doesnt resolve what can be the problem on the vpn server?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now