Solved

URGENT PLEASE!! DNS SETUP HELP IN WINDOWS SERVER 2003!

Posted on 2004-08-13
36
258 Views
Last Modified: 2012-08-14
Hi,

I just swithced the nameserver settings on directNIC and now the first nameserver is my nameserver and the second is my ISP's.

I think I have the forward and reverse zones setup incorrectly:

FORWARD:

1. Host(A) record  
Name: (same as parent folder)
IP: internal IP address of server

2. Host(A) record
Name: mail
IP:  external public IP address of router

3. Host(A) record
Name: www
IP:  external public IP address of router

4 Mail Exchanger (MX)
Name: name of server


SOMEONE PLEASE HELP ME WITH THIS!!  VERY URGENT!!

We are not getting any incoming mails.

Thanks.  


0
Comment
Question by:NAPSR
  • 18
  • 15
  • 2
  • +1
36 Comments
 
LVL 1

Expert Comment

by:santsys
ID: 11797390
Your MX record needs to be of a valid Host (A) address that point to the IP of your mail server.

for example:
Host (A): exchange
Address: 192.168.10.2

MX
Address: exchange

--Josh

0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797403
Hi NAPSR,

Firstly, don't panic.  OK, it might be too late for that.

Unfortunately I'm not familiar with how directNIC works, but the DNS concepts are fairly straightforward:

Can I just clarify - are you wanting to host (provide DNS service) for the domain yourself, or use DirectNICs services?

I'm assuming that you want to let your ISP do the DNS stuff, in which case you just need to supply the right settings.


FORWARDS
For your domain, you will need a couple of "NS" records, these are your name servers.
As DirectNIC are hosting your domain, these would be the DNS servers for your domain.

You will need an A record for "www", pointing to the IP of your web server
You will need at least one MX record, pointing to your mail server

I'm typing this quickly as I know you're in a rush.

Please let me know if this makes sense or not.  ... or, if you are really trying to supply the DNS yourself.



0
 

Author Comment

by:NAPSR
ID: 11797431
I don't understand what you mean.

so I need to create just ONE MX record

host or child domain: www
FQDN: www.mydomain.com
FQDN of server: nameofserver.themaindomain.com

Is this what you mean?

0
 

Author Comment

by:NAPSR
ID: 11797447
scamp:

I want to host the DNS for my domain myself on my server.  My ISP is not hosting DNS.
I am supplying the DNS myself

The NS records:

1.  full nameofserver;    internal ip address of server
2.  name of ISP server;  IP address of server
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797513
Right, that makes a little more sense now.

It sounds like the NS records are OK

As you only have one server that can accept SMTP mail (assumption here!), you need that server to be listed as the MX

You can either do that by IP address, 192.168.1.1 or by name mailserver.mydomain.com

If you do it by name, you MUST make sure that you have an "A" record for "mailserver" configured in your DNS, and that resolves to the IP correctly.

Take a look at http://www.checkdns.net

Put your domain name in, and it'll do loads of checks and tell you what's going wrong.

If you don't understand the output of that, post it here and we'll take a look.
0
 

Author Comment

by:NAPSR
ID: 11797550
my full server name is: hostserver.metrohostingservices.com
external public IP address is: 216.212.58.178
internal server IP address is: 192.168.1.21
my domain name is: www.napsronline.org

I am using windows server 2003.

This is the exported list from my DNS:

Name      Type      Data
1. (same as parent folder)      Start of Authority (SOA)      [26], hostserver.metrohostingservices.com., hostmaster.metrohostingservices.com.
2. (same as parent folder)      Name Server (NS)      alpha.birch.net.
3. (same as parent folder)      Name Server (NS)      hostserver.metrohostingservices.com.
4. (same as parent folder)      Host (A)      192.168.1.21
hostserver      Mail Exchanger (MX)      [10]  hostserver.metrohostingservices.com.
5. mail      Host (A)      216.212.58.178
6. www      Host (A)      216.212.58.178
7. www      Mail Exchanger (MX)      [10]  hostserver.metrohostingservices.com.


PLEASE tell me what is wrong with the above setup.

Thank you very much for your help!!
0
 

Author Comment

by:NAPSR
ID: 11797568
BELOW IS THE REVERSE DNS SETUP:

Name      Type      Data
1. (same as parent folder)      Start of Authority (SOA)      [23], hostserver.metrohostingservices.com., hostmaster.metrohostingservices.com.
2. (same as parent folder)      Name Server (NS)      alpha.birch.net.
3. (same as parent folder)      Name Server (NS)      hostserver.metrohostingservices.com.
4. 216.212.58.178      Pointer (PTR)      hostserver.metrohostingservices.com.



Thanks
0
 
LVL 1

Expert Comment

by:santsys
ID: 11797569
Would be more correct...

Name     Type     Data
1. (same as parent folder)     Start of Authority (SOA)     [26], hostserver.metrohostingservices.com., hostmaster.metrohostingservices.com.
2. (same as parent folder)     Name Server (NS)     alpha.birch.net.
3. (same as parent folder)     Name Server (NS)     hostserver.metrohostingservices.com.
4. (same as parent folder)     Host (A)     192.168.1.21   hostserver
5. Mail Exchanger (MX)     [10]  hostserver.metrohostingservices.com.
6. mail     Host (A)     216.212.58.178
7. www     Host (A)     216.212.58.178
0
 

Author Comment

by:NAPSR
ID: 11797578
I am also behind a router.  I have ports 80, 110, 25 and 53 open and all are forwarded to the IP address of the server.
0
 

Author Comment

by:NAPSR
ID: 11797603
santsys:

I don't understand the 4th line.  Below is the way it is configured on my end:

Host: (same as parent folder:
FQDN: napsronline.org
IP: 192.168.1.21

Is this correct?

Thanks for your help!
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797612
Hi

Here are my assumptions, let me know if they're wrong:
Your domain is "napsronline.org"
The server that hosts your primary DNS is hostserver.metrohostingservices.com
Your ISP has agreed to be a secondary DNS for your domain.  Their name server is called alpha.birch.net
Your website is hosted on a server with IP address 216.212.58.178
Your inbound SMTP server has IP address 216.212.58.178


Based on that lot:
Delete the current zone
Create a primary forward lookup zone for "napsronline.org"
For the time being, the SOA default should be fine.
Your name servers (NS) records need to be hostserver.metrohostingservices.com and alpha.birch.net

Create an "A" record for "www" pointing to 216.212.58.178
Create an "A" record for "mail" pointing to 216.212.58.178
Create an "MX" record (priority 10), pointing to "mail"

That should be it for the domain.  Make sure that your secondary DNS is geting copies of the Zone files properly.

Once you've done the above, use checkdns.net again to check it.
0
 

Author Comment

by:NAPSR
ID: 11797619
santsys:

Also on the 5th line for the MX,

What should the "host or child domain" name be?

0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797627
Napsr/Santsys

Line 4 of the original config doesn't make sense, it's pointing to a private-space IP.  That means that no-one externally would be able to get to it.

You don't actually need an "A" record for the domain itself, however they're generally set up to point to the webserver for the domain.  That means that people can go to "napsronline.org" rather than "www.napsronline.org"
0
 

Author Comment

by:NAPSR
ID: 11797655
scamp:

You wrote:

"Your website is hosted on a server with IP address 216.212.58.178
Your inbound SMTP server has IP address 216.212.58.178"


The external IP address of my website is: 216.212.58.178
The SMTP/webserver/nameservers internal IP address is: 192.168.1.21

Below are the changes I have made:

Name      Type      Data
1. (same as parent folder)      Start of Authority (SOA)      [30], hostserver.metrohostingservices.com., hostmaster.metrohostingservices.com.
2. (same as parent folder)      Name Server (NS)      hostserver.metrohostingservices.com.
3. (same as parent folder)      Name Server (NS)      alpha.birch.net.
4. mail      Host (A)      216.212.58.178
5. mail      Mail Exchanger (MX)      [10]  hostserver.metrohostingservices.com.
6. www      Host (A)      216.212.58.178

Thanks

0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797679
You need to make sure you list the external IP address of the mail server, otherwise email can't be delivered.

Is the external address for the mail server 216.212.58.178?

If it is, then line 4 is OK.

Line 5 needs fixing.  It should be towards the top, and read something like:
(same as parent folder)    Mail Exchanger (MX)   [10]  mail.napsronline.org
0
 

Author Comment

by:NAPSR
ID: 11797702
Yes the external mail server address is 216.212.58.178.  This is the address given to the router.

I checked on quick check and it seems that my old IP address is still lingering around and my new IP has not propogated completely.

Can you please check on quick check and let me know how i can correct the errors

Thanks
0
 
LVL 15

Accepted Solution

by:
scampgb earned 500 total points
ID: 11797706
Right, according to the domain registrar, your name server should be:
Name Server:ALPHA.BIRCH.NET
Name Server:NS0.NAPSRONLINE.ORG

I assume that NS0 is an alias for the machine that you're running your DNS on?  I also assume that the IP of this server is 216.212.58.178

If that's the case, your DNS records need to look more like:
1. (same as parent folder)     Start of Authority (SOA)     [30], ns0.napsronline.org, hostmaster.napsronline.org
2. (same as parent folder)     Name Server (NS)     ns0.napsronline.org.
3. (same as parent folder)     Name Server (NS)     alpha.birch.net.
4. (same as parent folder)     Mail Exchanger (MX)     [10]  mail.napsronline.com.
5. mail     Host (A)     216.212.58.178
6. www     Host (A)     216.212.58.178
7. ns0       Host (A)     216.212.58.178



... the above assumes that your DNS, website and SMTP mail server are all accessed through the IP address 216.212.58.178
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797732
Posts that are crossing in the night :-)

Actually, I'm very tired now and I'm looking forward to my bed!

Anyway, one of the problems with fixing DNS issues is the propogation times.  Dependant on what you had in your SOA record, it can take quite a while for the rest of the world to catch up.

It'll happen eventually though - the important bit is to get it right.

Looking on CheckDNS now, things are getting there but still not right.
Your secondary name server doesn't appear to be getting up-to-date zone files.  Also, the name servers listed in the zone arén't consistent.  What I said above should fix that.

Email is currently being delivered to the wrong place, once again, the comments above should fix that.

Also, your web server doesn't appear to be responding - but that's a whole other issue :-)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:NAPSR
ID: 11797768
can you please stick around for a little longer.  I would really appreciate it.  I just want to get this cleard up.

I have made the above changes and on checkdns, it says my mail is working correctly.  Why isn't my web server responding?  I have port 80 open.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797793
OK, we're getting there! :-)

You still have a slight issue with NS-record mismatches, but that can be cleared up easily enough.

checkdns.net is reporting timeout issues when connecting to your www server.
Although, I've just tried browsing to it myself and it works fine.

I'd say that this isn't something to worry about a great deal at the moment.  Let things settle down and then take another look at it.

Did you update all of the DNS records in the way I mentioned?
If you have, then the NS-record inconsistencies should clear themselves up over the next couple of hours.

Have you tried sending an email to your domain - from hotmail for example?  Did it arrive?
0
 

Author Comment

by:NAPSR
ID: 11797794
The check DNS says that the mail server is working correctly but I still don't see any mail coming in.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797810
What address can I send a test to?
0
 

Author Comment

by:NAPSR
ID: 11797851
I will take that back....the mail is working.  I just sent it from my hotmail account.

If you could please go to dnsstuff.com, the reverse dns says that there is no PTR record but I have one.

Can you please help me with that?  I just don't want my website to be down the whole weekend so is there any reason why it says my web server is not responding.

Thank you very much for your help!
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797859
I've telnetted to port 25 of your mail server (216.212.58.178) and did a successful SMTP transaction.

220 hostserver.metrohostingservices.com Microsoft ESMTP MAIL Service, Version: 6
.0.3790.0 ready at  Fri, 13 Aug 2004 18:07:46 -0500
helo me.mydomain.com
250 hostserver.metrohostingservices.com Hello [x.x.x.x]
mail from: test@test.org
250 2.1.0 test@test.org....Sender OK
rcpt to: postmaster@napsronline.org
250 2.1.5 postmaster@napsronline.org
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject: Test from EE

Hi

Here's the test I mentioned

.
250 2.6.0 <HOSTSERVER00dSdVudU000026e4@hostserver.metrohostingservices.com> Queu
ed mail for delivery


If I do telnet mail.napsronline.org 25 - then I connect to the same server.

If you're not receiving emails when they're being delivered, then that's an email setup problem and not related to this DNS issue


It looks like the main DNS issue is now sorted.  I suggest you allow a little time for propogation, and let things settle down.  I'll look at this again in the morning.

0
 

Author Comment

by:NAPSR
ID: 11797880
Even if I delete the hostserver.metrohostingservices.com from the nameserver and from the SOA primary server area, it still pops back automatically when I refresh.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11797893
You need to make sure that you have a PTR record listed for the reverse DNS domain 178.58.212.216.in-addr.arpa

I suggest that you set this to "www.napsronline.org.", as this would make the most sense.

The article http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20896039.html should help you with doing this.


I'm pretty confident that your web server is behaving (well, it works in sunny England).

I don't think there's anything major for you to worry about at the moment.  Your website's up, you're receiving emails and your DNS server is responding to requests.  What more could you ask for? :-)

Seriously though, there are a few issues relating to the NS & SOA records that need sorting out, but it's best not to mess around with those for a few hours. You'll need to allow the recent changes to propogate properly.

Sorry, but I really do need to get some sleep now.  I'll check in on this in the morning for your, and let you know what I think then.
0
 

Author Comment

by:NAPSR
ID: 11797911
Thank you very much for your help!  I had no idea you were in england.  
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11799654
One of the joys of technology - location independance :-)

Anyway, we've had some domain propogation and I've got coffee - on with the show!

I've looked at the resports from checkdns and dnsreport for you.

It looks like things are pretty good now, except for a few issues with authoritative DNSs and your secondary DNS.

It would be a good idea to fix the name of the DNS servers in your SOA record.  http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20984121.html should help you with that.

The biggest problem is that your secondary DNS server is "lame".  This means that it's not acting authoritatively for your domain.
In all probability, this is because your ISP hasn't set up their server to act as a secondary from you.  I suggest that you speak to them about this.

Other than that - there's nothing that's going to stop it working :-)

Do take a look at dnsreport.com though.  It mentions a few things that would be worth tweaking in order to get a "perfect" DNS setup.

It took a while, but I think we got there :-)
0
 

Author Comment

by:NAPSR
ID: 11801596
hi scamp,

Last night, I spent a couple of hours with my ISP's tech support guy and we finally got the reverse dns correct.  But this morning, I noticed that one of their servers is not functioning correctly.  They have two servers, one of them has delegated the IP to me so my PTR records are being noticed but the other one has a PTR record for me instead of delegating it to me and noticing my PTR record setup on my server.  Both PTR records say the same thing but I want to make sure that both of their servers delegate the IP to me and that my PTR records are being noticed.

I am having a problem with the SOA record and NS setup.  Everytime I change the primary nameserver on my DNS setup to match what I have on directNIC, the settings refresh and the name of the server pops back up.

On the NS tab on my DNS setup, I tried to only list the two servers that are listed on directNIC but as with the SOA record, it refreshes back and the name of my server pops back into the NS list.

Do you know why it says that my web server is not responding?

Thank you very much for your help!
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11801927
NAPSR,
You should make sure that your ISP's nameservers are consistent.  Inconsistencies in DNS is the cause of more problems than I care to recount!

Sorry, but I'm running out of ideas on the SOA thing.
I'm guessing that Windows is trying to be clever and putting it's own details in.  Unfortunately I don't know how to stop it :-(

I don't know why checkdns shows your web server as not responding.  Dnsreport has no problem with it, and I can access it from here.

Checkdns shows a timeout when trying to access the page, so perhaps it's just being impatient?
I suggest that you try one of the hundreds of website performance testing websites - http://www.google.co.uk/search?sourceid=navclient&ie=UTF-8&q=website+performance should point you in the right direction.

So, the only outstanding issue is that your ISPs name server is not acting authoritatively - I think you might need to talk to them again.

Scamp


0
 
LVL 3

Expert Comment

by:joelleo
ID: 11827327
A few things:

1) If DNS is acting strange and/or records aren't set right you need to talk to whoever is authoritative for your dns domain - this might not be your isp. Your registrar (register.com etc) would be the initial point with whom you registered your domain name and who had initial control over DNS configuration, so you may want to check with your registrar to determine which dns servers are _marked_ as being authoritative for your domain, then check with the manager of those dns servers to determine whether or not there's a further issue with who serves what function from the DNS perspective, primary and secondary DNS in particular. Once you've determined which dns servers are supposed to handle your domain, sanity check those dns servers (one primary dns server, proper records etc.)

EDIT:
Right off the bat, you've got big DNS issues:

=====
Domain Name: METROHOSTINGSERVICES.COM

Domain servers in listed order:
      NS0.DIRECTNIC.COM      204.251.10.100
      NS1.DIRECTNIC.COM      206.251.177.2
=====
Those are the DNS servers that the world sees as authoritative for your DNS domain. You absolutely NEED to make all of your changes at NS0.DIRECTNIC.COM, otherwise those changes will not propagate to anyone but whoever uses your current Windows 2003 DNS server. If you want to manage your own DNS, you need to work that out with DirectNIC because your DNS domain, at this point in time, is still 100% managed by them. You can go no further as far as managing your world DNS until you change the authoritative DNS servers to your own. #2 is almost irrelevant because the noted authoritative zone isn't actually authoritative (hostserver.metrohostingservices.com.)

2) Based on this (your initial post of your exported dns database:)
=====
Name     Type     Data
1. (same as parent folder)     Start of Authority (SOA)     [26], hostserver.metrohostingservices.com., hostmaster.metrohostingservices.com.
2. (same as parent folder)     Name Server (NS)     alpha.birch.net.
3. (same as parent folder)     Name Server (NS)     hostserver.metrohostingservices.com.
4. (same as parent folder)     Host (A)     192.168.1.21
hostserver     Mail Exchanger (MX)     [10]  hostserver.metrohostingservices.com.
5. mail     Host (A)     216.212.58.178
6. www     Host (A)     216.212.58.178
7. www     Mail Exchanger (MX)     [10]  hostserver.metrohostingservices.com.
=====

your MX records will all fail to resolve because there's no host record for 'hostserver,' beyond the fact the MX records themselves are busted. Four things need to be done to resolve this:

1) Add a host record for hostserver that points to 216.212.58.178 (hostserver IN A 216.212.58.178)
2) Delete the 'www Mail Exchanger (MX) blahblah' record - it's incorrect and irrelevant
3) Delete the 'hostserver Mail Exchanger (MX) blah blah' record it is also incorrect and irrelevant.
4) Add a new MX record _DO_NOT_SPECIFY_THE_DOMAIN_ - it will automatically choose the root domain (same as parent folder) - point this new MX record to hostserver.metrohostingservices.com.

DNS propagation delay shouldn't be an issue because you didn't have a previous root MX record - it should be immediately available to dns resolvers.

Good luck and hope this helps.

Joel
0
 

Author Comment

by:NAPSR
ID: 11831434
Hi Joel,

Thank you for the advice.  I actually got the DNS issue resolved by talking to my ISP and also with the help of "scampgb" above.  Thank you for taking the time to write the solution above.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11831658
Hi Napsr.
Thanks for the "A".  Glad that you've got it sorted :-)
0
 

Author Comment

by:NAPSR
ID: 11833393
scampgb,

Can I ask you one more question?  Ever since I am hosting my own DNS, people using bellsouth internet services cannot access my site.  I can't even find a bellsouth tech support number to contact them.  Any suggestions why this might be happening.

Thanks
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11833594
There are a number of possible reasons, but can I suggest that you post that as another question?

I'm just concerned that this one is getting quite long, and as it's now a PAQ other people won't be able to see it.

Ta!
0
 

Author Comment

by:NAPSR
ID: 11833842
ok..i just posted it.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now