Solved

DNS-error in set up preventing secondaries from making zone transfers.

Posted on 2004-08-02
12
299 Views
Last Modified: 2010-04-13
I am running windows 2000 server and the company DNS admin sent me a notice saying I have an error in my setup preventing secondaries from making zone transfers.  They said they did not have any expertise in windows DNS but thought I should remove my alias.  When the server admin set up this process he did not have the alias in the interface and no one could get to the safety site.  In the DNS properties menu on this item there are some selections.  It is set to Host and Aliases (A and Cname records) as below.  If I
change this to just Host do you think that would work and still recognize the alias.  I am afraid if I remove the alias record then no one will be able to get to the site.  The System log shows Event  5782 "Dynamic registratrion or deregistration of one or more DNS records failed with the following error. No DNS server configured for the local host.  The server administrator left the company and I am new to DNS with no other windows 2000 server experts available.  Thanks for your help......


0
Comment
Question by:a182612
  • 7
  • 5
12 Comments
 
LVL 9

Expert Comment

by:jdeclue
ID: 11693638
The error which is in you event log is related to the network configuration of the DNS server. Under Network properties, open you network configuration, goto properties of your TCP/IP setting for the network card, goto the DNS settings and put in the DNS server.

Is your DNS admin asking you to send them Zone transfers, if so got to DNS Management, right click on the Name of the domain under the forward lookup. Goto to Zone Transfer, allow zone transfers and put in their DNS servers, if this Admin understands DNS, then reading the options to him should be sufficient to allow him to help you with the setup.

J
0
 

Author Comment

by:a182612
ID: 11694292
I checked the TCP/IP settings and teh DNS server IP addresses are in place already.  I am verifying with the DSN folks that these are the correct addresses.

For part 2 here is what they are saying:
> We do not support Microsoft's DNS server.  We recommend using BIND (from
> http://www.isc.org).  But from the snapshot you sent, we think the problem
> is with the line:
>
> (same as parent folder)         Alias   corpsafety.safety.fedex.com.
>
> In BIND terms, this is called a CNAME record.  safety.fedex.com is called
> the zone, and you cannot create a CNAME record for your zone.  Well, you
> can create it, but your results will vary with different nameservers.  So
> you need to remove this record.  Under the forward zone in the DSN interface it does say safety.fedex.com my server name.  Should I remove that and put the IP addresses of the DSN server there and remove the the safety.fedex.com?  Sorry but I have very little knowledge about DSN.
>
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11695538
Do you know why you require the downlevel domain corpsafety?
 Or is corpsafety the name of a server?
0
 

Author Comment

by:a182612
ID: 11695609
corpsafety is the name of the web server.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11695671
you are redirecting safety.fedex.com to corpsafety.safety.fedex.com, so that users do not have to type corpsafety to get to your web server. Is this a requirement?
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11695675
I am off to a meeting, back in a about an hour.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:a182612
ID: 11698716
According to the guy who left he said that safety management wanted to use safety.fedex.com as the web site home page and the server is named corpsafety. safety.fedex.com so I think he has this set up as an alias so that even though the server was named corpsafety.safety.fedex.com the user only has to use the alias.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11703278
That is exactly what he did, but by doing that he created an alias of the domain itself to a downlevel domain. I would suggest removing the alias completely. Then you will either have to have the users go to corpsafety.safety.fedex.com or you could ask the owners of fedex.com to add an entry for you servers IP address call "safety". That way you will have safety.fedex.com available to them.

P.S. I used to be Director of IT for kinkos.com, until we sold the company to Kinkos Corporation. I spent a lot of time developing Print to Kinko's and integrating the website with Fedex and Kinko's.

 
0
 

Author Comment

by:a182612
ID: 11705952
Wow, what a small world.  I am sure you know Kinko's is now a FedEx company....

Is this the problem causing the error message in the system log and the zone issue the DNS admin is seeing?  It seems I remmember the server admins saying we could not have the 'safety' designation tied to our IP address for some reason.  I will have to check on that.

If they do designate the 'safety' to my server's IP address would I be able to remove the alias and folks would still find the site using safety.fedex.com?  I am trying to determine what is occuring in this case.  Is it just creating the alias at a higher level instead of on my box? One more thing if they can't do this and I leave it are there any big consequences?  I have not had anyone complaining they can't find the site and it's been that way for at least a few years.  The trigger on this issue was the DSN admin sending me that notice apparently showing up in their error log.  Not sure why they did not see it a long time ago either..

Thanks so much for your help.
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 250 total points
ID: 11706421
My mistake. I gave you bad info. As safety is the name of your DNS domain, it should not be used at all. If you have the DNS Admins for fedex.com create and entry for corpsafety in fedex.com then the users could just type corpsafety.fedex.com and go directly to the site. The record would look something like this.

192.168..2.10       CNAME    corpsafety

in the fedex.com forward lookup zone.

You would have the same entry in your forward lookup zone as well.

In this configuration you will be able to access your webserver at either corpsafety.fedex.com or corpsafety.safety.fedex.com.

The problem right now is that their DNS does a lookup on safety.fedex.com expecting to get a DNS server, and instead they get your web server.

0
 

Author Comment

by:a182612
ID: 11708970
I guess it's safe to say that just because the DNS folks are getting that error does not mean it's impacting my server site??  I don't really care of they have the error if there is no impact n folks finding my server. My management has said they only want folks to go to safety.fedex.com and not use the 'corp' so I am going to leave it as is.  I think if folks could not get to my site I would have had complaints because its' used significantly.  Can you see any reason for me to change this or impact if I don't except the DNS folks getting an error is their system logs?  Thanks.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11714494
I can't answer that without knowing what those DNS admins know. But, provided that everyone can get to your site, which it looks like they should and there are not any issues with clients and there DNS lookups then I am not sure you require the zone transfers.

0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now