Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Win2k Domain and domain names on cable setup problems...please help ...

Posted on 2003-11-08
9
Medium Priority
?
731 Views
Last Modified: 2010-03-18
Hello all,

First of all, thanks for taking the time to read such a long post...but I am trying to explain it the best way possible so less typing everyone has to do.

HARDWARE SETUP :

ISP (Static IP) ->  Netgear Router RT314 ( DHCP Server) -> Netgear Switch -> - Win2k Server (Domain Controller - server1)
                                                                                                                  - Win2k Server ( www - ftp - server2)
                                                                                                                  - WinXP Pro (PC - client1)
                                                                                                                  - WinXP Pro (Laptop - client2)

I have a cable connection coming from my ISP with a pretty much dedicated IP (same for the passed 3 years) that is connected to a netgear router which is my DHCP server at the moment with ip (192.168.0.1).  From there, it goes to a netgear switch where it gets connected to my whole home network which includes 2 other win2k servers and 2 winxp clients.

PROBLEM :

Had my home network for all these years under a regular WORKGROUP and 2 days ago decided to play around with domains and the such.  Bought a book on win2k server (sybex-mastering win2k server second edition) and registered a domain name (mydomain.com).  I installed win2k server with service pack 4 and all necessary updates on my main server which i made my domain controller.  Created Active Directory, set it up following the books directions and everything seems to be running great in terms of having the clients joining the domain and users rights etc etc.  when I ping all the computers internally (ftp.mydomain.com or client1.mydomain.com), they all resolve to their respective IP addresses, which tells me that my DNS setup (forward and reverse lookup zones) are working good.

Now, the problem arises when I changed the NameServers on the hosting company(directnic).  I registered 2 new nameservers pointing to the IP that my ISP has been giving me for the passed 3 years and when I try to ping my domain from another computer outside my network ( different ISP), it starts resolving to my internal network IPs, like this :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\NONNOS>ping www.mydomain.com

Pinging www.mydomain.com [192.168.0.2] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\NONNOS>ping controller.mydomain.com

Pinging controller.mydomain.com [192.168.0.8] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\NONNOS>      

(this is all done from a computer outside my network.  Its actually my inlaws PC that is located across town)

This is where I got stuck, cause I am not sure whats going on and the book doesnt explain such an scenario.  I suspect that has something to do with the DNS setup and the fact that I only have 1 IP accessible from the outside.  My router is receiving the ping requests from outside and sending them to my DNS server (same as my Domain Controller) and resolving them to my internal IPs. Here is how i have them setup (Software wise)

SOFTWARE SETUP :

Router                                          : DHCP Server - IP : 162.198.0.1 - Name (router.mydomain.com)
Domain Controller / DNS Server      : Win2k Server + AD + DNS Service - IP : 192.168.0.8 - Name (controller.mydomain.com)
Client 1 / pc                                  : WinXP Pro - Name (client1.mydomain.com)
Client2 / laptop                             : WinXP Pro - Name (client2.mydomain.com)

NSLOOKUP:

Here is a nslookup from my DomainController / DNS Server :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.

C:\DOCUME~1\ADMINI~1>nslookup
Default Server:  controller
Address:  192.168.0.8

> ls -d mydomain.com
[controller]
*** Can't list domain mydomain.com: Query refused
> mydomain.com
Server:  controller
Address:  192.168.0.8

Name:    mydomain.com
Address:  192.168.0.8

> set type=any
> mydomain.com
Server:  controller
Address:  192.168.0.8

mydomain.com    internet address = 192.168.0.8
mydomain.com    nameserver = controller.mydomain.com
mydomain.com
        primary name server = controller.mydomain.com
        responsible mail addr = admin
        serial  = 32
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
controller.mydomain.com internet address = 192.168.0.8
>

All machines and users work fine internally.  All domain names resolve fine with their internal IPs with no problems.

Any advice would be much appreciated.                                

Thanks

0
Comment
Question by:RSebastiani
  • 4
  • 4
9 Comments
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9708405
Hi RSebastiani,
For your setup to work (an NS Server on a private network serving the public internet) you must have a router that is capable of 'translating' nslookups to your nameserver, on the run.

Any alternative will involve double nameschemes on your nameserver or implementing a second, independent nameserver (which in principle is the same as the first mentioned soluion).

My suggestion is that you revert to using an external nameservice for public DNS, - especially since you only have one public IP.

Kind regards,
Sven
0
 

Author Comment

by:RSebastiani
ID: 9708449
Hi Sven

I dont know if i exactly understand about having my router translate nslookups on the run, but my routher is capable of translating request from the outside my port numbers, meaning that i can tell it to redirect any "port" requests to specific IPs.  like .... any request to port 80, i can have my router redirect to my web server (internal ip : 192.168.0.2) etc etc.  Is that what you are talking about ?

By using and external nameservice for public DNS, you mean that I dont have to have my domain name look at my internal domain network for my network to work.  Sorry if I sound like a total newbie, but I wasnt sure on how to set this up and i thought that it was a requirement when i registered my domain to have the name servers point at my DNS server internally.  That is why i created my nameservers pointing at my external IP.   You mean that I dont have to do this and I can let my hosting company (directnic) use their defaul nameservers ?

I am not sure If i understand correctly what you mean, but please be patience :)...

Thanks so much

R.
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9708522
No worries R,

DNS can be hard to get to terms with: think of it as the "Yellow Pages",  - any DNS is just another index.

The information in the nameserver must be true in the realm in which it exist. The realm being the IP scope. In your case, your names exist in two realms: the big world of internet (the public IP address world) and your own little small world ( the private IP address world). Your own nameserver will provide true answers to any request received from any computer on your private network, but the nswers will not be true on internet. Likewise for the public nameserver, which will reply to any question with your public IP: that would not be a correct answer if received by one of the computers on your private net.

If everything else is working fine (you can browse internet without problems from all your computers) then don't changeanything in your own nameserver. Just tell your ISP or whoever you choose, to put your names on their nameserver with your public address.


Kind regards,
Sven
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:RSebastiani
ID: 9708725
Ok,

Yes, my whole LAN seems to be working great...i can get internet access from all my clients and servers, everything is working up to this point with no problems whatsoever, its just that one little thing that is not working.  Whenever someone or I try to ping the domain name that i registered, gets the internal IPs of my LAN.  i have 4 computers in the LAN, and if I try to ping all of them by name (client1.mydomain.com or client2.mydomain.com) from outside, it will resolve in my internal IPs.  

Basically what I am trying to do is to host my own domain here at home with my own web server in my domain, so when people type something like www.mydomain.com, it redirects to my external WAN IP and not any of my internal LAN IPs, then my router will redirect internally depending on the port that is being requested.

Now, about having them add my names to their nameservers? Is this done on the company where I registered my domain or is it done on my ISP (2 different companies).  On the company that I registerd my domain (directnic.com) I created 1 nameserver (they asked for 2, but I was able to get away with only 1) named ns0.mydomain.com  that points to my external WAN IP.  Thats all I have done in respect to the domain name.

Was I supposed to do this like that, or do I have to use some other nameservers?.  If not....did i have to do something else?

Thanks so much for your time..

R.
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9708756
Hi R.
you should cancel your registration of the ns0.mydomain.com and instead register for having them supplying you with nameservice.

Perhaps you should shop around a bit, - priceson DNS service varies, and personally I use a free service for that (I have a small home LAN with 8 boxes). I cannot advice you on services at your end (I'm in Denmark), but try searching for  "DNS free" or similar on google.

Regarding your setup with port-based routing: that's a fully functioning solution, also if you use an 'outside' DNS service. Most routers can be configured to route incoming traffic based on the port being requested. Better routers can even be configred for multihosting: e.g. 2 public IP's = 2x http-server, 2xftp-server, - etc...

Finally:
I understand your sentiment about wanting to have every service yourself, - I ran the "double DNS server" setup myself for a while. But today I think of it like a phonebook: I don't publish my own phonebook, even though I have a pbx with 10 phonenumbers at home ;-)

Regards,
Sven
0
 

Author Comment

by:RSebastiani
ID: 9710173
Hi Sven,

Ok, so I went and registered a new "Free DNS" using www.zoneedit.com free services (added entries for www.mydomain.com and mydomain.com to point to my WAN IP).  I told my domain name registration company (directnic.com) to point to the new nameservers that zoneedit is providing.

Question is now,  do i keep my local DNS server that i was running before?  Right now seems that the nameserver change hasnt been completed yet since I am getting this message from zoneedit.com :

Warning: Your nameservers have switched, but the switch notification has not spread through the internet. Typically this can last for 1-3 days.

The reason I think I would have to keep a local DNS server is so the rest of the machines know about the names of my other machines like client1.mydomain.com and controller.mydomain.com right?. but then, if I try to ping www.mydomain.com from within my local machines, they are all going to point to the local IP of my webserver instead of the "outside" IP since my local DNS server is taking over and resolving my local IPs.

If I do an ipconfig /all on my machines after releasing and renewing and telling them to "automatically get DNS info" (supposedly from my ISP), they still show that their DNS IP points to my local DNS Server and not an outside one like this :

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\RENATTO>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : renattolaptop
        Primary Dns Suffix  . . . . . . . : sebastianifamily.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : sebastianifamily.com

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible) #2
        Physical Address. . . . . . . . . : 00-06-5B-BC-FA-B9

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NETGEAR HA501 Wireless Adapter
        Physical Address. . . . . . . . . : 00-30-AB-17-7F-F2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.8
        Lease Obtained. . . . . . . . . . : Sunday, November 09, 2003 10:16:23 A
M
        Lease Expires . . . . . . . . . . : Wednesday, November 12, 2003 10:16:2
3 AM

C:\DOCUME~1\RENATTO>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\DOCUME~1\RENATTO>ipconfig /release

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :

C:\DOCUME~1\RENATTO>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection 2 while it has its media
disconnected.

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\DOCUME~1\RENATTO>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : renattolaptop
        Primary Dns Suffix  . . . . . . . : mydomain.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible) #2
        Physical Address. . . . . . . . . : 00-06-5B-BC-FA-B9

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NETGEAR HA501 Wireless Adapter
        Physical Address. . . . . . . . . : 00-30-AB-17-7F-F2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.8
        Lease Obtained. . . . . . . . . . : Sunday, November 09, 2003 10:47:29 A
M
        Lease Expires . . . . . . . . . . : Wednesday, November 12, 2003 10:47:2
9 AM

C:\DOCUME~1\RENATTO>

Is that the way is supposed to be, or should this be pointing at somewhere else ?.  If supposed to be pointing at somewhere else, how are my local computers going to know about their names locally if noone outside knows about them ?.

Everything still running great here except for the fact that I need to make sure people from the outside when try to ping my domain name, they get and "outside" IP and not my local ones.

Are people from outside supposed to see any of my local names?  like if try to ping client1.mydomain.com or controller.mydomain.com should they see the same WAN IP for all, not be able to see them at all? or see them but with some other kind of info ?

Gosh, this DNS thing is confusing.  Once again, thanks so much for your time.

R.
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 400 total points
ID: 9710434
Hi R.

No offence, but this is getting a bit too long, - the EE is for answering a question, not for running on-line tutorials ;-)

Anyhow:

1. keep your internal DNS server and all other configuration on your internal boxes.

2. Make sure that your internal DNS server TCP/IP config is configured as:
   - first DNS (itself, - i.e. 192.168.0.8)
   - second, third, etc. DNS should be some public DNS servers

3. At your public DNS provider, register all your computers, aliases (www, ftp, ...etc.), etc. to point at your public address

4. read my second answer, and reflect on its meaning, - this is very much about understanding basic principles

4. find some tutorials and howto's on the web and read about it

5. sit down and think about what you've read

6. experiment

Kind regards,
Sven
0
 

Author Comment

by:RSebastiani
ID: 9710478
Thanks for your time !!!

R.
0
 

Expert Comment

by:chrisss123
ID: 9950505
vpn doesnt resolve domain name When connecting to vpn i can access rd.alis.domain but cant access alis.domain when pinging doesnt resolve what can be the problem on the vpn server?
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question