Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

DNS-error in set up preventing secondaries from making zone transfers.

I am running windows 2000 server and the company DNS admin sent me a notice saying I have an error in my setup preventing secondaries from making zone transfers.  They said they did not have any expertise in windows DNS but thought I should remove my alias.  When the server admin set up this process he did not have the alias in the interface and no one could get to the safety site.  In the DNS properties menu on this item there are some selections.  It is set to Host and Aliases (A and Cname records) as below.  If I
change this to just Host do you think that would work and still recognize the alias.  I am afraid if I remove the alias record then no one will be able to get to the site.  The System log shows Event  5782 "Dynamic registratrion or deregistration of one or more DNS records failed with the following error. No DNS server configured for the local host.  The server administrator left the company and I am new to DNS with no other windows 2000 server experts available.  Thanks for your help......


0
a182612
Asked:
a182612
  • 7
  • 5
1 Solution
 
jdeclueCommented:
The error which is in you event log is related to the network configuration of the DNS server. Under Network properties, open you network configuration, goto properties of your TCP/IP setting for the network card, goto the DNS settings and put in the DNS server.

Is your DNS admin asking you to send them Zone transfers, if so got to DNS Management, right click on the Name of the domain under the forward lookup. Goto to Zone Transfer, allow zone transfers and put in their DNS servers, if this Admin understands DNS, then reading the options to him should be sufficient to allow him to help you with the setup.

J
0
 
a182612Author Commented:
I checked the TCP/IP settings and teh DNS server IP addresses are in place already.  I am verifying with the DSN folks that these are the correct addresses.

For part 2 here is what they are saying:
> We do not support Microsoft's DNS server.  We recommend using BIND (from
http://www.isc.org).  But from the snapshot you sent, we think the problem
> is with the line:
>
> (same as parent folder)         Alias   corpsafety.safety.fedex.com.
>
> In BIND terms, this is called a CNAME record.  safety.fedex.com is called
> the zone, and you cannot create a CNAME record for your zone.  Well, you
> can create it, but your results will vary with different nameservers.  So
> you need to remove this record.  Under the forward zone in the DSN interface it does say safety.fedex.com my server name.  Should I remove that and put the IP addresses of the DSN server there and remove the the safety.fedex.com?  Sorry but I have very little knowledge about DSN.
>
0
 
jdeclueCommented:
Do you know why you require the downlevel domain corpsafety?
 Or is corpsafety the name of a server?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
a182612Author Commented:
corpsafety is the name of the web server.
0
 
jdeclueCommented:
you are redirecting safety.fedex.com to corpsafety.safety.fedex.com, so that users do not have to type corpsafety to get to your web server. Is this a requirement?
0
 
jdeclueCommented:
I am off to a meeting, back in a about an hour.
0
 
a182612Author Commented:
According to the guy who left he said that safety management wanted to use safety.fedex.com as the web site home page and the server is named corpsafety. safety.fedex.com so I think he has this set up as an alias so that even though the server was named corpsafety.safety.fedex.com the user only has to use the alias.
0
 
jdeclueCommented:
That is exactly what he did, but by doing that he created an alias of the domain itself to a downlevel domain. I would suggest removing the alias completely. Then you will either have to have the users go to corpsafety.safety.fedex.com or you could ask the owners of fedex.com to add an entry for you servers IP address call "safety". That way you will have safety.fedex.com available to them.

P.S. I used to be Director of IT for kinkos.com, until we sold the company to Kinkos Corporation. I spent a lot of time developing Print to Kinko's and integrating the website with Fedex and Kinko's.

 
0
 
a182612Author Commented:
Wow, what a small world.  I am sure you know Kinko's is now a FedEx company....

Is this the problem causing the error message in the system log and the zone issue the DNS admin is seeing?  It seems I remmember the server admins saying we could not have the 'safety' designation tied to our IP address for some reason.  I will have to check on that.

If they do designate the 'safety' to my server's IP address would I be able to remove the alias and folks would still find the site using safety.fedex.com?  I am trying to determine what is occuring in this case.  Is it just creating the alias at a higher level instead of on my box? One more thing if they can't do this and I leave it are there any big consequences?  I have not had anyone complaining they can't find the site and it's been that way for at least a few years.  The trigger on this issue was the DSN admin sending me that notice apparently showing up in their error log.  Not sure why they did not see it a long time ago either..

Thanks so much for your help.
0
 
jdeclueCommented:
My mistake. I gave you bad info. As safety is the name of your DNS domain, it should not be used at all. If you have the DNS Admins for fedex.com create and entry for corpsafety in fedex.com then the users could just type corpsafety.fedex.com and go directly to the site. The record would look something like this.

192.168..2.10       CNAME    corpsafety

in the fedex.com forward lookup zone.

You would have the same entry in your forward lookup zone as well.

In this configuration you will be able to access your webserver at either corpsafety.fedex.com or corpsafety.safety.fedex.com.

The problem right now is that their DNS does a lookup on safety.fedex.com expecting to get a DNS server, and instead they get your web server.

0
 
a182612Author Commented:
I guess it's safe to say that just because the DNS folks are getting that error does not mean it's impacting my server site??  I don't really care of they have the error if there is no impact n folks finding my server. My management has said they only want folks to go to safety.fedex.com and not use the 'corp' so I am going to leave it as is.  I think if folks could not get to my site I would have had complaints because its' used significantly.  Can you see any reason for me to change this or impact if I don't except the DNS folks getting an error is their system logs?  Thanks.
0
 
jdeclueCommented:
I can't answer that without knowing what those DNS admins know. But, provided that everyone can get to your site, which it looks like they should and there are not any issues with clients and there DNS lookups then I am not sure you require the zone transfers.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now